# Trojan.Agent.H + plenty more



## bsacco (Jun 12, 2003)

I went to a site called Ufonts and downloaded a font.

The problem was that the option had this check box that I didn't see that said "Use our installer"

Well anyhow, Malwarebytes caught the following:

PUP.Offerware
PUP.Offerware
Trojan.Agent.H
Adware.Dropper

So, I immediately removed all quaranteed items then updated and ran Malwarebytes again. THen ran Microsoft essential. THen ran AntiSpyware. Then ran Eset online free scanner. Nothing more was found.

THen I restarted. All the sudden a program called NCDownloader appeared magically on my desktop. I immediately went to control panel and removed it.

I was very scared that my PC now has been infected with crap that is hidden. How can i be sure I've got all the bad stuff off my PC.

PC - running Windows XP Pro
E8200 @ 2.66Ghz
2.66 Ghz - .325 GB of RAM
Service pack 3


----------



## Cookiegal (Aug 27, 2003)

Please post the log from MalwareBytes so I can see what was removed.

Then, please do the following:

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created n your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## bsacco (Jun 12, 2003)

LOG FILE(S) FROM MALWAREBYTES:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4116

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/18/2010 11:04:36 PM
mbam-log-2010-05-18 (23-04-36).txt

Scan type: Quick scan
Objects scanned: 139803
Time elapsed: 12 minute(s), 27 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 6

Memory Processes Infected:
C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\autoexec.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

---------------------------------------------------

Malwarebytes' Anti-Malware 1.44
Database version: 3826
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/5/2010 9:52:40 AM
mbam-log-2010-03-05 (09-52-40).txt

Scan type: Quick Scan
Objects scanned: 136844
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------


----------



## bsacco (Jun 12, 2003)

DDS LOG FILE:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/20/2008 10:20:07 AM
System Uptime: 2/8/2013 8:14:20 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0GM819
Processor: Intel Pentium III Xeon processor | CPU | 2659/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 119.949 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
M: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
T: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
U: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
V: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
W: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
X: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
Y: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 2/7/2013 9:38:42 AM - System Checkpoint
RP2: 2/7/2013 2:28:34 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Ace Utilities
Add or Remove Adobe Creative Suite 3 Design Premium
Addictive Drums
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 11.6
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR} 
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIO_Scan
Airfoil
Amazon MP3 Downloader 1.0.17
AMD Catalyst Install Manager
Any Video Converter 3.2.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASAP Utilities
ATI Catalyst Control Center
Audacity 2.0
Belarc Advisor 8.3
Bonjour
BrowseToSave 1.74
BufferChm
Cakewalk Audio FX Pack 2
Cakewalk Audio FX Pack 3
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.1
Canon MX870 series MP Drivers
Canon MX870 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CDBurnerXP
Costco Photo Organizer
Data Lifeguard Diagnostic for Windows 1.24
Dell Resource CD
Dropbox
Duplicate Music Files Finder 1.5.5
ESET Online Scanner v3
Fast Duplicate File Finder 2.0.0.1
FFmpeg for Audacity on Windows
File Renamer - Basic
FileZilla Client 3.2.4.1
FlipShare
Foxit Reader
Free Video Dub version 2.0.3.1228
FreeRIP v3.6
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
GoToMeeting 5.2.0.952
HiJackThis
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP MediaSmart Server 3.0 Update 1
HP Update
Intel(R) PRO Network Connections Drivers
Intel® Active Management Technology
Intel® Management Engine Interface
iPhone Configuration Utility
iTunes
iTunes Library Updater
Java 7 Update 13
Java Auto Updater
Java(TM) 6 Update 31
JavaFX 2.1.1
Jing
join.me
LADSPA_plugins-win-0.4.15
LAME v3.98.3 for Audacity
Line 6 Uninstaller
Magical Jelly Bean KeyFinder
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.70.0.1100
MediaMonkey 4.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Easy Assist v2
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft IntelliPoint 8.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC90_CRT_x86
MIDI-OX
MiniTool Power Data Recovery
MobileMe Control Panel
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.54
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Plugin 1.0
Native Instruments Guitar Rig 3
Native Instruments Service Center
neroxml
Ontrack EasyRecovery Professional
PDF Settings
PHOTOfunSTUDIO 8.1 PE
PHOTOfunSTUDIO HD Edition
Plex Media Server
PS_AIO_Software_min
QuickTime
ReaPlugs
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Similarity 1.1.0
SIW version 2011.10.29
Skype™ 6.0
SONAR 8.0 Producer Edition
Sound Blaster Audigy
SoundMAX
Spotify
SUPERAntiSpyware
swMSM
The KMPlayer (remove only)
Toolbox
Total Video Converter 3.71 100812
Tweakui Powertoy for Windows XP
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Virus Guard - powered by BitDefender
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 2.0.4
WD Diagnostics
WD Drive Manager (x86)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Home Server Connector
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles
Windows XP Service Pack 3
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Xobni
Xobni Core
.
==== Event Viewer Messages From Past Week ========
.
2/5/2013 2:23:11 AM, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================


----------



## bsacco (Jun 12, 2003)

DDS.txt LOG FILE:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2
Run by bsacco at 9:16:40 on 2013-02-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1751 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=webhp
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://outlookweb.invision.net/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - c:\program files\windows home server\WHSDeskBands.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {6576EBAA-B570-4345-98E4-96153C77CF24} - <orphaned>
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] "c:\documents and settings\administrator\local settings\application data\google\chrome\application\chrome.exe" --type=service
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\administrator\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~2.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: $talisma_url$
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} - hxxps://atlas.atlassolutions.com/dl/AtlasCtrl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358756641328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349385223937
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///D:/html/nafcom.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {ABC26C81-D7D5-4B0C-A764-95BD0622BB67} - hxxp://www.livehelper.com/download/NewRemoteHelp.cab
DPF: {B87A4DE2-57A3-41CA-8781-89D43EA6EEF4} - hxxp://videomessages.live.com/Portal/ClientBin/VCaptCtl.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{DDAF0FD6-A7E5-4EDC-A9CB-E63FE9565669} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
AppInit_DLLs= airfoilinject3.dll c:\progra~1\browse~1\sprote~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar_ff36.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - ExtSQL: 2013-01-21 00:20; [email protected]; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-15 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-18 682344]
R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-5-20 2521880]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2011-5-18 62184]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2012-5-7 45288]
R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [2012-4-3 583296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-18 21104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-2-8 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-10-7 44776]
S3 EVault InfoStage Agent;OSP EVault Agent;c:\program files\osp evault\agent\VVAgent.exe [2008-11-11 3223552]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-02-08 17:12:38	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-07 22:28:37	6991832	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98a07645-28bf-4a2a-bf3b-cc91d19b379b}\mpengine.dll
2013-02-07 22:24:41	--------	d-----w-	c:\documents and settings\administrator\application data\NCdownloader
2013-02-07 17:28:59	--------	d-----w-	c:\documents and settings\all users\application data\RightClick
2013-02-07 17:28:45	--------	d-----w-	c:\program files\BrowseToSave
2013-02-07 17:27:39	--------	d-----w-	c:\documents and settings\all users\application data\InstallMate
2013-02-06 15:23:19	6991832	------w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-02-05 15:52:47	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-04 21:49:31	--------	d-----w-	c:\windows\system32\winrm
2013-02-04 21:49:22	--------	dc-h--w-	c:\windows\$968930Uinstall_KB968930$
2013-02-04 21:49:09	--------	d-----w-	c:\documents and settings\administrator\application data\Windows Desktop Search
2013-02-02 22:05:19	--------	d-----w-	C:\PSTools
.
==================== Find3M ====================
.
2013-02-08 17:11:16	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-08 17:11:15	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-05 15:52:31	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-02-05 15:52:30	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-05 15:52:30	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-30 10:53:21	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-18 19:58:08	163584	----a-w-	c:\windows\system32\AirfoilInject3.dll
2012-12-16 12:23:59	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-15 00:49:28	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-29 20:24:27	60304	----a-w-	c:\documents and settings\administrator\g2mdlhlpx.exe
2012-11-18 22:21:20	121254	----a-w-	c:\windows\File Renamer - Basic Uninstaller.exe
2012-11-13 01:25:12	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-10-15 21:57:23	22657136	----a-w-	c:\program files\vlc-2.0.2-win32.exe
.
============= FINISH: 9:22:58.54 ===============


----------



## Cookiegal (Aug 27, 2003)

I assume you're still running GMER so I'll wait for that log.


----------



## bsacco (Jun 12, 2003)

Yes, I'm running GMER but its taking forever....

Your instructions are kind of confusing:

"If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C)."

I unchecked IAT/EAT as instructed above then unchecked everything BUT the "C" drive. But when I hit the SCAN button nothing happened. It wouldn't run the scan. So i went back and selected all the rest of the checkboxes EXCEPT IAT/EAT and the scan is running now....but it's taking forever.

Please advise if i did the right thing.


----------



## Cookiegal (Aug 27, 2003)

You understood the instructions correctly.

It won't hurt to do the full scan, it will just a very long time.


----------



## bsacco (Jun 12, 2003)

OK, while it was running the GMER scan...I popped my head into my office to see how it was going and to my horror I found the blue screen of death.

STOP: c000021a Fatal System Error

I shut the PC down. And restarted it. It immediately is now running a CHKDSK routine. Please advise.


----------



## Cookiegal (Aug 27, 2003)

When chkdsk has finished please post the report.

To view results log:

Go to *Start *- *Run *and type in *eventvwr.msc*, and hit enter.
When Event Viewer opens, click on "Application", then scroll down to "Winlogon" and double-click on it to open it up. This is the log created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.

Then also please do this:

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## bsacco (Jun 12, 2003)

winlogon results:

Event Type:	Information
Event Source:	Winlogon
Event Category:	None
Event ID:	1001
Date: 2/8/2013
Time: 4:05:09 PM
User: N/A
Computer:	BS-TOWER
Description:
Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk. 
Cleaning up instance tags for file 0x491a9.
Cleaning up minor inconsistencies on the drive.
Cleaning up 93 unused index entries from index $SII of file 0x9.
Cleaning up 93 unused index entries from index $SDH of file 0x9.
Cleaning up 93 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

244059479 KB total disk space.
117372976 KB in 299451 files.
169592 KB in 115335 indexes.
0 KB in bad sectors.
679219 KB in use by the system.
65536 KB occupied by the log file.
125837692 KB available on disk.

4096 bytes in each allocation unit.
61014869 total allocation units on disk.
31459423 allocation units available on disk.

Internal Info:
b0 80 06 00 4d 54 06 00 8e 41 0a 00 00 00 00 00 ....MT...A......
27 56 00 00 04 00 00 00 3a 05 00 00 00 00 00 00 'V......:.......
32 97 39 25 00 00 00 00 d2 73 0d 47 01 00 00 00 2.9%.....s.G....
ce b3 7c 42 00 00 00 00 00 00 00 00 00 00 00 00 ..|B............
00 00 00 00 00 00 00 00 e8 fc 83 b8 01 00 00 00 ................
30 d6 8c 9e 00 00 00 00 80 38 07 00 bb 91 04 00 0........8......
00 00 00 00 00 c0 e0 fb 1b 00 00 00 87 c2 01 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## bsacco (Jun 12, 2003)

TDSS Killer log file:

16:33:57.0265 4184 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:33:57.0796 4184 ============================================================
16:33:57.0796 4184 Current date / time: 2013/02/08 16:33:57.0796
16:33:57.0796 4184 SystemInfo:
16:33:57.0796 4184 
16:33:57.0796 4184 OS Version: 5.1.2600 ServicePack: 3.0
16:33:57.0796 4184 Product type: Workstation
16:33:57.0796 4184 ComputerName: BS-TOWER
16:33:57.0796 4184 UserName: bsacco
16:33:57.0796 4184 Windows directory: C:\WINDOWS
16:33:57.0796 4184 System windows directory: C:\WINDOWS
16:33:57.0796 4184 Processor architecture: Intel x86
16:33:57.0796 4184 Number of processors: 2
16:33:57.0796 4184 Page size: 0x1000
16:33:57.0796 4184 Boot type: Normal boot
16:33:57.0796 4184 ============================================================
16:33:58.0625 4184 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:33:58.0703 4184 ============================================================
16:33:58.0703 4184 \Device\Harddisk0\DR0:
16:33:58.0718 4184 MBR partitions:
16:33:58.0718 4184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x1D181AB0
16:33:58.0718 4184 ============================================================
16:33:58.0828 4184 C: <-> \Device\Harddisk0\DR0\Partition1
16:33:58.0828 4184 ============================================================
16:33:58.0828 4184 Initialize success
16:33:58.0828 4184 ============================================================
16:34:22.0015 5528 ============================================================
16:34:22.0015 5528 Scan started
16:34:22.0015 5528 Mode: Manual; 
16:34:22.0015 5528 ============================================================
16:34:22.0265 5528 ================ Scan system memory ========================
16:34:22.0265 5528 System memory - ok
16:34:22.0265 5528 ================ Scan services =============================
16:34:22.0390 5528 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:34:22.0390 5528 !SASCORE - ok
16:34:22.0484 5528 Abiosdsk - ok
16:34:22.0484 5528 abp480n5 - ok
16:34:22.0531 5528 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:34:22.0546 5528 ACPI - ok
16:34:22.0578 5528 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:34:22.0578 5528 ACPIEC - ok
16:34:22.0609 5528 [ DE25FC7DE3A464E455C0D0012757B0AC ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
16:34:22.0609 5528 ADIHdAudAddService - ok
16:34:22.0671 5528 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
16:34:22.0671 5528 Adobe Version Cue CS3 - ok
16:34:22.0734 5528 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:34:22.0734 5528 AdobeFlashPlayerUpdateSvc - ok
16:34:22.0734 5528 adpu160m - ok
16:34:22.0750 5528 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:34:22.0765 5528 aec - ok
16:34:22.0796 5528 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
16:34:22.0796 5528 Afc - ok
16:34:22.0843 5528 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:34:22.0843 5528 AFD - ok
16:34:22.0843 5528 Aha154x - ok
16:34:22.0843 5528 aic78u2 - ok
16:34:22.0843 5528 aic78xx - ok
16:34:22.0875 5528 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:34:22.0875 5528 Alerter - ok
16:34:22.0906 5528 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:34:22.0906 5528 ALG - ok
16:34:22.0906 5528 AliIde - ok
16:34:22.0906 5528 amsint - ok
16:34:23.0000 5528 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:34:23.0000 5528 Apple Mobile Device - ok
16:34:23.0031 5528 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:34:23.0031 5528 AppMgmt - ok
16:34:23.0031 5528 asc - ok
16:34:23.0031 5528 asc3350p - ok
16:34:23.0046 5528 asc3550 - ok
16:34:23.0156 5528 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:34:23.0171 5528 aspnet_state - ok
16:34:23.0218 5528 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:34:23.0218 5528 AsyncMac - ok
16:34:23.0234 5528 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:34:23.0234 5528 atapi - ok
16:34:23.0328 5528 [ EECC1D40AA10F85126708796ABA1E7D5 ] atchksrv C:\Program Files\Intel\AMT\atchksrv.exe
16:34:23.0328 5528 atchksrv - ok
16:34:23.0328 5528 Atdisk - ok
16:34:23.0375 5528 [ 6A9420C302E3ABF99B58426FBA694C51 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:34:23.0390 5528 Ati HotKey Poller - ok
16:34:23.0437 5528 [ AF33838A8D5198C12CF06D693F4DEE0C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
16:34:23.0437 5528 ATI Smart - ok
16:34:23.0593 5528 [ 011388DDC5B83EF4A0B2B829735C646F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:34:23.0640 5528 ati2mtag - ok
16:34:23.0656 5528 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:34:23.0656 5528 Atmarpc - ok
16:34:23.0703 5528 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:34:23.0703 5528 AudioSrv - ok
16:34:23.0734 5528 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:34:23.0734 5528 audstub - ok
16:34:23.0781 5528 [ 22F769C67CB88EF32A985132041A6169 ] BackupReader C:\WINDOWS\system32\DRIVERS\BackupReader.sys
16:34:23.0781 5528 BackupReader - ok
16:34:23.0812 5528 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
16:34:23.0812 5528 BANTExt - ok
16:34:23.0859 5528 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:34:23.0859 5528 Beep - ok
16:34:23.0890 5528 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
16:34:23.0890 5528 bgsvcgen - ok
16:34:23.0937 5528 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:34:23.0968 5528 BITS - ok
16:34:24.0031 5528 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:34:24.0046 5528 Bonjour Service - ok
16:34:24.0078 5528 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:34:24.0078 5528 Browser - ok
16:34:24.0109 5528 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
16:34:24.0109 5528 BVRPMPR5 - ok
16:34:24.0125 5528 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:34:24.0125 5528 cbidf2k - ok
16:34:24.0171 5528 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:34:24.0171 5528 CCDECODE - ok
16:34:24.0171 5528 cd20xrnt - ok
16:34:24.0234 5528 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:34:24.0234 5528 Cdaudio - ok
16:34:24.0281 5528 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:34:24.0281 5528 Cdfs - ok
16:34:24.0328 5528 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
16:34:24.0328 5528 cdrbsdrv - ok
16:34:24.0328 5528 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:34:24.0328 5528 Cdrom - ok
16:34:24.0359 5528 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
16:34:24.0359 5528 cercsr6 - ok
16:34:24.0359 5528 Changer - ok
16:34:24.0390 5528 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:34:24.0390 5528 CiSvc - ok
16:34:24.0421 5528 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:34:24.0421 5528 ClipSrv - ok
16:34:24.0500 5528 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:34:24.0500 5528 clr_optimization_v2.0.50727_32 - ok
16:34:24.0546 5528 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:34:24.0656 5528 clr_optimization_v4.0.30319_32 - ok
16:34:24.0656 5528 CmdIde - ok
16:34:24.0671 5528 COMSysApp - ok
16:34:24.0671 5528 Cpqarray - ok
16:34:24.0671 5528 Crypkey License - ok
16:34:24.0718 5528 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:34:24.0718 5528 CryptSvc - ok
16:34:24.0750 5528 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
16:34:24.0750 5528 ctsfm2k - ok
16:34:24.0750 5528 dac2w2k - ok
16:34:24.0765 5528 dac960nt - ok
16:34:24.0812 5528 [ CA812B19C0E2BC044214AD3F6436E730 ] dc3d C:\WINDOWS\system32\DRIVERS\dc3d.sys
16:34:24.0812 5528 dc3d - ok
16:34:24.0859 5528 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:34:24.0859 5528 DcomLaunch - ok
16:34:24.0921 5528 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:34:24.0921 5528 Dhcp - ok
16:34:24.0921 5528 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:34:24.0921 5528 Disk - ok
16:34:24.0921 5528 dmadmin - ok
16:34:24.0968 5528 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:34:24.0968 5528 dmboot - ok
16:34:25.0000 5528 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:34:25.0000 5528 dmio - ok
16:34:25.0046 5528 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:34:25.0046 5528 dmload - ok
16:34:25.0078 5528 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:34:25.0093 5528 dmserver - ok
16:34:25.0093 5528 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:34:25.0093 5528 DMusic - ok
16:34:25.0140 5528 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:34:25.0140 5528 Dnscache - ok
16:34:25.0171 5528 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:34:25.0171 5528 Dot3svc - ok
16:34:25.0171 5528 dpti2o - ok
16:34:25.0187 5528 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:34:25.0187 5528 drmkaud - ok
16:34:25.0218 5528 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:34:25.0218 5528 e1express - ok
16:34:25.0250 5528 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:34:25.0250 5528 EapHost - ok
16:34:25.0265 5528 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:34:25.0265 5528 ERSvc - ok
16:34:25.0375 5528 [ 812C794F71715AE088DBCCDEA5C5B02B ] EVault InfoStage Agent C:\Program Files\OSP EVault\Agent\VVAgent.exe
16:34:26.0843 5528 EVault InfoStage Agent - ok
16:34:26.0875 5528 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:34:26.0875 5528 Eventlog - ok
16:34:26.0921 5528 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:34:26.0921 5528 EventSystem - ok
16:34:26.0968 5528 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:34:26.0968 5528 Fastfat - ok
16:34:27.0015 5528 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:34:27.0015 5528 FastUserSwitchingCompatibility - ok
16:34:27.0031 5528 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:34:27.0031 5528 Fdc - ok
16:34:27.0031 5528 FilterService - ok
16:34:27.0031 5528 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:34:27.0031 5528 Fips - ok
16:34:27.0093 5528 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:34:27.0093 5528 FLEXnet Licensing Service - ok
16:34:27.0171 5528 [ 1C8401072E39784CDA54E1BA8D8EE845 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
16:34:27.0281 5528 FlipShare Service - ok
16:34:27.0312 5528 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:34:27.0312 5528 Flpydisk - ok
16:34:27.0359 5528 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:34:27.0359 5528 FltMgr - ok
16:34:27.0453 5528 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:34:27.0453 5528 FontCache3.0.0.0 - ok
16:34:27.0453 5528 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:34:27.0453 5528 Fs_Rec - ok
16:34:27.0453 5528 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:34:27.0453 5528 Ftdisk - ok
16:34:27.0500 5528 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:34:27.0500 5528 GEARAspiWDM - ok
16:34:27.0578 5528 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
16:34:27.0578 5528 GoToAssist - ok
16:34:27.0625 5528 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:34:27.0625 5528 Gpc - ok
16:34:27.0703 5528 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:34:27.0703 5528 gupdate - ok
16:34:27.0703 5528 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:34:27.0718 5528 gupdatem - ok
16:34:27.0765 5528 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:34:27.0765 5528 HDAudBus - ok
16:34:27.0812 5528 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
16:34:27.0812 5528 HECI - ok
16:34:27.0890 5528 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:34:27.0890 5528 helpsvc - ok
16:34:27.0937 5528 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:34:27.0953 5528 HidServ - ok
16:34:27.0953 5528 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:34:27.0953 5528 hidusb - ok
16:34:27.0984 5528 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:34:27.0984 5528 hkmsvc - ok
16:34:28.0031 5528 [ 4092496C2E1B1438665B086548512B13 ] HPMSSConnectorSvc C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
16:34:28.0078 5528 HPMSSConnectorSvc - ok
16:34:28.0078 5528 hpn - ok
16:34:28.0109 5528 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:34:28.0109 5528 HPZid412 - ok
16:34:28.0109 5528 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:34:28.0109 5528 HPZipr12 - ok
16:34:28.0125 5528 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:34:28.0125 5528 HPZius12 - ok
16:34:28.0171 5528 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:34:28.0171 5528 HTTP - ok
16:34:28.0187 5528 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:34:28.0187 5528 HTTPFilter - ok
16:34:28.0187 5528 i2omgmt - ok
16:34:28.0203 5528 i2omp - ok
16:34:28.0234 5528 [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:34:28.0234 5528 iastor - ok
16:34:28.0296 5528 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:34:28.0437 5528 idsvc - ok
16:34:28.0484 5528 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:34:28.0484 5528 Imapi - ok
16:34:28.0546 5528 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:34:28.0546 5528 ImapiService - ok
16:34:28.0546 5528 ini910u - ok
16:34:28.0546 5528 IntelIde - ok
16:34:28.0593 5528 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:34:28.0593 5528 intelppm - ok
16:34:28.0625 5528 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:34:28.0625 5528 Ip6Fw - ok
16:34:28.0656 5528 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:34:28.0656 5528 IpFilterDriver - ok
16:34:28.0671 5528 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:34:28.0671 5528 IpInIp - ok
16:34:28.0703 5528 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:34:28.0703 5528 IpNat - ok
16:34:28.0765 5528 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:34:28.0765 5528 iPod Service - ok
16:34:28.0781 5528 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:34:28.0781 5528 IPSec - ok
16:34:28.0812 5528 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:34:28.0812 5528 IRENUM - ok
16:34:28.0843 5528 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:34:28.0843 5528 isapnp - ok
16:34:28.0984 5528 [ CC54FD59486BEF7CE70275FAC2FD9D34 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:34:28.0984 5528 JavaQuickStarterService - ok
16:34:28.0984 5528 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:34:28.0984 5528 Kbdclass - ok
16:34:28.0984 5528 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:34:29.0000 5528 kbdhid - ok
16:34:29.0000 5528 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:34:29.0000 5528 kmixer - ok
16:34:29.0046 5528 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:34:29.0046 5528 KSecDD - ok
16:34:29.0093 5528 [ 8142AFBFA731ED939E506301425A2BB2 ] L6TPortB C:\WINDOWS\system32\Drivers\L6TPortB.sys
16:34:29.0109 5528 L6TPortB - ok
16:34:29.0140 5528 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:34:29.0140 5528 lanmanserver - ok
16:34:29.0203 5528 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:34:29.0218 5528 lanmanworkstation - ok
16:34:29.0218 5528 lbrtfdc - ok
16:34:29.0265 5528 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:34:29.0265 5528 LmHosts - ok
16:34:29.0265 5528 [ C518D248041C259FCFA7175C866915C3 ] LMS C:\Program Files\Intel\AMT\LMS.exe
16:34:29.0265 5528 LMS - ok
16:34:29.0265 5528 lvpopflt - ok
16:34:29.0265 5528 LVUSBSta - ok
16:34:29.0265 5528 LVUVC - ok
16:34:29.0312 5528 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
16:34:29.0312 5528 MBAMProtector - ok
16:34:29.0406 5528 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:34:29.0421 5528 MBAMScheduler - ok
16:34:29.0468 5528 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService  C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:34:29.0468 5528 MBAMService - ok
16:34:29.0546 5528 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
16:34:29.0640 5528 McciCMService - ok
16:34:29.0687 5528 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys
16:34:29.0687 5528 mcdbus - ok
16:34:29.0734 5528 [ 75E31D760FF9A57DA66CB2E336C40316 ] MediaCollectorService C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
16:34:29.0750 5528 MediaCollectorService - ok
16:34:29.0781 5528 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:34:29.0781 5528 Messenger - ok
16:34:29.0812 5528 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:34:29.0812 5528 mnmdd - ok
16:34:29.0859 5528 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:34:29.0859 5528 mnmsrvc - ok
16:34:29.0875 5528 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:34:29.0875 5528 Modem - ok
16:34:29.0890 5528 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:34:29.0890 5528 Mouclass - ok
16:34:29.0937 5528 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:34:29.0937 5528 mouhid - ok
16:34:29.0953 5528 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:34:29.0953 5528 MountMgr - ok
16:34:30.0000 5528 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:34:30.0000 5528 MozillaMaintenance - ok
16:34:30.0046 5528 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:34:30.0046 5528 MpFilter - ok
16:34:30.0218 5528 [ A69630D039C38018689190234F866D77 ] MpKsl26e5846d c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E3C6135-A18C-4A7B-A630-B70D7237866C}\MpKsl26e5846d.sys
16:34:30.0218 5528 MpKsl26e5846d - ok
16:34:30.0218 5528 mraid35x - ok
16:34:30.0234 5528 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
16:34:30.0234 5528 MREMP50 - ok
16:34:30.0234 5528 MREMPR5 - ok
16:34:30.0250 5528 MRENDIS5 - ok
16:34:30.0250 5528 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
16:34:30.0250 5528 MRESP50 - ok
16:34:30.0250 5528 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:34:30.0250 5528 MRxDAV - ok
16:34:30.0296 5528 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:34:30.0296 5528 MRxSmb - ok
16:34:30.0343 5528 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:34:30.0343 5528 MSDTC - ok
16:34:30.0359 5528 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:34:30.0359 5528 Msfs - ok
16:34:30.0359 5528 MSIServer - ok
16:34:30.0406 5528 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:34:30.0406 5528 MSKSSRV - ok
16:34:30.0468 5528 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:34:30.0468 5528 MsMpSvc - ok
16:34:30.0484 5528 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:34:30.0484 5528 MSPCLOCK - ok
16:34:30.0500 5528 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:34:30.0500 5528 MSPQM - ok
16:34:30.0515 5528 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:34:30.0515 5528 mssmbios - ok
16:34:30.0562 5528 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:34:30.0562 5528 MSTEE - ok
16:34:30.0593 5528 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:34:30.0593 5528 Mup - ok
16:34:30.0625 5528 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:34:30.0625 5528 NABTSFEC - ok
16:34:30.0656 5528 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:34:30.0656 5528 napagent - ok
16:34:30.0687 5528 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:34:30.0687 5528 NDIS - ok
16:34:30.0703 5528 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:34:30.0703 5528 NdisIP - ok
16:34:30.0734 5528 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:34:30.0734 5528 NdisTapi - ok
16:34:30.0781 5528 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:34:30.0781 5528 Ndisuio - ok
16:34:30.0781 5528 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:34:30.0781 5528 NdisWan - ok
16:34:30.0828 5528 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:34:30.0828 5528 NDProxy - ok
16:34:30.0875 5528 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
16:34:30.0875 5528 Net Driver HPZ12 - ok
16:34:30.0921 5528 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:34:30.0921 5528 NetBIOS - ok
16:34:30.0921 5528 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:34:30.0921 5528 NetBT - ok
16:34:30.0968 5528 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:34:31.0015 5528 NetDDE - ok
16:34:31.0015 5528 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:34:31.0015 5528 NetDDEdsdm - ok
16:34:31.0046 5528 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:34:31.0062 5528 Netlogon - ok
16:34:31.0062 5528 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:34:31.0062 5528 Netman - ok
16:34:31.0093 5528 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:34:31.0109 5528 NetTcpPortSharing - ok
16:34:31.0156 5528 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
16:34:31.0156 5528 NetworkX - ok
16:34:31.0203 5528 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:34:31.0203 5528 Nla - ok
16:34:31.0265 5528 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
16:34:31.0265 5528 NMSAccess - ok
16:34:31.0312 5528 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:34:31.0312 5528 Npfs - ok
16:34:31.0328 5528 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:34:31.0328 5528 Ntfs - ok
16:34:31.0375 5528 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:34:31.0375 5528 NtLmSsp - ok
16:34:31.0406 5528 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:34:31.0406 5528 NtmsSvc - ok
16:34:31.0453 5528 [ 37BE10FF10A92031FC5A01E8363925CC ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
16:34:31.0453 5528 NuidFltr - ok
16:34:31.0453 5528 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:34:31.0453 5528 Null - ok
16:34:31.0484 5528 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:34:31.0484 5528 NwlnkFlt - ok
16:34:31.0500 5528 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:34:31.0500 5528 NwlnkFwd - ok
16:34:31.0609 5528 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:34:31.0609 5528 odserv - ok
16:34:31.0656 5528 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:34:31.0656 5528 ose - ok
16:34:31.0703 5528 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
16:34:31.0703 5528 ossrv - ok
16:34:31.0734 5528 [ DF886FFED69AEAD0CF608B89B18C3F6F ] P17 C:\WINDOWS\system32\drivers\P17.sys
16:34:31.0734 5528 P17 - ok
16:34:31.0781 5528 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:34:31.0781 5528 Parport - ok
16:34:31.0781 5528 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:34:31.0781 5528 PartMgr - ok
16:34:31.0828 5528 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:34:31.0828 5528 ParVdm - ok
16:34:31.0828 5528 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:34:31.0828 5528 PCI - ok
16:34:31.0828 5528 PCIDump - ok
16:34:31.0843 5528 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:34:31.0843 5528 PCIIde - ok
16:34:31.0859 5528 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:34:31.0859 5528 Pcmcia - ok
16:34:31.0875 5528 PDCOMP - ok
16:34:31.0875 5528 PDFRAME - ok
16:34:31.0875 5528 PDRELI - ok
16:34:31.0875 5528 PDRFRAME - ok
16:34:31.0875 5528 perc2 - ok
16:34:31.0875 5528 perc2hib - ok
16:34:31.0890 5528 [ D1779C14ABB7992F5C20C262BA5C7AF2 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
16:34:31.0890 5528 pfc - ok
16:34:31.0921 5528 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:34:31.0921 5528 PlugPlay - ok
16:34:31.0937 5528 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
16:34:31.0937 5528 Pml Driver HPZ12 - ok
16:34:31.0968 5528 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
16:34:31.0968 5528 Point32 - ok
16:34:31.0968 5528 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:34:31.0968 5528 PolicyAgent - ok
16:34:31.0984 5528 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:34:31.0984 5528 PptpMiniport - ok
16:34:31.0984 5528 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:34:31.0984 5528 ProtectedStorage - ok
16:34:31.0984 5528 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:34:31.0984 5528 PSched - ok
16:34:31.0984 5528 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:34:31.0984 5528 Ptilink - ok
16:34:31.0984 5528 ql1080 - ok
16:34:32.0000 5528 Ql10wnt - ok
16:34:32.0000 5528 ql12160 - ok
16:34:32.0000 5528 ql1240 - ok
16:34:32.0000 5528 ql1280 - ok
16:34:32.0046 5528 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:34:32.0046 5528 RasAcd - ok
16:34:32.0078 5528 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:34:32.0078 5528 RasAuto - ok
16:34:32.0109 5528 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:34:32.0109 5528 Rasl2tp - ok
16:34:32.0156 5528 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:34:32.0156 5528 RasMan - ok
16:34:32.0156 5528 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:34:32.0156 5528 RasPppoe - ok
16:34:32.0156 5528 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:34:32.0156 5528 Raspti - ok
16:34:32.0171 5528 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:34:32.0171 5528 Rdbss - ok
16:34:32.0171 5528 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:34:32.0171 5528 RDPCDD - ok
16:34:32.0187 5528 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:34:32.0187 5528 rdpdr - ok
16:34:32.0234 5528 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:34:32.0234 5528 RDPWD - ok
16:34:32.0265 5528 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:34:32.0265 5528 RDSessMgr - ok
16:34:32.0296 5528 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:34:32.0312 5528 redbook - ok
16:34:32.0328 5528 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:34:32.0343 5528 RemoteAccess - ok
16:34:32.0359 5528 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:34:32.0359 5528 RemoteRegistry - ok
16:34:32.0390 5528 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:34:32.0390 5528 RpcLocator - ok
16:34:32.0421 5528 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:34:32.0421 5528 RpcSs - ok
16:34:32.0453 5528 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:34:32.0453 5528 RSVP - ok
16:34:32.0484 5528 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:34:32.0484 5528 SamSs - ok
16:34:32.0531 5528 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:34:32.0531 5528 SASDIFSV - ok
16:34:32.0562 5528 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:34:32.0562 5528 SASKUTIL - ok
16:34:32.0578 5528 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:34:32.0578 5528 SCardSvr - ok
16:34:32.0609 5528 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:34:32.0625 5528 Schedule - ok
16:34:32.0640 5528 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:34:32.0640 5528 Secdrv - ok
16:34:32.0671 5528 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:34:32.0671 5528 seclogon - ok
16:34:32.0734 5528 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
16:34:32.0734 5528 SenFiltService - ok
16:34:32.0734 5528 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:34:32.0734 5528 SENS - ok
16:34:32.0750 5528 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:34:32.0750 5528 serenum - ok
16:34:32.0750 5528 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:34:32.0750 5528 Serial - ok
16:34:32.0765 5528 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:34:32.0765 5528 Sfloppy - ok
16:34:32.0812 5528 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:34:32.0828 5528 SharedAccess - ok
16:34:32.0828 5528 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:34:32.0828 5528 ShellHWDetection - ok
16:34:32.0828 5528 Simbad - ok
16:34:32.0890 5528 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:34:32.0890 5528 SkypeUpdate - ok
16:34:32.0937 5528 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:34:32.0937 5528 SLIP - ok
16:34:32.0937 5528 Sparrow - ok
16:34:32.0968 5528 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:34:32.0968 5528 splitter - ok
16:34:33.0000 5528 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:34:33.0000 5528 Spooler - ok
16:34:33.0031 5528 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:34:33.0031 5528 sr - ok
16:34:33.0062 5528 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:34:33.0062 5528 srservice - ok
16:34:33.0109 5528 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:34:33.0109 5528 Srv - ok
16:34:33.0125 5528 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:34:33.0125 5528 SSDPSRV - ok
16:34:33.0156 5528 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
16:34:33.0156 5528 StarOpen - ok
16:34:33.0187 5528 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:34:33.0187 5528 stisvc - ok
16:34:33.0203 5528 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:34:33.0218 5528 streamip - ok
16:34:33.0250 5528 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:34:33.0250 5528 swenum - ok
16:34:33.0250 5528 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:34:33.0250 5528 swmidi - ok
16:34:33.0250 5528 SwPrv - ok
16:34:33.0265 5528 symc810 - ok
16:34:33.0265 5528 symc8xx - ok
16:34:33.0265 5528 sym_hi - ok
16:34:33.0265 5528 sym_u3 - ok
16:34:33.0328 5528 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:34:33.0328 5528 sysaudio - ok
16:34:33.0343 5528 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:34:33.0343 5528 SysmonLog - ok
16:34:33.0375 5528 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:34:33.0375 5528 TapiSrv - ok
16:34:33.0421 5528 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:34:33.0421 5528 Tcpip - ok
16:34:33.0453 5528 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:34:33.0453 5528 TDPIPE - ok
16:34:33.0453 5528 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:34:33.0453 5528 TDTCP - ok
16:34:33.0484 5528 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:34:33.0484 5528 TermDD - ok
16:34:33.0484 5528 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:34:33.0500 5528 TermService - ok
16:34:33.0500 5528 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:34:33.0515 5528 Themes - ok
16:34:33.0546 5528 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:34:33.0578 5528 TlntSvr - ok
16:34:33.0578 5528 TosIde - ok
16:34:33.0609 5528 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:34:33.0609 5528 TrkWks - ok
16:34:33.0640 5528 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:34:33.0640 5528 Udfs - ok
16:34:33.0640 5528 ultra - ok
16:34:33.0718 5528 [ 0558985BD646203DF5F36BF0FBD241A3 ] UNS C:\Program Files\Intel\AMT\UNS.exe
16:34:33.0718 5528 UNS - ok
16:34:33.0750 5528 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:34:33.0750 5528 Update - ok
16:34:33.0781 5528 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:34:33.0781 5528 upnphost - ok
16:34:33.0781 5528 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:34:33.0796 5528 UPS - ok
16:34:33.0828 5528 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
16:34:33.0828 5528 USBAAPL - ok
16:34:33.0859 5528 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:34:33.0859 5528 usbaudio - ok
16:34:33.0890 5528 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:34:33.0890 5528 usbccgp - ok
16:34:33.0937 5528 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:34:33.0937 5528 usbehci - ok
16:34:33.0953 5528 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:34:33.0953 5528 usbhub - ok
16:34:33.0953 5528 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:34:33.0953 5528 usbprint - ok
16:34:34.0000 5528 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:34:34.0000 5528 usbscan - ok
16:34:34.0031 5528 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:34:34.0031 5528 USBSTOR - ok
16:34:34.0031 5528 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:34:34.0031 5528 usbuhci - ok
16:34:34.0062 5528 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:34:34.0062 5528 VgaSave - ok
16:34:34.0062 5528 ViaIde - ok
16:34:34.0078 5528 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:34:34.0078 5528 VolSnap - ok
16:34:34.0125 5528 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:34:34.0125 5528 VSS - ok
16:34:34.0140 5528 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:34:34.0140 5528 W32Time - ok
16:34:34.0140 5528 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:34:34.0140 5528 Wanarp - ok
16:34:34.0234 5528 [ 78FAC39D52FD2FC169971986079270DA ] WDBtnMgrSvc.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
16:34:34.0250 5528 WDBtnMgrSvc.exe - ok
16:34:34.0312 5528 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:34:34.0312 5528 Wdf01000 - ok
16:34:34.0312 5528 WDICA - ok
16:34:34.0328 5528 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:34:34.0328 5528 wdmaud - ok
16:34:34.0375 5528 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:34:34.0375 5528 WebClient - ok
16:34:34.0437 5528 [ 9CBB79BF4786D141096FCDFB2B831690 ] WHSConnector C:\Program Files\Windows Home Server\WHSConnector.exe
16:34:34.0437 5528 WHSConnector - ok
16:34:34.0546 5528 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:34:34.0546 5528 winmgmt - ok
16:34:34.0593 5528 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
16:34:34.0687 5528 WinRM - ok
16:34:34.0718 5528 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:34:34.0718 5528 WmdmPmSN - ok
16:34:34.0765 5528 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:34:34.0781 5528 Wmi - ok
16:34:34.0812 5528 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:34:34.0812 5528 WmiApSrv - ok
16:34:34.0875 5528 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:34:35.0078 5528 WMPNetworkSvc - ok
16:34:35.0156 5528 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:34:35.0156 5528 WPFFontCache_v0400 - ok
16:34:35.0203 5528 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:34:35.0203 5528 wscsvc - ok
16:34:35.0203 5528 WSearch - ok
16:34:35.0250 5528 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:34:35.0250 5528 WSTCODEC - ok
16:34:35.0265 5528 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:34:35.0265 5528 wuauserv - ok
16:34:35.0296 5528 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:34:35.0296 5528 WudfPf - ok
16:34:35.0312 5528 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:34:35.0312 5528 WudfRd - ok
16:34:35.0312 5528 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:34:35.0328 5528 WudfSvc - ok
16:34:35.0359 5528 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:34:35.0375 5528 WZCSVC - ok
16:34:35.0421 5528 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
16:34:35.0421 5528 x10nets - ok
16:34:35.0437 5528 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:34:35.0453 5528 xmlprov - ok
16:34:35.0515 5528 [ 65DF135CBD6B061309D95B570B27FD10 ] XobniService C:\Program Files\Xobni\XobniService.exe
16:34:35.0531 5528 XobniService - ok
16:34:35.0531 5528 ================ Scan global ===============================
16:34:35.0578 5528 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:34:35.0625 5528 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:34:35.0640 5528 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:34:35.0656 5528 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:34:35.0656 5528 [Global] - ok
16:34:35.0656 5528 ================ Scan MBR ==================================
16:34:35.0671 5528 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:34:35.0843 5528 \Device\Harddisk0\DR0 - ok
16:34:35.0843 5528 ================ Scan VBR ==================================
16:34:35.0843 5528 [ 5B7CC66F48B49C97E9E48DCD09BF2C93 ] \Device\Harddisk0\DR0\Partition1
16:34:35.0843 5528 \Device\Harddisk0\DR0\Partition1 - ok
16:34:35.0843 5528 ============================================================
16:34:35.0843 5528 Scan finished
16:34:35.0843 5528 ============================================================
16:34:35.0859 5536 Detected object count: 0
16:34:35.0859 5536 Actual detected object count: 0


----------



## Cookiegal (Aug 27, 2003)

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## bsacco (Jun 12, 2003)

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-08 18:32:08
-----------------------------
18:32:08.765 OS Version: Windows 5.1.2600 Service Pack 3
18:32:08.765 Number of processors: 2 586 0x1706
18:32:08.765 ComputerName: BS-TOWER UserName: bsacco
18:32:09.937 Initialize success
18:34:32.796 AVAST engine defs: 13020801
18:35:03.734 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
18:36:23.562 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\Downloads\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

That's not a full log. It doesn't look like the tool ran properly. Can you try again please?


----------



## bsacco (Jun 12, 2003)

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-08 18:32:08
-----------------------------
18:32:08.765 OS Version: Windows 5.1.2600 Service Pack 3
18:32:08.765 Number of processors: 2 586 0x1706
18:32:08.765 ComputerName: BS-TOWER UserName: bsacco
18:32:09.937 Initialize success
18:34:32.796 AVAST engine defs: 13020801
18:35:03.734 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
18:36:23.562 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\Downloads\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-08 18:32:08
-----------------------------
18:32:08.765 OS Version: Windows 5.1.2600 Service Pack 3
18:32:08.765 Number of processors: 2 586 0x1706
18:32:08.765 ComputerName: BS-TOWER UserName: bsacco
18:32:09.937 Initialize success
18:34:32.796 AVAST engine defs: 13020801
18:35:03.734 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
18:36:23.562 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\Downloads\aswMBR.txt"
20:17:06.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:17:06.750 Disk 0 Vendor: ST325031 3.AD Size: 238418MB BusType: 3
20:17:06.781 Disk 0 MBR read successfully
20:17:06.781 Disk 0 MBR scan
20:17:06.812 Disk 0 Windows XP default MBR code
20:17:06.812 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
20:17:06.828 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238339 MB offset 144585
20:17:06.843 Disk 0 scanning sectors +488263545
20:17:06.921 Disk 0 scanning C:\WINDOWS\system32\drivers
20:17:23.359 Service scanning
20:17:40.484 Service MpKsl26e5846d c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E3C6135-A18C-4A7B-A630-B70D7237866C}\MpKsl26e5846d.sys **LOCKED** 32
20:17:56.109 Modules scanning
20:18:22.765 Disk 0 trace - called modules:
20:18:22.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
20:18:22.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b4b4ab8]
20:18:22.781 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b4b8030]
20:18:23.468 AVAST engine scan C:\WINDOWS
20:18:28.250 AVAST engine scan C:\WINDOWS\system32
20:22:17.875 AVAST engine scan C:\WINDOWS\system32\drivers
20:22:37.578 AVAST engine scan C:\Documents and Settings\Administrator
22:17:14.156 AVAST engine scan C:\Documents and Settings\All Users
22:37:25.593 Scan finished successfully
22:57:15.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\Downloads\MBR.dat"
22:57:15.218 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\Downloads\aswMBR.txt"


----------



## bsacco (Jun 12, 2003)

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-08 18:32:08
-----------------------------
18:32:08.765 OS Version: Windows 5.1.2600 Service Pack 3
18:32:08.765 Number of processors: 2 586 0x1706
18:32:08.765 ComputerName: BS-TOWER UserName: bsacco
18:32:09.937 Initialize success
18:34:32.796 AVAST engine defs: 13020801
18:35:03.734 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
18:36:23.562 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\Downloads\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-08 18:32:08
-----------------------------
18:32:08.765 OS Version: Windows 5.1.2600 Service Pack 3
18:32:08.765 Number of processors: 2 586 0x1706
18:32:08.765 ComputerName: BS-TOWER UserName: bsacco
18:32:09.937 Initialize success
18:34:32.796 AVAST engine defs: 13020801
18:35:03.734 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
18:36:23.562 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\Downloads\aswMBR.txt"
20:17:06.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:17:06.750 Disk 0 Vendor: ST325031 3.AD Size: 238418MB BusType: 3
20:17:06.781 Disk 0 MBR read successfully
20:17:06.781 Disk 0 MBR scan
20:17:06.812 Disk 0 Windows XP default MBR code
20:17:06.812 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
20:17:06.828 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238339 MB offset 144585
20:17:06.843 Disk 0 scanning sectors +488263545
20:17:06.921 Disk 0 scanning C:\WINDOWS\system32\drivers
20:17:23.359 Service scanning
20:17:40.484 Service MpKsl26e5846d c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E3C6135-A18C-4A7B-A630-B70D7237866C}\MpKsl26e5846d.sys **LOCKED** 32
20:17:56.109 Modules scanning
20:18:22.765 Disk 0 trace - called modules:
20:18:22.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
20:18:22.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b4b4ab8]
20:18:22.781 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b4b8030]
20:18:23.468 AVAST engine scan C:\WINDOWS
20:18:28.250 AVAST engine scan C:\WINDOWS\system32
20:22:17.875 AVAST engine scan C:\WINDOWS\system32\drivers
20:22:37.578 AVAST engine scan C:\Documents and Settings\Administrator
22:17:14.156 AVAST engine scan C:\Documents and Settings\All Users
22:37:25.593 Scan finished successfully
22:57:15.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\Downloads\MBR.dat"
22:57:15.218 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\Downloads\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

That looks good.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## bsacco (Jun 12, 2003)

FYI...I have the choice to run a QUICK SCAN or a scan for DRIVE C.

I'm running a quick scan first then I'll post it. Then I'll run a scan on Drive C and post that too.


----------



## Cookiegal (Aug 27, 2003)

bsacco said:


> FYI...I have the choice to run a QUICK SCAN or a scan for DRIVE C.
> 
> I'm running a quick scan first then I'll post it. Then I'll run a scan on Drive C and post that too.


You don't have those options with ComboFix. Are you referring to something else?


----------



## bsacco (Jun 12, 2003)

sorry I was talking about running the aswMBR scan . I assume that scan was OK. So, now I'm downloading combofix...


----------



## Cookiegal (Aug 27, 2003)

bsacco said:


> sorry I was talking about running the aswMBR scan . I assume that scan was OK. So, now I'm downloading combofix...


Yes, I did say that it looked good before posting the instructions for running ComboFix.


----------



## bsacco (Jun 12, 2003)

OK, I downloaded combfix, and renamed it puppy.exe...then ran it. Unfortunately, i left to run errands so I didn't see it complete. Though when I got back , my 9 year old daughter fired up my PC and was gaming on it....so i failed to see if there was a save as log file option. Does the program leave a log file on my hard drive somewhere so i can cut & paste it to you? Or do i have to run the puppy.exe file again? Please advise


----------



## Cookiegal (Aug 27, 2003)

The log should be here:

C:\combofix.txt


----------



## bsacco (Jun 12, 2003)

that is ...you mean...c:\puppy\ComboFix.txt....

ComboFix 13-02-07.02 - bsacco 02/09/2013 14:04:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2239 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\puppy.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\searchplugins\bing-zugo.xml
C:\Documents and Settings\Administrator\Application Data\PriceGong
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\1.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\4489.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\5221.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\6574.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\6864.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\7142.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\9702.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\9868.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\a.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\b.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\c.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\d.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\e.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\f.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\g.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\h.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\i.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\j.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\k.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\l.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\m.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\n.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\o.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\p.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\q.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\r.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\s.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\t.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\u.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\v.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\w.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\wlu.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\x.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\y.txt
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\z.txt
C:\Documents and Settings\Administrator\g2mdlhlpx.exe
C:\Documents and Settings\Administrator\GoToAssistDownloadHelper.exe
C:\Documents and Settings\Administrator\ntuser.tmp
C:\Documents and Settings\All Users\Application Data\boost_interprocess\20130125211523.173598
C:\Documents and Settings\All Users\Application Data\boost_interprocess\20130125211523.173598\9334581e-7251-4ef7-a8ec-5bfe8e89ff68
C:\Documents and Settings\All Users\Application Data\boost_interprocess\20130125211523.173598\plex_frame_mutex
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\compat.ini
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\incavi.avm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_cz.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_da.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_es.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_fr.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_ge.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_hu.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_id.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_in.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_it.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_jp.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_ko.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_ms.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_nl.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_pb.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_pl.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_pt.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_ru.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_sc.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_sk.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_sp.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_tr.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_us.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_zh.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\license_zt.htm
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfacz.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfada.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfaes.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfafr.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfage.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfahu.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfaid.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfain.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfait.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfajp.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfako.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfams.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfanl.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfapb.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfapl.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfapt.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfaru.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfasc.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfask.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfasp.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfatr.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfaus.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfavera.txt
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfazh.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\mfazt.lns
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setup.exe
C:\Documents and Settings\All Users\Application Data\TEMP\AVG\setup.ini
C:\Documents and Settings\bsacco\g2mdlhlpx.exe
C:\Documents and Settings\bsacco\GoToAssistDownloadHelper.exe
C:\WINDOWS\iun6002.exe
C:\WINDOWS\settings.reg
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\drivers\etc\hosts.txt
C:\WINDOWS\system32\PowerToyReadme.htm
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\system32\URTTemp
C:\WINDOWS\system32\URTTemp\regtlib.exe
C:\WINDOWS\Temp\tmp3.tmp

C:\WINDOWS\system32\drivers\i8042prt.sys was missing 
Restored copy from - C:\WINDOWS\system32\dllcache\i8042prt.sys

((((((((((((((((((((((((( Files Created from 2013-01-09 to 2013-02-09 )))))))))))))))))))))))))))))))


----------



## Cookiegal (Aug 27, 2003)

It should have been downloaded to the desktop.

Again, it's ony a partial log. Please copy and paste the entire log.


----------



## bsacco (Jun 12, 2003)

I'm not sure what I'm doing wrong here. I cannot find the log on my desktop. Do I need to run the puppy.exe file again? Please advise.


----------



## bsacco (Jun 12, 2003)

Ok I ran ComboFix again....here is the log...

ComboFix 13-02-07.02 - bsacco 02/09/2013 19:35:48.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2456 [GMT -8:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\puppy.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Temp\tmp3.tmp
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\searchplugins\bing-zugo.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\5221.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\6574.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\6864.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\7142.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\9702.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\9868.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Administrator\g2mdlhlpx.exe
c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\Administrator\ntuser.tmp
c:\documents and settings\All Users\Application Data\boost_interprocess\20130125211523.173598\9334581e-7251-4ef7-a8ec-5bfe8e89ff68
c:\documents and settings\All Users\Application Data\boost_interprocess\20130125211523.173598\plex_frame_mutex
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\bsacco\g2mdlhlpx.exe
c:\documents and settings\bsacco\GoToAssistDownloadHelper.exe
c:\windows\iun6002.exe
c:\windows\settings.reg
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\Temp\tmp3.tmp
.
-- Previous Run --
.
c:\windows\system32\drivers\i8042prt.sys was missing 
Restored copy from - c:\windows\system32\dllcache\i8042prt.sys
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2013-01-10 to 2013-02-10 )))))))))))))))))))))))))))))))
.
.
2013-02-10 00:32 . 2013-02-10 00:32	--------	d-----w-	c:\windows\Performance
2013-02-10 00:32 . 2013-02-10 00:32	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
2013-02-10 00:31 . 2013-02-10 00:31	--------	d-----w-	c:\program files\Microsoft Windows 7 Upgrade Advisor
2013-02-09 23:11 . 2013-02-09 23:11	--------	d-----w-	c:\documents and settings\TEST\Application Data\Canon Easy-WebPrint EX
2013-02-09 09:58 . 2013-01-08 04:57	6991832	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2798C614-3CE7-431F-A94E-84C3DF2CFEAB}\mpengine.dll
2013-02-09 07:03 . 2013-01-08 04:57	6991832	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-07 22:24 . 2013-02-07 22:24	--------	d-----w-	c:\documents and settings\Administrator\Application Data\NCdownloader
2013-02-07 17:28 . 2013-02-07 17:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\RightClick
2013-02-07 17:28 . 2013-02-07 17:28	--------	d-----w-	c:\program files\BrowseToSave
2013-02-07 17:27 . 2013-02-07 17:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\InstallMate
2013-02-05 15:52 . 2013-02-05 15:52	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-04 21:49 . 2013-02-04 21:49	--------	d-----w-	c:\windows\system32\winrm
2013-02-04 21:49 . 2013-02-04 21:49	--------	dc-h--w-	c:\windows\$968930Uinstall_KB968930$
2013-02-04 21:49 . 2013-02-04 21:49	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2013-02-02 22:05 . 2013-02-02 22:05	--------	d-----w-	C:\PSTools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 19:11 . 2012-04-30 03:07	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-09 19:11 . 2011-06-15 02:06	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-05 15:52 . 2012-04-07 17:27	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-02-05 15:52 . 2012-07-04 02:07	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-05 15:52 . 2010-12-04 19:05	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-30 10:53 . 2010-03-03 07:18	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-18 19:58 . 2012-12-18 19:58	163584	----a-w-	c:\windows\system32\AirfoilInject3.dll
2012-12-16 12:23 . 2004-08-04 10:00	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-15 00:49 . 2010-05-19 05:44	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-18 22:21 . 2012-11-18 22:21	121254	----a-w-	c:\windows\File Renamer - Basic Uninstaller.exe
2012-11-13 01:25 . 2004-08-04 10:00	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-10-15 21:57 . 2012-10-15 21:56	22657136	----a-w-	c:\program files\vlc-2.0.2-win32.exe
2008-10-06 20:05 . 2012-11-10 02:59	107848	----a-w-	c:\program files\mozilla firefox\plugins\mwmcli.dll
2012-11-10 03:00 . 2012-11-10 03:00	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-10 880528]
"A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-09 4763008]
"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2013-01-05 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-05-08 1015808]
"P17Helper"="P17.dll" [2005-05-04 64512]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-29 140640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-12-27 603504]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-17 22:10	13672	----a-w-	c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Networking Utility.lnk]
backup=c:\windows\pss\Belkin Wireless Networking Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 8.1 PE.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.1 PE.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 8.1 PE.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk]
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run]
2013-01-26 02:35	1248208	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 04:38	623992	----a-w-	c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43	767312	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeScreenSharing]
2011-11-22 09:57	2204488	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-29 03:59	136176	----atw-	c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 21:57	152544	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2012-02-01 21:18	2918224	----a-w-	c:\program files\TechSmith\Jing\Jing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-12-15 00:49	512360	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 19:27	17877168	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-09 04:55	4763008	----a-w-	c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00	90112	-c----w-	c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-01-30 11:50	438272	----a-w-	c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MemeoBackgroundService"=2 (0x2)
"WinDefend"=2 (0x2)
"Symantec RemoteAssist"=3 (0x3)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Airfoil\\Airfoil.exe"=
"c:\\Program Files\\Airfoil\\AirfoilSpeakers.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexDlnaServer.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Cakewalk\\Shared Utilities\\VstScan.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 3:38 PM 116608]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [10/5/2009 11:09 AM 20992]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/15/2012 2:29 AM 398184]
R2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [10/5/2009 11:09 AM 81920]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [5/20/2008 9:38 AM 2521880]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 3:52 AM 106496]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [1/10/2011 12:28 PM 376688]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/18/2011 9:26 AM 62184]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [5/7/2012 8:44 AM 45288]
R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [4/3/2012 4:26 PM 583296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/18/2010 9:44 PM 21104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/18/2010 9:44 PM 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [10/7/2009 1:49 PM 44776]
S3 EVault InfoStage Agent;OSP EVault Agent;c:\program files\OSP EVault\Agent\VVAgent.exe [11/11/2008 6:09 PM 3223552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 19:11]
.
2013-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 17:06]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 17:06]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-29 03:59]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-29 03:59]
.
2012-05-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 22:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=webhp
uInternet Connection Wizard,ShellNext = hxxp://outlookweb.invision.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
Trusted Zone: doubleclick.com
Trusted Zone: doubleclick.net
Trusted Zone: doubleclick.net\sitedirectory
Trusted Zone: google.com\www
Trusted Zone: line6.net
Trusted Zone: twitter.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} - hxxps://atlas.atlassolutions.com/dl/AtlasCtrl.cab
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///D:/html/nafcom.cab
DPF: {ABC26C81-D7D5-4B0C-A764-95BD0622BB67} - hxxp://www.livehelper.com/download/NewRemoteHelp.cab
DPF: {B87A4DE2-57A3-41CA-8781-89D43EA6EEF4} - hxxp://videomessages.live.com/Portal/ClientBin/VCaptCtl.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\TEST\Application Data\Mozilla\Firefox\Profiles\7f4ozhk5.default\
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-09 19:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,89,c7,ca,e5,05,90,4e,a2,4d,5a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,19,fe,8c,e0,96,66,47,8a,c6,2c,\
.
[HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B59E7B6-26DE-3322-D04C-2905281E13F0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abkcenoeplgpongolieohcmdkchbabfljc"=hex:61,61,00,00
"bbkcenoeplgpongolihncbnocmabaoaopija"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\À*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
Completion time: 2013-02-09 19:57:02
ComboFix-quarantined-files.txt 2013-02-10 03:57
.
Pre-Run: 130,045,153,280 bytes free
Post-Run: 130,022,039,552 bytes free
.
- - End Of File - - C7380B23FDD12AA9B413D356DC7B7F43


----------



## Cookiegal (Aug 27, 2003)

Before proceeding, please move ComboFix to your desktop by dragging it there. You currently are running it from your "Downloads" folder under "My Documents"

Open Notepad and copy and paste the text in the code box below into it:


```
Folder::
c:\documents and settings\All Users\Application Data\RightClick
c:\program files\BrowseToSave
c:\documents and settings\All Users\Application Data\InstallMate

DirLook::
c:\documents and settings\Administrator\Application Data\NCdownloader

DDS::
Trusted Zone: $talisma_url$
Trusted Zone: doubleclick.com
Trusted Zone: doubleclick.net
Trusted Zone: doubleclick.net\sitedirectory
Trusted Zone: google.com\www
Trusted Zone: line6.net
Trusted Zone: twitter.com\www
DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} - hxxps://atlas.atlassolutions.com/dl/AtlasCtrl.cab
DPF: {ABC26C81-D7D5-4B0C-A764-95BD0622BB67} - hxxp://www.livehelper.com/download/NewRemoteHelp.cab
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## bsacco (Jun 12, 2003)

Ok, I saved the code you sent into a notepad .txt file then dragged it on top of puppy.exe (comboFix) as instructed. Thoughim getting error MSG. Rich text format RTF are unacceptable. Yes, I double-checked that file was .txt ANSI and it was. Please advise.


----------



## bsacco (Jun 12, 2003)

screenshot of my desktop


----------



## Cookiegal (Aug 27, 2003)

It sounds like you used WordPad instead of Notepad.


----------



## bsacco (Jun 12, 2003)

I went to RUN and typed in Notepad. Then the automatically opened.


----------



## Cookiegal (Aug 27, 2003)

Please run ComboFix like you did the first time from its location on desktop and post the new log.


----------



## bsacco (Jun 12, 2003)

ComboFix 13-02-07.02 - bsacco 02/10/2013 18:46:55.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2505 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\InstallMate
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\_Setup.dll
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\20130207092738.log
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\Custom.dll
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\Readme.txt
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\Setup.dat
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\Setup.exe
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\Setup.ico
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\TsuDll.dll
c:\documents and settings\All Users\Application Data\RightClick
c:\program files\BrowseToSave
c:\program files\BrowseToSave\sprotector.dll
c:\program files\BrowseToSave\uninstall.exe
c:\windows\Temp\tmp3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))
.
.
2013-02-10 10:18 . 2013-01-08 04:57	6991832	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3ED668E4-4434-435F-B82C-3DB2E50CEF09}\mpengine.dll
2013-02-10 00:32 . 2013-02-10 00:32	--------	d-----w-	c:\windows\Performance
2013-02-10 00:32 . 2013-02-10 00:32	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
2013-02-10 00:31 . 2013-02-10 00:31	--------	d-----w-	c:\program files\Microsoft Windows 7 Upgrade Advisor
2013-02-09 23:11 . 2013-02-09 23:11	--------	d-----w-	c:\documents and settings\TEST\Application Data\Canon Easy-WebPrint EX
2013-02-09 22:21 . 2008-04-14 07:48	52480	-c--a-w-	c:\windows\system32\dllcache\i8042prt.sys
2013-02-09 22:21 . 2008-04-14 07:48	52480	----a-w-	c:\windows\system32\drivers\i8042prt.sys
2013-02-09 09:58 . 2013-01-08 04:57	6991832	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-07 22:24 . 2013-02-07 22:24	--------	d-----w-	c:\documents and settings\Administrator\Application Data\NCdownloader
2013-02-05 15:52 . 2013-02-05 15:52	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-04 21:49 . 2013-02-04 21:49	--------	d-----w-	c:\windows\system32\winrm
2013-02-04 21:49 . 2013-02-04 21:49	--------	dc-h--w-	c:\windows\$968930Uinstall_KB968930$
2013-02-04 21:49 . 2013-02-04 21:49	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2013-02-02 22:05 . 2013-02-02 22:05	--------	d-----w-	C:\PSTools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 19:11 . 2012-04-30 03:07	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-09 19:11 . 2011-06-15 02:06	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-05 15:52 . 2012-04-07 17:27	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-02-05 15:52 . 2012-07-04 02:07	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-05 15:52 . 2010-12-04 19:05	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-30 10:53 . 2010-03-03 07:18	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-18 19:58 . 2012-12-18 19:58	163584	----a-w-	c:\windows\system32\AirfoilInject3.dll
2012-12-16 12:23 . 2004-08-04 10:00	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-15 00:49 . 2010-05-19 05:44	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-18 22:21 . 2012-11-18 22:21	121254	----a-w-	c:\windows\File Renamer - Basic Uninstaller.exe
2012-10-15 21:57 . 2012-10-15 21:56	22657136	----a-w-	c:\program files\vlc-2.0.2-win32.exe
2008-10-06 20:05 . 2012-11-10 02:59	107848	----a-w-	c:\program files\mozilla firefox\plugins\mwmcli.dll
2012-11-10 03:00 . 2012-11-10 03:00	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Administrator\Application Data\NCdownloader ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-10 880528]
"A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-09 4763008]
"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2013-01-05 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-05-08 1015808]
"P17Helper"="P17.dll" [2005-05-04 64512]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-29 140640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-12-27 603504]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-17 22:10	13672	----a-w-	c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Networking Utility.lnk]
backup=c:\windows\pss\Belkin Wireless Networking Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 8.1 PE.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.1 PE.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 8.1 PE.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk]
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run]
2013-01-26 02:35	1248208	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 04:38	623992	----a-w-	c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43	767312	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeScreenSharing]
2011-11-22 09:57	2204488	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-29 03:59	136176	----atw-	c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 21:57	152544	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2012-02-01 21:18	2918224	----a-w-	c:\program files\TechSmith\Jing\Jing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-12-15 00:49	512360	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 19:27	17877168	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-09 04:55	4763008	----a-w-	c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00	90112	-c----w-	c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-01-30 11:50	438272	----a-w-	c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MemeoBackgroundService"=2 (0x2)
"WinDefend"=2 (0x2)
"Symantec RemoteAssist"=3 (0x3)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Airfoil\\Airfoil.exe"=
"c:\\Program Files\\Airfoil\\AirfoilSpeakers.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexDlnaServer.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Cakewalk\\Shared Utilities\\VstScan.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 3:38 PM 116608]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [10/5/2009 11:09 AM 20992]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/15/2012 2:29 AM 398184]
R2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [10/5/2009 11:09 AM 81920]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [5/20/2008 9:38 AM 2521880]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 3:52 AM 106496]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [1/10/2011 12:28 PM 376688]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/18/2011 9:26 AM 62184]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [5/7/2012 8:44 AM 45288]
R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [4/3/2012 4:26 PM 583296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/18/2010 9:44 PM 21104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/18/2010 9:44 PM 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [10/7/2009 1:49 PM 44776]
S3 EVault InfoStage Agent;OSP EVault Agent;c:\program files\OSP EVault\Agent\VVAgent.exe [11/11/2008 6:09 PM 3223552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 19:11]
.
2013-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 17:06]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 17:06]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-29 03:59]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-29 03:59]
.
2012-05-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 22:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=webhp
uInternet Connection Wizard,ShellNext = hxxp://outlookweb.invision.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///D:/html/nafcom.cab
DPF: {B87A4DE2-57A3-41CA-8781-89D43EA6EEF4} - hxxp://videomessages.live.com/Portal/ClientBin/VCaptCtl.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\TEST\Application Data\Mozilla\Firefox\Profiles\7f4ozhk5.default\
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SP_48c708f2 - c:\program files\BrowseToSave\uninstall.exe
AddRemove-{C3C9AA48-2141-023F-7236-FAE4267FDEA5} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~2\{8CC4B~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-10 19:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,89,c7,ca,e5,05,90,4e,a2,4d,5a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,19,fe,8c,e0,96,66,47,8a,c6,2c,\
.
[HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B59E7B6-26DE-3322-D04C-2905281E13F0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abkcenoeplgpongolieohcmdkchbabfljc"=hex:61,61,00,00
"bbkcenoeplgpongolihncbnocmabaoaopija"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\À*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
Completion time: 2013-02-10 19:07:37
ComboFix-quarantined-files.txt 2013-02-11 03:07
ComboFix2.txt 2013-02-10 03:57
.
Pre-Run: 129,933,570,048 bytes free
Post-Run: 129,910,157,312 bytes free
.
- - End Of File - - B8E50F2BF2BB8E6704529BA12652FEAE


----------



## bsacco (Jun 12, 2003)

ComboFix 13-02-07.02 - bsacco 02/10/2013 18:46:55.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2505 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\InstallMate
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\_Setup.dll
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\20130207092738.log
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\Custom.dll
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\Readme.txt
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\Setup.dat
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\Setup.exe
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\Setup.ico
c:\documents and settings\All Users\Application Data\InstallMate\{8CC4BDEF-6740-4F41-ADAA-2F6257279F19}\TsuDll.dll
c:\documents and settings\All Users\Application Data\RightClick
c:\program files\BrowseToSave
c:\program files\BrowseToSave\sprotector.dll
c:\program files\BrowseToSave\uninstall.exe
c:\windows\Temp\tmp3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))
.
.
2013-02-10 10:18 . 2013-01-08 04:57	6991832	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3ED668E4-4434-435F-B82C-3DB2E50CEF09}\mpengine.dll
2013-02-10 00:32 . 2013-02-10 00:32	--------	d-----w-	c:\windows\Performance
2013-02-10 00:32 . 2013-02-10 00:32	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
2013-02-10 00:31 . 2013-02-10 00:31	--------	d-----w-	c:\program files\Microsoft Windows 7 Upgrade Advisor
2013-02-09 23:11 . 2013-02-09 23:11	--------	d-----w-	c:\documents and settings\TEST\Application Data\Canon Easy-WebPrint EX
2013-02-09 22:21 . 2008-04-14 07:48	52480	-c--a-w-	c:\windows\system32\dllcache\i8042prt.sys
2013-02-09 22:21 . 2008-04-14 07:48	52480	----a-w-	c:\windows\system32\drivers\i8042prt.sys
2013-02-09 09:58 . 2013-01-08 04:57	6991832	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-07 22:24 . 2013-02-07 22:24	--------	d-----w-	c:\documents and settings\Administrator\Application Data\NCdownloader
2013-02-05 15:52 . 2013-02-05 15:52	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-04 21:49 . 2013-02-04 21:49	--------	d-----w-	c:\windows\system32\winrm
2013-02-04 21:49 . 2013-02-04 21:49	--------	dc-h--w-	c:\windows\$968930Uinstall_KB968930$
2013-02-04 21:49 . 2013-02-04 21:49	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2013-02-02 22:05 . 2013-02-02 22:05	--------	d-----w-	C:\PSTools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 19:11 . 2012-04-30 03:07	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-09 19:11 . 2011-06-15 02:06	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-05 15:52 . 2012-04-07 17:27	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-02-05 15:52 . 2012-07-04 02:07	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-05 15:52 . 2010-12-04 19:05	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-30 10:53 . 2010-03-03 07:18	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-18 19:58 . 2012-12-18 19:58	163584	----a-w-	c:\windows\system32\AirfoilInject3.dll
2012-12-16 12:23 . 2004-08-04 10:00	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-15 00:49 . 2010-05-19 05:44	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-18 22:21 . 2012-11-18 22:21	121254	----a-w-	c:\windows\File Renamer - Basic Uninstaller.exe
2012-10-15 21:57 . 2012-10-15 21:56	22657136	----a-w-	c:\program files\vlc-2.0.2-win32.exe
2008-10-06 20:05 . 2012-11-10 02:59	107848	----a-w-	c:\program files\mozilla firefox\plugins\mwmcli.dll
2012-11-10 03:00 . 2012-11-10 03:00	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Administrator\Application Data\NCdownloader ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-10 880528]
"A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-09 4763008]
"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2013-01-05 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-05-08 1015808]
"P17Helper"="P17.dll" [2005-05-04 64512]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-29 140640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-12-27 603504]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-17 22:10	13672	----a-w-	c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Networking Utility.lnk]
backup=c:\windows\pss\Belkin Wireless Networking Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 8.1 PE.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.1 PE.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 8.1 PE.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk]
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run]
2013-01-26 02:35	1248208	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 04:38	623992	----a-w-	c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43	767312	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeScreenSharing]
2011-11-22 09:57	2204488	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-29 03:59	136176	----atw-	c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 21:57	152544	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2012-02-01 21:18	2918224	----a-w-	c:\program files\TechSmith\Jing\Jing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-12-15 00:49	512360	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 19:27	17877168	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-09 04:55	4763008	----a-w-	c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00	90112	-c----w-	c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-01-30 11:50	438272	----a-w-	c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MemeoBackgroundService"=2 (0x2)
"WinDefend"=2 (0x2)
"Symantec RemoteAssist"=3 (0x3)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Airfoil\\Airfoil.exe"=
"c:\\Program Files\\Airfoil\\AirfoilSpeakers.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexDlnaServer.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Cakewalk\\Shared Utilities\\VstScan.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 3:38 PM 116608]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [10/5/2009 11:09 AM 20992]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/15/2012 2:29 AM 398184]
R2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [10/5/2009 11:09 AM 81920]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [5/20/2008 9:38 AM 2521880]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 3:52 AM 106496]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [1/10/2011 12:28 PM 376688]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/18/2011 9:26 AM 62184]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [5/7/2012 8:44 AM 45288]
R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [4/3/2012 4:26 PM 583296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/18/2010 9:44 PM 21104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/18/2010 9:44 PM 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [10/7/2009 1:49 PM 44776]
S3 EVault InfoStage Agent;OSP EVault Agent;c:\program files\OSP EVault\Agent\VVAgent.exe [11/11/2008 6:09 PM 3223552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 19:11]
.
2013-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 17:06]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 17:06]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-29 03:59]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-29 03:59]
.
2012-05-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 22:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=webhp
uInternet Connection Wizard,ShellNext = hxxp://outlookweb.invision.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///D:/html/nafcom.cab
DPF: {B87A4DE2-57A3-41CA-8781-89D43EA6EEF4} - hxxp://videomessages.live.com/Portal/ClientBin/VCaptCtl.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\TEST\Application Data\Mozilla\Firefox\Profiles\7f4ozhk5.default\
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SP_48c708f2 - c:\program files\BrowseToSave\uninstall.exe
AddRemove-{C3C9AA48-2141-023F-7236-FAE4267FDEA5} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~2\{8CC4B~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-10 19:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,89,c7,ca,e5,05,90,4e,a2,4d,5a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,19,fe,8c,e0,96,66,47,8a,c6,2c,\
.
[HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B59E7B6-26DE-3322-D04C-2905281E13F0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abkcenoeplgpongolieohcmdkchbabfljc"=hex:61,61,00,00
"bbkcenoeplgpongolihncbnocmabaoaopija"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\À*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
Completion time: 2013-02-10 19:07:37
ComboFix-quarantined-files.txt 2013-02-11 03:07
ComboFix2.txt 2013-02-10 03:57
.
Pre-Run: 129,933,570,048 bytes free
Post-Run: 129,910,157,312 bytes free
.
- - End Of File - - B8E50F2BF2BB8E6704529BA12652FEAE


----------



## bsacco (Jun 12, 2003)

Next steps?


----------



## Cookiegal (Aug 27, 2003)

What did you do to finally get the CFScript to run?

Please delete this folder:

c:\documents and settings\Administrator\Application Data\*NCdownloader*

You will have to unhide files/folders to be able to see the Application Data folder. Click on *My Computer* then go to *Tools *- *Folder Options*. Click on the *View *tab and make sure that "Show hidden files and folders" is checked.

Please run the following on-line scanner.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## bsacco (Jun 12, 2003)

Q: What did you do to finally get the CFScript to run? 
A: God only knows...lol It just worked...

Please delete this folder:

c:\documents and settings\Administrator\Application Data\NCdownloader - DONE>

will run eset online scanner.


----------



## Cookiegal (Aug 27, 2003)

bsacco said:


> Q: What did you do to finally get the CFScript to run?
> A: God only knows...lol It just worked...


LOL! OK, we won't look a gift horse in the mouth.


----------



## bsacco (Jun 12, 2003)

ESET Log file:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=323e7b2874170e44ae11ea5c898782bb
# engine=13129
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-12 01:50:32
# local_time=2013-02-11 05:50:32 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 4177579 13319204 0 0
# scanned=306995
# found=0
# cleaned=0
# scan_time=6798


----------



## Cookiegal (Aug 27, 2003)

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## bsacco (Jun 12, 2003)

OK, I downloaded OTL and typed in Netsvcs under custome Scans/Fixes area. THe problem is it is crashing my PC every time I run it. It starts off OK then when it gets to the "Pattern Search/C/Local settings.... part it freezes my PC then my monitors go black. THen i have to re-boot. Please advise. Though I did find a file called OFT.txt. I DID NOT find a file called Extras.txt. Here is OTL.txt log file:

Copyright (c) 2004, George Triantafyllakos (http://www.backpacker.gr),
with BPreplay.
Copyright (c) 2004, Magenta (http://www.magenta.gr).

This Font Software is licensed under the SIL Open Font License, Version 1.1.
This license is copied below, and is also available with a FAQ at:
http://scripts.sil.org/OFL

-----------------------------------------------------------
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
-----------------------------------------------------------

PREAMBLE
The goals of the Open Font License (OFL) are to stimulate worldwide
development of collaborative font projects, to support the font creation
efforts of academic and linguistic communities, and to provide a free and
open framework in which fonts may be shared and improved in partnership
with others.

The OFL allows the licensed fonts to be used, studied, modified and
redistributed freely as long as they are not sold by themselves. The
fonts, including any derivative works, can be bundled, embedded, 
redistributed and/or sold with any software provided that any reserved
names are not used by derivative works. The fonts and derivatives,
however, cannot be released under any other type of license. The
requirement for fonts to remain under this license does not apply
to any document created using the fonts or their derivatives.

DEFINITIONS
"Font Software" refers to the set of files released by the Copyright
Holder(s) under this license and clearly marked as such. This may
include source files, build scripts and documentation.

"Reserved Font Name" refers to any names specified as such after the
copyright statement(s).

"Original Version" refers to the collection of Font Software components as
distributed by the Copyright Holder(s).

"Modified Version" refers to any derivative made by adding to, deleting,
or substituting -- in part or in whole -- any of the components of the
Original Version, by changing formats or by porting the Font Software to a
new environment.

"Author" refers to any designer, engineer, programmer, technical
writer or other person who contributed to the Font Software.

PERMISSION & CONDITIONS
Permission is hereby granted, free of charge, to any person obtaining
a copy of the Font Software, to use, study, copy, merge, embed, modify,
redistribute, and sell modified and unmodified copies of the Font
Software, subject to the following conditions:

1) Neither the Font Software nor any of its individual components,
in Original or Modified Versions, may be sold by itself.

2) Original or Modified Versions of the Font Software may be bundled,
redistributed and/or sold with any software, provided that each copy
contains the above copyright notice and this license. These can be
included either as stand-alone text files, human-readable headers or
in the appropriate machine-readable metadata fields within text or
binary files as long as those fields can be easily viewed by the user.

3) No Modified Version of the Font Software may use the Reserved Font
Name(s) unless explicit written permission is granted by the corresponding
Copyright Holder. This restriction only applies to the primary font name as
presented to the users.

4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
Software shall not be used to promote, endorse or advertise any
Modified Version, except to acknowledge the contribution(s) of the
Copyright Holder(s) and the Author(s) or with their explicit written
permission.

5) The Font Software, modified or unmodified, in part or in whole,
must be distributed entirely under this license, and must not be
distributed under any other license. The requirement for fonts to
remain under this license does not apply to any document created
using the Font Software.

TERMINATION
This license becomes null and void if any of the above conditions are
not met.

DISCLAIMER
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
OTHER DEALINGS IN THE FONT SOFTWARE.


----------



## Cookiegal (Aug 27, 2003)

What you posted is license text for some font software. That's not the OTL log. Are you sure it was named OTL.txt?


----------



## bsacco (Jun 12, 2003)

when i run the OTL.exe it crashes my PC. Please advise.


----------



## Cookiegal (Aug 27, 2003)

Let's try this tool instead:

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## bsacco (Jun 12, 2003)

```
OTS logfile created on: 2/15/2013 9:39:44 AM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 4091 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.75 Gb Total Space | 122.16 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 1843.01 Gb Total Space | 3890.56 Gb Free Space | 211.10% Space Free | Partition Type: NTFS
Drive T: | 1843.01 Gb Total Space | 3890.56 Gb Free Space | 211.10% Space Free | Partition Type: NTFS
Drive U: | 1843.01 Gb Total Space | 3890.56 Gb Free Space | 211.10% Space Free | Partition Type: NTFS
Drive V: | 1843.01 Gb Total Space | 3890.56 Gb Free Space | 211.10% Space Free | Partition Type: NTFS
Drive W: | 1843.01 Gb Total Space | 3890.56 Gb Free Space | 211.10% Space Free | Partition Type: NTFS
Drive X: | 1843.01 Gb Total Space | 3890.56 Gb Free Space | 211.10% Space Free | Partition Type: NTFS
Drive Y: | 1843.01 Gb Total Space | 3890.56 Gb Free Space | 211.10% Space Free | Partition Type: NTFS
 
Computer Name: BS-TOWER
Current User Name: bsacco
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\My Documents\Downloads\OTS.exe -> [2013/02/15 07:14:54 | 000,646,656 | ---- | M] (OldTimer Tools)
jqs.exe -> C:\Program Files\Java\jre7\bin\jqs.exe -> [2013/02/05 07:52:32 | 000,170,912 | ---- | M] (Oracle Corporation)
chrome.exe -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2013/01/25 18:35:08 | 001,248,208 | ---- | M] (Google Inc.)
dropbox.exe -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe -> [2013/01/20 11:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.)
spotifywebhelper.exe -> C:\Program Files\Spotify\Data\SpotifyWebHelper.exe -> [2013/01/05 10:20:30 | 001,199,576 | ---- | M] (Spotify Ltd)
mbamscheduler.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -> [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2012/11/08 20:55:25 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com)
sascore.exe -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2012/09/13 07:53:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
msmpeng.exe -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation)
msseces.exe -> C:\Program Files\Microsoft Security Client\msseces.exe -> [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation)
syncserver.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe -> [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.)
utorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe -> [2012/06/10 00:54:19 | 000,880,528 | ---- | M] (BitTorrent, Inc.)
xobniservice.exe -> C:\Program Files\Xobni\XobniService.exe -> [2011/05/18 09:26:54 | 000,062,184 | ---- | M] (Xobni Corporation)
whsconnector.exe -> C:\Program Files\Windows Home Server\WHSConnector.exe -> [2011/01/10 12:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation)
whstrayapp.exe -> C:\Program Files\Windows Home Server\WHSTrayApp.exe -> [2011/01/10 12:28:52 | 000,603,504 | ---- | M] (Microsoft Corporation)
nmsaccessu.exe -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2010/03/04 22:38:00 | 000,071,096 | ---- | M] ()
bjmyprt.exe -> C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE -> [2009/11/01 18:30:00 | 002,508,104 | ---- | M] (CANON INC.)
mediacollectorclient.exe -> C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe -> [2009/10/05 11:09:38 | 000,081,920 | ---- | M] (Hewlett-Packard Company)
mssconnectorservice.exe -> C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe -> [2009/10/05 11:09:38 | 000,020,992 | ---- | M] (HP)
cnmnsut.exe -> C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe -> [2009/09/28 17:56:18 | 000,140,640 | ---- | M] (CANON INC.)
flipshareservice.exe -> C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -> [2009/06/04 16:41:22 | 000,451,904 | ---- | M] ()
tschelp.exe -> C:\Program Files\SnagIt 8\TscHelp.exe -> [2008/06/10 08:02:26 | 000,058,952 | ---- | M] (TechSmith Corporation)
snagit32.exe -> C:\Program Files\SnagIt 8\SnagIt32.exe -> [2008/06/10 08:02:16 | 006,395,464 | ---- | M] (TechSmith Corporation)
snagpriv.exe -> C:\Program Files\SnagIt 8\SnagPriv.exe -> [2008/06/10 08:02:14 | 000,075,336 | ---- | M] (TechSmith Corporation)
crypserv.exe -> C:\WINDOWS\system32\Crypserv.exe -> [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
wdbtnmgrsvc.exe -> C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -> [2008/01/30 03:52:22 | 000,106,496 | ---- | M] (WDC)
uns.exe -> C:\Program Files\Intel\AMT\UNS.exe -> [2007/06/12 13:09:16 | 002,521,880 | ---- | M] (Intel)
atchksrv.exe -> C:\Program Files\Intel\AMT\atchksrv.exe -> [2007/06/12 13:09:16 | 000,183,064 | ---- | M] (Intel Corporation)
atchk.exe -> C:\Program Files\Intel\AMT\atchk.exe -> [2007/06/12 13:09:14 | 000,408,344 | ---- | M] (Intel Corporation)
lms.exe -> C:\Program Files\Intel\AMT\LMS.exe -> [2007/06/12 13:09:14 | 000,109,336 | ---- | M] (Intel)
cli.exe -> C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe -> [2006/09/25 08:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.)
ctsysvol.exe -> C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> [2005/10/31 09:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd)
 
[Modules - No Company Name]
system.serviceprocess.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll -> [2013/02/13 03:40:49 | 000,212,992 | ---- | M] ()
system.web.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll -> [2013/02/13 03:40:41 | 011,817,472 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll -> [2013/02/04 15:06:34 | 000,771,584 | ---- | M] ()
system.configuration.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll -> [2013/02/04 14:10:45 | 000,971,264 | ---- | M] ()
system.xml.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll -> [2013/02/04 14:06:53 | 005,450,752 | ---- | M] ()
system.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll -> [2013/02/04 14:01:49 | 007,977,984 | ---- | M] ()
mscorlib.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll -> [2013/02/04 14:01:44 | 011,492,352 | ---- | M] ()
mscorlib.dll -> c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e91f1f4c\mscorlib.dll -> [2013/01/10 03:24:07 | 003,391,488 | ---- | M] ()
system.drawing.dll -> c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_3b6852ed\system.drawing.dll -> [2013/01/10 03:24:05 | 000,843,776 | ---- | M] ()
system.xml.dll -> c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_808cdbf7\system.xml.dll -> [2013/01/10 03:23:57 | 002,088,960 | ---- | M] ()
system.windows.forms.dll -> c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_3309d72a\system.windows.forms.dll -> [2013/01/10 03:23:51 | 003,035,136 | ---- | M] ()
system.dll -> c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_c7cba33a\system.dll -> [2013/01/10 03:23:27 | 001,966,080 | ---- | M] ()
system.dll -> c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll -> [2013/01/10 03:23:00 | 001,232,896 | ---- | M] ()
system.web.dll -> c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll -> [2013/01/10 03:22:59 | 001,269,760 | ---- | M] ()
system.drawing.dll -> c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll -> [2013/01/10 03:22:57 | 000,471,040 | ---- | M] ()
system.windows.forms.dll -> c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll -> [2013/01/10 03:22:52 | 002,064,384 | ---- | M] ()
sd10006.dll -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll -> [2012/10/19 10:18:23 | 000,065,024 | ---- | M] ()
system.xml.dll -> c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll -> [2011/10/27 02:01:26 | 001,339,392 | ---- | M] ()
system.management.dll -> c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll -> [2011/10/27 02:01:26 | 000,372,736 | ---- | M] ()
system.runtime.remoting.dll -> c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll -> [2011/10/27 02:01:25 | 000,323,584 | ---- | M] ()
zlib1.dll -> C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll -> [2011/09/27 06:23:00 | 000,087,912 | ---- | M] ()
libxml2.dll -> C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll -> [2011/09/27 06:22:40 | 001,242,472 | ---- | M] ()
utilities.dll -> C:\WINDOWS\assembly\GAC_32\Utilities\2.0.1.13508__6298d2d1fcfb5d85\Utilities.dll -> [2011/09/12 12:14:09 | 000,224,256 | ---- | M] ()
rarext.dll -> C:\Program Files\WinRAR\RarExt.dll -> [2010/03/15 10:28:22 | 000,141,824 | ---- | M] ()
nmsaccessu.exe -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2010/03/04 22:38:00 | 000,071,096 | ---- | M] ()
wipext.dll -> C:\Program Files\Ace Utilities\wipext.dll -> [2009/07/28 23:10:26 | 000,110,816 | ---- | M] ()
flipshareservice.exe -> C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -> [2009/06/04 16:41:22 | 000,451,904 | ---- | M] ()
qtcore4.dll -> C:\Program Files\Flip Video\FlipShare\QtCore4.dll -> [2009/06/04 16:37:14 | 001,581,056 | ---- | M] ()
msdmo.dll -> C:\WINDOWS\system32\msdmo.dll -> [2008/04/14 01:42:00 | 000,014,336 | ---- | M] ()
devenum.dll -> C:\WINDOWS\system32\devenum.dll -> [2008/04/14 01:41:52 | 000,059,904 | ---- | M] ()
p17.dll -> C:\WINDOWS\system32\P17.DLL -> [2005/05/03 19:38:42 | 000,064,512 | ---- | M] ()
 
[Win32 Services - Safe List]
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/02/13 04:43:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre7\bin\jqs.exe -> [2013/02/05 07:52:32 | 000,170,912 | ---- | M] (Oracle Corporation)
(SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files\Skype\Updater\Updater.exe -> [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies)
(MBAMService) MBAMService [Auto | Stopped] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation)
(MBAMScheduler) MBAMScheduler [Auto | Running] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -> [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation)
(MozillaMaintenance) Mozilla Maintenance Service [On_Demand | Stopped] -> C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -> [2012/11/09 19:00:19 | 000,115,168 | ---- | M] (Mozilla Foundation)
(!SASCORE) SAS Core Service [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2012/09/13 07:53:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -> [2011/06/17 14:10:54 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(XobniService) XobniService [Auto | Running] -> C:\Program Files\Xobni\XobniService.exe -> [2011/05/18 09:26:54 | 000,062,184 | ---- | M] (Xobni Corporation)
(WHSConnector) Windows Home Server Connector Service [Auto | Running] -> C:\Program Files\Windows Home Server\WHSConnector.exe -> [2011/01/10 12:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation)
(NMSAccess) NMSAccess [Auto | Running] -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2010/03/04 22:38:00 | 000,071,096 | ---- | M] ()
(MediaCollectorService) MediaCollectorService [Auto | Running] -> C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe -> [2009/10/05 11:09:38 | 000,081,920 | ---- | M] (Hewlett-Packard Company)
(HPMSSConnectorSvc) HPMSSConnectorService [Auto | Running] -> C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe -> [2009/10/05 11:09:38 | 000,020,992 | ---- | M] (HP)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/09/04 14:56:16 | 000,655,624 | ---- | M] (Acresso Software Inc.)
(FlipShare Service) FlipShare Service [Auto | Running] -> C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -> [2009/06/04 16:41:22 | 000,451,904 | ---- | M] ()
(EVault InfoStage Agent) OSP EVault Agent [On_Demand | Stopped] -> C:\Program Files\OSP EVault\Agent\VVAgent.exe -> [2008/11/11 18:09:34 | 003,223,552 | ---- | M] ()
(Crypkey License) Crypkey License [Auto | Running] -> C:\WINDOWS\System32\Crypserv.exe -> [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.)
(WDBtnMgrSvc.exe) WD Drive Manager Service [Auto | Running] -> C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -> [2008/01/30 03:52:22 | 000,106,496 | ---- | M] (WDC)
(bgsvcgen) B's Recorder GOLD Library General Service [On_Demand | Stopped] -> C:\WINDOWS\System32\bgsvcgen.exe -> [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation)
(UNS) Intel(R) Active Management Technology User Notification Service [Auto | Running] -> C:\Program Files\Intel\AMT\UNS.exe -> [2007/06/12 13:09:16 | 002,521,880 | ---- | M] (Intel)
(atchksrv) Intel(R) Active Management Technology System Status Service [Auto | Running] -> C:\Program Files\Intel\AMT\atchksrv.exe -> [2007/06/12 13:09:16 | 000,183,064 | ---- | M] (Intel Corporation)
(LMS) Intel(R) Active Management Technology Local Management Service [Auto | Running] -> C:\Program Files\Intel\AMT\LMS.exe -> [2007/06/12 13:09:14 | 000,109,336 | ---- | M] (Intel)
(Adobe Version Cue CS3) Adobe Version Cue CS3 [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> [2007/03/20 12:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated)
(x10nets) X10 Device Network Service [On_Demand | Stopped] -> C:\Program Files\Common Files\X10\Common\X10nets.exe -> [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10)
 
[Driver Services - Safe List]
(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mbam.sys -> [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation)
(StarOpen) StarOpen [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2012/06/03 09:44:46 | 000,005,504 | ---- | M] ()
(L6TPortB) Service - Line 6 TonePort UX2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\L6TPortB.sys -> [2012/03/26 12:00:20 | 000,583,296 | ---- | M] (Line 6)
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\BANTExt.sys -> [2011/08/09 16:33:58 | 000,003,840 | ---- | M] ()
(dc3d) MS Hardware Device Detection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\dc3d.sys -> [2011/08/01 14:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2011/07/08 03:12:48 | 007,023,104 | ---- | M] (ATI Technologies Inc.)
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2010/07/27 01:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2010/07/27 01:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(BackupReader) BackupReader [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BackupReader.sys -> [2009/10/07 12:49:18 | 000,044,776 | ---- | M] (Microsoft Corporation)
(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mcdbus.sys -> [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.)
(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -> [2008/09/08 19:58:14 | 000,049,904 | R--- | M] (Avanquest Software)
(NetworkX) NetworkX [Kernel | System | Running] -> C:\WINDOWS\system32\ckldrv.sys -> [2008/03/17 08:45:52 | 000,019,584 | ---- | M] ()
(P17) SB Live! 24-bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\P17.sys -> [2007/06/15 09:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.)
(HECI) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HECI.sys -> [2007/06/12 17:05:50 | 000,045,056 | ---- | M] (Intel Corporation)
(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura)
(cdrbsdrv) cdrbsdrv [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\cdrbsdrv.sys -> [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation)
(Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\afc.sys -> [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.)
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ctoss2k.sys -> [2005/01/10 17:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.)
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ctsfm2k.sys -> [2005/01/10 17:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\PFC.SYS -> [2002/02/11 14:15:50 | 000,014,572 | ---- | M] (Padus, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\] > -> -> 
HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\: Main\\"Start Page" -> http://www.google.com/ig?hl=en&source=webhp -> 
HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\: SearchURL\\"" -> http://www.google.com/keyword/%s -> 
HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\6j5zsw01.default\prefs.js -> 
browser.search.defaultenginename -> "AVG Secure Search" ->
browser.search.defaultthis.engineName -> "Freecorder Customized Web Search" ->
browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" ->
browser.search.selectedEngine -> "Freecorder Customized Web Search" ->
browser.startup.homepage -> "http://search.conduit.com/?ctid=CT1060933&SearchSource=13" ->
extensions.enabledItems -> {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.98 ->
extensions.enabledItems -> [email protected]:2.6.0 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> [email protected]:4.0.1 ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 ->
extensions.enabledItems -> [email protected]:7.005.030.004 ->
extensions.enabledItems -> {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.5.1.0 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 ->
extensions.enabledItems -> {0cbdfb73-07e9-4cdb-8e40-9cd9742057be}:0.3 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 ->
keyword.URL -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\6j5zsw01.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\[email protected] -> C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\[email protected] -> 
HKLM\software\mozilla\Mozilla Firefox 16.0.1\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2012/11/09 19:00:20 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2012/11/09 18:59:45 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions -> [2008/09/11 08:31:29 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions -> [2013/01/21 00:28:05 | 000,000,000 | ---D | M]
Freecorder Community Toolbar   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} -> [2012/10/07 15:05:35 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/05/05 21:59:34 | 000,000,000 | ---D | M]
Bookmark Duplicate Detector   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d} -> [2009/03/29 19:15:29 | 000,000,000 | ---D | M]
Bitdefender QuickScan   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} -> [2012/10/04 13:58:31 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\[email protected] -> [2011/10/05 17:23:13 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\[email protected] -> [2012/10/07 15:05:34 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 conduit.xml -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\6j5zsw01.default\searchplugins\conduit.xml -> [2012/02/02 16:03:00 | 000,000,923 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2012/11/09 18:59:31 | 000,000,000 | ---D | M]
No name found -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6J5ZSW01.DEFAULT\EXTENSIONS\{0CBDFB73-07E9-4CDB-8E40-9CD9742057BE}.XPI -> ()
No name found -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6J5ZSW01.DEFAULT\EXTENSIONS\[email protected] -> ()
"Xmarks" -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6J5ZSW01.DEFAULT\EXTENSIONS\[email protected] -> [2012/10/07 15:05:34 | 000,000,000 | ---D | M]
No name found -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6J5ZSW01.DEFAULT\EXTENSIONS\[email protected] -> ()
No name found -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6J5ZSW01.DEFAULT\EXTENSIONS\[email protected] -> ()
< HOSTS File > ([2013/02/10 19:05:52 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} [HKLM] -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [Canon Easy-WebPrint EX BHO] -> [2010/11/08 13:49:26 | 000,202,144 | ---- | M] (CANON INC.)
{465E08E7-F005-4389-980F-1D8764B3486C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2013/02/05 07:52:33 | 000,461,216 | ---- | M] (Oracle Corporation)
{9A065C65-4EE7-4DDD-9918-F129089A894A} [HKLM] -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [BrowserHelper Class] -> [2011/01/10 12:28:52 | 000,244,592 | ---- | M] (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2013/02/05 07:52:32 | 000,170,912 | ---- | M] (Oracle Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" [HKLM] -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [Canon Easy-WebPrint EX] -> [2010/11/08 13:50:34 | 001,619,352 | ---- | M] (CANON INC.)
"{D73E76A3-F902-45BD-8FC8-95AE8E014671}" [HKLM] -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [Home Server Banner] -> [2011/01/10 12:28:52 | 000,244,592 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\] > -> HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{D73E76A3-F902-45BD-8FC8-95AE8E014671}" [HKLM] -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [Home Server Banner] -> [2011/01/10 12:28:52 | 000,244,592 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{724D43A0-0D85-11D4-9908-00400523E39A}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" [HKLM] -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [Canon Easy-WebPrint EX] -> [2010/11/08 13:50:34 | 001,619,352 | ---- | M] (CANON INC.)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"APSDaemon" -> C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe ["C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"] -> [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.)
"atchk" -> C:\Program Files\Intel\AMT\atchk.exe ["C:\Program Files\Intel\AMT\atchk.exe"] -> [2007/06/12 13:09:14 | 000,408,344 | ---- | M] (Intel Corporation)
"ATICCC" -> C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"] -> [2006/09/25 08:12:20 | 000,090,112 | ---- | M] ()
"CanonMyPrinter" -> C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> [2009/11/01 18:30:00 | 002,508,104 | ---- | M] (CANON INC.)
"CTSysVol" -> C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r] -> [2005/10/31 09:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd)
"IJNetworkScanUtility" -> C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe] -> [2009/09/28 17:56:18 | 000,140,640 | ---- | M] (CANON INC.)
"MSC" -> c:\Program Files\Microsoft Security Client\msseces.exe ["c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation)
"P17Helper" -> C:\WINDOWS\System32\P17.DLL [Rundll32 P17.dll,P17Helper] -> [2005/05/03 19:38:42 | 000,064,512 | ---- | M] ()
< Run [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\] > -> HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run" -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ["C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service] -> [2013/01/25 18:35:08 | 001,248,208 | ---- | M] (Google Inc.)
"Spotify Web Helper" -> C:\Program Files\Spotify\Data\SpotifyWebHelper.exe ["C:\Program Files\Spotify\Data\SpotifyWebHelper.exe"] -> [2013/01/05 10:20:30 | 001,199,576 | ---- | M] (Spotify Ltd)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2012/11/08 20:55:25 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com)
"uTorrent" -> C:\Program Files\uTorrent\uTorrent.exe ["C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED] -> [2012/06/10 00:54:19 | 000,880,528 | ---- | M] (BitTorrent, Inc.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe -> [2013/01/20 11:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk -> C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe -> [2012/12/27 21:48:29 | 000,603,504 | R--- | M] (Microsoft Corporation)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< TEST Startup Folder > -> C:\Documents and Settings\TEST\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500] > -> HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500] > -> HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500] > -> HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\] > -> HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Append to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007/05/10 21:47:03 | 000,321,120 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\] > -> HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6768 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6768 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6768 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\] > -> HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6768 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\] > -> HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/sites/production/ieawsdc32.cab [Microsoft Office Template and Media Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab [DLM Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358756641328 [WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349385223937 [MUWebControl Class] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{89242969-422B-46BF-B0D5-6A7B7DC4D0E0} [HKLM] -> file:///D:/html/nafcom.cab [Nafi Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab [Reg Error: Value error.] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{B87A4DE2-57A3-41CA-8781-89D43EA6EEF4} [HKLM] -> http://videomessages.live.com/Portal/ClientBin/VCaptCtl.cab [VideoCaptureCtl Class] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab [Java Plug-in 1.6.0_31] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab [Java Plug-in 1.6.0_31] -> 
{D4B68B83-8710-488B-A692-D74B50BA558E} [HKLM] -> http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab [Creative Software AutoUpdate Support Package 2] -> 
{E705A591-DA3C-4228-B0D5-A356DBA42FBF} [HKLM] -> http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab [Reg Error: Key error.] -> 
{F6ACF75C-C32C-447B-9BEF-46B766368D29} [HKLM] -> http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{DDAF0FD6-A7E5-4EDC-A9CB-E63FE9565669}\\DhcpNameServer -> 192.168.1.254   (Intel(R) 82566DM-2 Gigabit Network Connection) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/14 01:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2011/07/08 02:04:38 | 000,188,416 | ---- | M] (ATI Technologies Inc.)
GoToAssist -> C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll -> [2011/06/17 14:10:51 | 000,013,672 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2011/07/18 16:02:18 | 000,113,024 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox] -> [2013/01/20 11:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.)
"C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe" -> C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe [C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe:*:Enabled:Spotify] -> [2012/10/30 13:10:32 | 007,880,664 | ---- | M] (Spotify Ltd)
"C:\Program Files\Airfoil\Airfoil.exe" -> C:\Program Files\Airfoil\Airfoil.exe [C:\Program Files\Airfoil\Airfoil.exe:*:Enabled:Airfoil] -> [2012/12/18 11:58:20 | 001,219,584 | ---- | M] (Rogue Amoeba)
"C:\Program Files\Airfoil\AirfoilSpeakers.exe" -> C:\Program Files\Airfoil\AirfoilSpeakers.exe [C:\Program Files\Airfoil\AirfoilSpeakers.exe:*:Enabled:Airfoil Speakers] -> [2012/12/18 11:55:06 | 000,863,744 | ---- | M] (Rogue Amoeba)
"C:\Program Files\Cakewalk\Shared Utilities\VstScan.exe" -> C:\Program Files\Cakewalk\Shared Utilities\VstScan.exe [C:\Program Files\Cakewalk\Shared Utilities\VstScan.exe:*:Enabled:Cakewalk VST Scan] -> [2009/03/10 10:58:16 | 000,167,936 | ---- | M] (Cakewalk Music Software)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server] -> [2007/03/20 12:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" -> C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit] -> [2012/11/28 14:13:42 | 000,014,224 | ---- | M] (Apple Inc.)
"C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe" -> C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe:LocalSubNet:Enabled:MediaCollectorClient] -> [2009/10/05 11:09:38 | 000,081,920 | ---- | M] (Hewlett-Packard Company)
"C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe" -> C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe [C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe:*:Enabled:Plex Media Server] -> [2012/12/03 23:58:50 | 003,795,688 | ---- | M] (Plex, Inc.)
"C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe" -> C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe [C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe:*:Enabled:Plex DLNA Server] -> [2012/12/03 23:58:52 | 001,491,688 | ---- | M] (Plex, Inc.)
"C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe" -> C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe [C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe:*:Enabled:Plex Scripting Host] -> [2012/12/03 23:58:54 | 000,033,512 | ---- | M] ()
"C:\Program Files\Spotify\spotify.exe" -> C:\Program Files\Spotify\spotify.exe [C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify] -> [2013/01/05 10:20:42 | 007,880,664 | ---- | M] (Spotify Ltd)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2012/06/10 00:54:19 | 000,880,528 | ---- | M] (BitTorrent, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008/08/20 16:41:44 | 000,000,050 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
"Automatic LiveUpdate Scheduler" -> -> 
"LiveUpdate" -> -> 
"MemeoBackgroundService" -> -> 
"Symantec RemoteAssist" -> -> 
"WinDefend" -> -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe -> [2013/01/20 11:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.)
C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe -> [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk ->  -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Networking Utility.lnk -> C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe -> [2008/04/11 17:43:04 | 001,454,080 | ---- | M] (Belkin)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk -> Reg Error: Value error. -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk -> Reg Error: Value error. -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 8.1 PE.lnk -> C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -> [2012/01/12 11:50:00 | 000,229,000 | ---- | M] (Panasonic Corporation)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe -> [2009/01/30 19:36:14 | 000,044,176 | ---- | M] (Panasonic Corporation)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk -> C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe -> [2012/12/27 21:48:29 | 000,603,504 | R--- | M] (Microsoft Corporation)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE -> [2006/11/21 10:00:00 | 000,389,120 | ---- | M] (WinZip Computing LP)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2013/01/25 18:35:08 | 001,248,208 | ---- | M] (Google Inc.)
Acrobat Assistant 8.0 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe -> [2008/10/14 20:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.)
Adobe_ID0EYTHM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe -> [2007/03/20 12:40:44 | 001,884,160 | ---- | M] (Adobe Systems Incorporated)
CanonSolutionMenu hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe -> [2009/09/03 17:43:00 | 000,767,312 | ---- | M] (CANON INC.)
ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
FreeScreenSharing hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Administrator\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe -> [2011/11/22 01:57:16 | 002,204,488 | ---- | M] ()
Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2011/07/28 19:59:15 | 000,136,176 | ---- | M] (Google Inc.)
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2012/12/12 13:57:10 | 000,152,544 | ---- | M] (Apple Inc.)
Jing hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\TechSmith\Jing\Jing.exe -> [2012/02/01 13:18:14 | 002,918,224 | ---- | M] (TechSmith Corporation)
Malwarebytes' Anti-Malware hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe -> [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation)
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2012/10/25 03:12:14 | 000,421,888 | ---- | M] (Apple Inc.)
Skype hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Skype\Phone\Skype.exe -> [2013/01/08 12:59:26 | 018,705,664 | R--- | M] (Skype Technologies S.A.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2012/07/03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.)
SUPERAntiSpyware hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2012/11/08 20:55:25 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com)
UpdReg hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\Updreg.EXE -> [2000/05/11 00:00:00 | 000,090,112 | ---- | M] (Creative Technology Ltd.)
WD Drive Manager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe -> [2008/01/30 03:50:26 | 000,438,272 | ---- | M] (WDC)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 2/14/2013 1:54:33 PM Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100 -> Description = ERROR: handle_resolve_request bad interfaceIndex 17
Application [ Error ] 2/14/2013 1:54:33 PM Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100 -> Description = ERROR: handle_resolve_request bad interfaceIndex 18
Application [ Error ] 2/14/2013 1:54:33 PM Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100 -> Description = ERROR: handle_resolve_request bad interfaceIndex 19
Application [ Error ] 2/14/2013 1:54:33 PM Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100 -> Description = ERROR: handle_resolve_request bad interfaceIndex 20
Application [ Error ] 2/14/2013 1:54:33 PM Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100 -> Description = ERROR: handle_resolve_request bad interfaceIndex 21
Application [ Error ] 2/14/2013 1:54:33 PM Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100 -> Description = ERROR: handle_resolve_request bad interfaceIndex 22
Application [ Error ] 2/14/2013 1:54:33 PM Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100 -> Description = ERROR: handle_resolve_request bad interfaceIndex 23
Application [ Error ] 2/14/2013 1:54:33 PM Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100 -> Description = ERROR: handle_resolve_request bad interfaceIndex 24
Application [ Error ] 2/15/2013 5:10:27 AM Computer Name = BS-TOWER | Source = MSSConnectorService | ID = 0 -> Description = The operation has timed out   at System.Net.HttpWebRequest.GetResponse()     at MSSConnectorService.MSSLongPoller.Poll()
Application [ Error ] 2/15/2013 5:11:31 AM Computer Name = BS-TOWER | Source = MSSConnectorService | ID = 0 -> Description = The operation has timed out   at System.Net.HttpWebRequest.GetResponse()     at MSSConnectorService.MSSLongPoller.Poll()
OSession [ Error ] 4/13/2011 3:38:30 PM Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1316 seconds with 120 seconds of active time.  This session ended with a crash.
OSession [ Error ] 4/25/2011 12:36:40 AM Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 92451 seconds with 660 seconds of active time.  This session ended with a crash.
OSession [ Error ] 4/26/2011 9:46:01 PM Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 73250 seconds with 3900 seconds of active time.  This session ended with a crash.
OSession [ Error ] 9/5/2011 7:56:37 PM Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 504806 seconds with 40020 seconds of active time.  This session ended with a crash.
OSession [ Error ] 10/12/2011 5:29:07 PM Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 84 seconds with 60 seconds of active time.  This session ended with a crash.
OSession [ Error ] 11/30/2011 1:32:30 PM Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 198507 seconds with 3540 seconds of active time.  This session ended with a crash.
OSession [ Error ] 12/9/2011 12:13:17 PM Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 235813 seconds with 1020 seconds of active time.  This session ended with a crash.
OSession [ Error ] 2/2/2012 4:14:33 PM Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 439294 seconds with 28440 seconds of active time.  This session ended with a crash.
OSession [ Error ] 2/26/2012 5:05:30 PM Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12019 seconds with 600 seconds of active time.  This session ended with a crash.
OSession [ Error ] 11/3/2012 12:32:25 AM Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5673 seconds with 0 seconds of active time.  This session ended with a crash.
System [ Error ] 2/5/2013 6:23:11 AM Computer Name = BS-TOWER | Source = iastor | ID = 262153 -> Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period.
System [ Error ] 2/5/2013 11:21:05 AM Computer Name = BS-TOWER | Source = iastor | ID = 262153 -> Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period.
System [ Error ] 2/5/2013 11:21:05 AM Computer Name = BS-TOWER | Source = iastor | ID = 262153 -> Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period.
System [ Error ] 2/8/2013 8:28:34 PM Computer Name = BS-TOWER | Source = System Error | ID = 1003 -> Description = Error code c000021a, parameter1 e3e53c00, parameter2 c0000006, parameter3 7e7b11ea, parameter4 0053be78.
System [ Error ] 2/9/2013 6:23:42 PM Computer Name = BS-TOWER | Source = Print | ID = 19 -> Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.
System [ Error ] 2/13/2013 8:39:48 AM Computer Name = BS-TOWER | Source = Print | ID = 19 -> Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.
 
[Files/Folders - Created Within 30 Days]
 RINGTONES -> C:\Documents and Settings\Administrator\My Documents\RINGTONES -> [2013/02/13 16:40:50 | 000,000,000 | ---D | C]
 Skype -> C:\Program Files\Common Files\Skype -> [2013/02/13 09:01:39 | 000,000,000 | ---D | C]
 Skype -> C:\Documents and Settings\All Users\Start Menu\Programs\Skype -> [2013/02/13 09:01:39 | 000,000,000 | ---D | C]
 Skype -> C:\Program Files\Skype -> [2013/02/13 09:01:36 | 000,000,000 | R--D | C]
 Recent -> C:\Documents and Settings\Administrator\Recent -> [2013/02/13 05:41:13 | 000,000,000 | RH-D | C]
 OTL.exe -> C:\Documents and Settings\Administrator\Desktop\OTL.exe -> [2013/02/12 13:36:35 | 000,602,112 | ---- | C] (OldTimer Tools)
 RECYCLER -> C:\RECYCLER -> [2013/02/11 15:51:34 | 000,000,000 | -HSD | C]
 Performance -> C:\WINDOWS\Performance -> [2013/02/09 16:32:22 | 000,000,000 | ---D | C]
 Microsoft Corporation -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation -> [2013/02/09 16:32:12 | 000,000,000 | ---D | C]
 Microsoft Windows 7 Upgrade Advisor -> C:\Program Files\Microsoft Windows 7 Upgrade Advisor -> [2013/02/09 16:31:33 | 000,000,000 | ---D | C]
 i8042prt.sys -> C:\WINDOWS\System32\dllcache\i8042prt.sys -> [2013/02/09 14:21:16 | 000,052,480 | ---- | C] (Microsoft Corporation)
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2013/02/09 14:01:27 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2013/02/09 14:01:27 | 000,406,528 | ---- | C] (SteelWerX)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2013/02/09 14:01:27 | 000,212,480 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2013/02/09 14:01:27 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2013/02/09 13:58:10 | 000,000,000 | ---D | C]
 erdnt -> C:\WINDOWS\erdnt -> [2013/02/09 13:57:49 | 000,000,000 | ---D | C]
 puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2013/02/09 13:53:58 | 005,030,592 | R--- | C] (Swearware)
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2013/02/05 07:52:57 | 000,262,560 | ---- | C] (Oracle Corporation)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2013/02/05 07:52:47 | 000,174,496 | ---- | C] (Oracle Corporation)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2013/02/05 07:52:47 | 000,174,496 | ---- | C] (Oracle Corporation)
 WindowsAccessBridge.dll -> C:\WINDOWS\System32\WindowsAccessBridge.dll -> [2013/02/05 07:52:47 | 000,094,112 | ---- | C] (Oracle Corporation)
 winrm -> C:\WINDOWS\System32\winrm -> [2013/02/04 13:49:31 | 000,000,000 | ---D | C]
 $968930Uinstall_KB968930$ -> C:\WINDOWS\$968930Uinstall_KB968930$ -> [2013/02/04 13:49:22 | 000,000,000 | -H-D | C]
 Windows Desktop Search -> C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search -> [2013/02/04 13:49:09 | 000,000,000 | ---D | C]
 PSTools -> C:\PSTools -> [2013/02/02 14:05:19 | 000,000,000 | ---D | C]
 Foxit Reader -> C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader -> [2013/01/24 06:26:21 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500UA.job -> [2013/02/15 09:43:00 | 000,000,996 | ---- | M] ()
 Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2013/02/15 09:11:00 | 000,000,830 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2013/02/15 09:09:00 | 000,000,886 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2013/02/15 07:09:00 | 000,000,882 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500Core.job -> [2013/02/14 16:43:00 | 000,000,944 | ---- | M] ()
 Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2013/02/13 09:01:39 | 000,001,878 | ---- | M] ()
 Windows Home Server.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk -> [2013/02/13 04:50:23 | 000,002,299 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2013/02/13 04:49:34 | 000,002,206 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2013/02/13 04:49:13 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2013/02/13 04:49:09 | 3487,150,080 | -HS- | M] ()
 FlashPlayerApp.exe -> C:\WINDOWS\System32\FlashPlayerApp.exe -> [2013/02/13 04:43:27 | 000,691,568 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2013/02/13 04:43:27 | 000,071,024 | ---- | M] (Adobe Systems Incorporated)
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2013/02/13 04:10:07 | 001,730,544 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2013/02/13 03:34:51 | 000,527,092 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2013/02/13 03:34:51 | 000,096,822 | ---- | M] ()
 OTL.exe -> C:\Documents and Settings\Administrator\Desktop\OTL.exe -> [2013/02/12 13:36:36 | 000,602,112 | ---- | M] (OldTimer Tools)
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2013/02/11 07:12:01 | 000,000,284 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2013/02/10 19:05:52 | 000,000,027 | ---- | M] ()
 Windows 7 Upgrade Advisor.lnk -> C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk -> [2013/02/09 16:31:34 | 000,001,862 | ---- | M] ()
 puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2013/02/09 13:54:17 | 005,030,592 | R--- | M] (Swearware)
 boot.ini -> C:\boot.ini -> [2013/02/08 16:28:10 | 000,000,282 | -HS- | M] ()
 WindowsAccessBridge.dll -> C:\WINDOWS\System32\WindowsAccessBridge.dll -> [2013/02/05 07:52:34 | 000,094,112 | ---- | M] (Oracle Corporation)
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2013/02/05 07:52:31 | 000,262,560 | ---- | M] (Oracle Corporation)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2013/02/05 07:52:31 | 000,174,496 | ---- | M] (Oracle Corporation)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2013/02/05 07:52:31 | 000,174,496 | ---- | M] (Oracle Corporation)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2013/02/05 07:52:31 | 000,143,872 | ---- | M] (Oracle Corporation)
 npDeployJava1.dll -> C:\WINDOWS\System32\npDeployJava1.dll -> [2013/02/05 07:52:30 | 000,861,088 | ---- | M] (Oracle Corporation)
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2013/02/05 07:52:30 | 000,782,240 | ---- | M] (Oracle Corporation)
 Install USB2.0 Driver.zip.lnk -> C:\Documents and Settings\Administrator\Desktop\Install USB2.0 Driver.zip.lnk -> [2013/02/04 14:22:48 | 000,000,876 | ---- | M] ()
 Windows Search.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> [2013/02/04 13:48:34 | 000,001,787 | ---- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2013/01/31 12:40:28 | 000,002,362 | ---- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk -> [2013/01/31 12:40:28 | 000,002,344 | ---- | M] ()
 MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2013/01/30 02:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation)
 ss.ini -> C:\Documents and Settings\All Users\Application Data\ss.ini -> [2013/01/29 16:06:13 | 000,001,534 | ---- | M] ()
 oleaut32.dll -> C:\WINDOWS\System32\dllcache\oleaut32.dll -> [2013/01/25 19:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation)
 Eurosti.TTF -> C:\Eurosti.TTF -> [2013/01/25 15:54:16 | 000,043,704 | ---- | M] ()
 Eurostib.TTF -> C:\Eurostib.TTF -> [2013/01/25 15:53:50 | 000,044,304 | ---- | M] ()
 erosyt.ttf -> C:\erosyt.ttf -> [2013/01/25 15:52:56 | 000,053,980 | ---- | M] ()
 Foxit Reader.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk -> [2013/01/24 06:26:22 | 000,000,809 | ---- | M] ()
 Foxit Reader.lnk -> C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk -> [2013/01/24 06:26:22 | 000,000,791 | ---- | M] ()
 Dropbox.lnk -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk -> [2013/01/23 20:07:40 | 000,001,032 | ---- | M] ()
 Dropbox.lnk -> C:\Documents and Settings\Administrator\Desktop\Dropbox.lnk -> [2013/01/23 20:07:25 | 000,001,032 | ---- | M] ()
 7 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 56 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> 
 56 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> 
 
[Files - No Company Name]
 Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2013/02/13 09:01:39 | 000,001,878 | ---- | C] ()
 Windows 7 Upgrade Advisor.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk -> [2013/02/09 16:31:34 | 000,001,868 | ---- | C] ()
 Windows 7 Upgrade Advisor.lnk -> C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk -> [2013/02/09 16:31:34 | 000,001,862 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2013/02/09 14:01:27 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2013/02/09 14:01:27 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2013/02/09 14:01:27 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2013/02/09 14:01:27 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2013/02/09 14:01:27 | 000,068,096 | ---- | C] ()
 Install USB2.0 Driver.zip.lnk -> C:\Documents and Settings\Administrator\Desktop\Install USB2.0 Driver.zip.lnk -> [2013/02/04 14:22:48 | 000,000,876 | ---- | C] ()
 Windows Search.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> [2013/02/04 13:48:34 | 000,001,787 | ---- | C] ()
 Windows Search.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk -> [2013/02/04 13:48:33 | 000,001,803 | ---- | C] ()
 erosyt.ttf -> C:\erosyt.ttf -> [2013/01/25 15:56:54 | 000,053,980 | ---- | C] ()
 Eurostib.TTF -> C:\Eurostib.TTF -> [2013/01/25 15:56:52 | 000,044,304 | ---- | C] ()
 Eurosti.TTF -> C:\Eurosti.TTF -> [2013/01/25 15:56:49 | 000,043,704 | ---- | C] ()
 BANTExt.sys -> C:\WINDOWS\System32\drivers\BANTExt.sys -> [2012/12/26 09:28:32 | 000,003,840 | ---- | C] ()
 AirfoilInject3.dll -> C:\WINDOWS\System32\AirfoilInject3.dll -> [2012/12/18 11:58:08 | 000,163,584 | ---- | C] ()
 File Renamer - Basic Uninstaller.exe -> C:\WINDOWS\File Renamer - Basic Uninstaller.exe -> [2012/11/18 14:21:13 | 000,121,254 | ---- | C] ()
 sbwin.ini -> C:\WINDOWS\sbwin.ini -> [2012/11/04 17:16:55 | 000,000,070 | ---- | C] ()
 vlc-2.0.2-win32.exe -> C:\Program Files\vlc-2.0.2-win32.exe -> [2012/10/15 13:56:26 | 022,657,136 | ---- | C] ()
 spwdr.INI -> C:\WINDOWS\spwdr.INI -> [2012/09/10 10:21:07 | 000,000,213 | ---- | C] ()
 Crypkey.ini -> C:\WINDOWS\Crypkey.ini -> [2012/09/10 10:20:13 | 000,000,071 | ---- | C] ()
 Setup_ck.exe -> C:\WINDOWS\Setup_ck.exe -> [2012/09/10 10:20:10 | 000,027,648 | R--- | C] ()
 Ckldrv.sys -> C:\WINDOWS\System32\Ckldrv.sys -> [2012/09/10 10:20:10 | 000,019,584 | ---- | C] ()
 Setup_ck.dll -> C:\WINDOWS\Setup_ck.dll -> [2012/09/10 10:20:10 | 000,018,432 | ---- | C] ()
 Ckrfresh.exe -> C:\WINDOWS\Ckrfresh.exe -> [2012/09/10 10:20:10 | 000,011,776 | ---- | C] ()
 StarOpen.sys -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2012/08/11 12:58:16 | 000,005,504 | ---- | C] ()
 WPFFontCache_v0400-S-1-5-21-73586283-1993962763-839522115-500-0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-73586283-1993962763-839522115-500-0.dat -> [2012/02/17 20:30:44 | 001,208,078 | ---- | C] ()
 WPFFontCache_v0400-System.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat -> [2012/02/17 20:30:44 | 000,484,110 | ---- | C] ()
 iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/15 13:35:19 | 000,003,072 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat -> [2011/10/25 17:34:08 | 000,000,136 | ---- | C] ()
 Unwise.exe -> C:\WINDOWS\Unwise.exe -> [2011/10/25 16:19:39 | 000,127,184 | ---- | C] ()
 DEL_AH1.EXE -> C:\WINDOWS\DEL_AH1.EXE -> [2011/10/25 09:23:51 | 000,127,184 | ---- | C] ()
 setup_ldm.iss -> C:\Documents and Settings\Administrator\Application Data\setup_ldm.iss -> [2011/07/28 09:48:18 | 000,000,760 | ---- | C] ()
 ss.ini -> C:\Documents and Settings\All Users\Application Data\ss.ini -> [2011/05/12 10:51:33 | 000,001,534 | ---- | C] ()
 Tab Separated Values (Windows).EML -> C:\Documents and Settings\Administrator\Application Data\Tab Separated Values (Windows).EML -> [2011/04/13 12:05:51 | 000,009,436 | ---- | C] ()
 Comma Separated Values (Windows).EML -> C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).EML -> [2011/04/13 11:36:45 | 000,009,434 | ---- | C] ()
 Microsoft Excel 97-2003.EML -> C:\Documents and Settings\Administrator\Application Data\Microsoft Excel 97-2003.EML -> [2011/04/13 11:06:01 | 000,009,418 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\Desktop\George Skarpelos- I Won't Stand as a Martyr_Radio edit.mp3:Roxio EMC Stream
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\2675151680.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\file406.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\IMG_0941123.JPG:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\IMG_1125.JPG:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\Olivia Butterfly.JPG:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\olivia haute coture_EDITED.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\Olivia Ramp model_EDITED.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\Olivia the Rocker Angus Young.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\Picture 029.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\running downhill_2862_EDITED.jpg:$DEPRIMARY
< End of report >
```


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YN -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\6j5zsw01.default\prefs.js
YN -> browser.search.defaultthis.engineName -> "Freecorder Customized Web Search"
YN -> browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
YN -> browser.search.selectedEngine -> "Freecorder Customized Web Search"
YN -> browser.startup.homepage -> "http://search.conduit.com/?ctid=CT1060933&SearchSource=13"
YN -> keyword.URL -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q="
< FireFox Extensions [User Folders] > -> 
YY -> Freecorder Community Toolbar   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
< FireFox SearchPlugins [User Folders] > -> 
YY ->  conduit.xml -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\6j5zsw01.default\searchplugins\conduit.xml
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {465E08E7-F005-4389-980F-1D8764B3486C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\] > -> HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{724D43A0-0D85-11D4-9908-00400523E39A}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\] > -> HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab [Reg Error: Value error.]
YN -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.]
YN -> {E705A591-DA3C-4228-B0D5-A356DBA42FBF} [HKLM] -> http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab [Reg Error: Key error.]
YN -> {F6ACF75C-C32C-447B-9BEF-46B766368D29} [HKLM] -> http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
YN -> "Automatic LiveUpdate Scheduler" -> 
YN -> "LiveUpdate" -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> 
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk -> Reg Error: Value error.
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk -> Reg Error: Value error.
[Files/Folders - Modified Within 30 Days]
NY ->  7 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY ->  56 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp
NY ->  56 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## bsacco (Jun 12, 2003)

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Prefs.js: "Freecorder Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Freecorder Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/?ctid=CT1060933&SearchSource=13" removed from browser.startup.homepage
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=" removed from keyword.URL
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\Plugins folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\6j5zsw01.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465E08E7-F005-4389-980F-1D8764B3486C}\ not found.
Registry value HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry value HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry value HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ not found.
Registry value HKEY_USERS\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\Contains\Files\ not found.
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E705A591-DA3C-4228-B0D5-A356DBA42FBF}
C:\WINDOWS\Downloaded Program Files\CTSUEng.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E705A591-DA3C-4228-B0D5-A356DBA42FBF}\ not found.
Starting removal of ActiveX control {F6ACF75C-C32C-447B-9BEF-46B766368D29}
C:\WINDOWS\Downloaded Program Files\CTPID.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
[Registry - Additional Scans - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\\Automatic LiveUpdate Scheduler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\\LiveUpdate deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk\ deleted successfully.
File C:\WINDOWS\pss\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk\ deleted successfully.
File C:\WINDOWS\pss\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk\ deleted successfully.
File C:\WINDOWS\pss\ not found.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\Temp\SKY117D.tmp deleted successfully.
C:\WINDOWS\Temp\Tmp1.tmp deleted successfully.
C:\WINDOWS\Temp\Tmp2.tmp deleted successfully.
C:\WINDOWS\Temp\Tmp3.tmp deleted successfully.
C:\WINDOWS\Temp\Tmp4.tmp deleted successfully.
C:\WINDOWS\Temp\Tmp5.tmp deleted successfully.
C:\WINDOWS\Temp\Tmp6.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\%%%7BAD.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp3F56.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp3F57.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp3F58.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp3F59.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp3F5A.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp404A.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt10.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt11.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt12.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt13.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt14.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt1445.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt1446.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt1447.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt1448.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt1449.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt144A.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt15.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt16.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt17.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt18.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt19.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt1A.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt1B.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt1C.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt1D.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt1E.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt1F.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt20.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt21.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt22.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt23.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt24.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt25.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt26.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt29FC.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt29FD.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt29FE.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt29FF.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt2A00.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt2A01.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt3.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt330F.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt3310.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt3311.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt3312.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt3313.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt3314.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt4.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt5.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt6.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt7.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt7D15.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt7D16.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt7D17.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt7D18.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt7D19.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt7D1A.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt8.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\utt9.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\uttA.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\uttB.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\uttC.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\uttD.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\uttE.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\uttF.tmp deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA0F3.tmp deleted successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 16579122 bytes
->Temporary Internet Files folder emptied: 13558910 bytes
->Java cache emptied: 1758129 bytes
->FireFox cache emptied: 71570684 bytes
->Google Chrome cache emptied: 392563573 bytes
->Flash cache emptied: 867 bytes

User: All Users

User: bsacco
->Temp folder emptied: 72146236 bytes
->Temporary Internet Files folder emptied: 63033289 bytes
->Java cache emptied: 132670 bytes
->FireFox cache emptied: 86362017 bytes
->Flash cache emptied: 7139 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes
->Google Chrome cache emptied: 819568 bytes

User: NetworkService
->Temp folder emptied: 30328 bytes
->Temporary Internet Files folder emptied: 669157 bytes

User: TEST
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 13341 bytes
->FireFox cache emptied: 85595881 bytes
->Flash cache emptied: 44085 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 164641 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 30804764 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 48469977 bytes

Total Files Cleaned = 843.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: bsacco
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: TEST
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: bsacco
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: TEST
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02162013_221856

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## bsacco (Jun 12, 2003)

next steps?


----------



## Cookiegal (Aug 27, 2003)

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## bsacco (Jun 12, 2003)

# AdwCleaner v2.112 - Logfile created 02/17/2013 at 08:43:08
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : bsacco - BS-TOWER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Administrator\Application Data\Billeo
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\ConduitCommon
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Billeo
Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FreeRIP3

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Billeo
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKU\S-1-5-21-73586283-1993962763-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKU\S-1-5-21-73586283-1993962763-839522115-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

Found : user_pref("CT1060933..clientLogIsEnabled", false);
Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1060933.AppTrackingLastCheckTime", "Fri Jul 13 2012 11:15:00 GMT-0700 (Pacific Daylight[...]
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Found : user_pref("CT1060933.CTID", "CT1060933");
Found : user_pref("CT1060933.CurrentServerDate", "21-1-2013");
Found : user_pref("CT1060933.DSInstall", true);
Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standa[...]
Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Found : user_pref("CT1060933.FirstServerDate", "5-2-2012");
Found : user_pref("CT1060933.FirstTime", true);
Found : user_pref("CT1060933.FirstTimeFF3", true);
Found : user_pref("CT1060933.FixPageNotFoundErrors", true);
Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1060933.HPInstall", true);
Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Found : user_pref("CT1060933.HomePageProtectorEnabled", true);
Found : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=[...]
Found : user_pref("CT1060933.Initialize", true);
Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1060933.InstallationId", "ConduitNSISIntegration");
Found : user_pref("CT1060933.InstallationType", "ConduitXPEIntegration");
Found : user_pref("CT1060933.InstalledDate", "Sat Feb 04 2012 19:55:50 GMT-0800 (Pacific Standard Time)");
Found : user_pref("CT1060933.InvalidateCache", false);
Found : user_pref("CT1060933.IsAlertDBUpdated", true);
Found : user_pref("CT1060933.IsGrouping", false);
Found : user_pref("CT1060933.IsInitSetupIni", true);
Found : user_pref("CT1060933.IsMulticommunity", false);
Found : user_pref("CT1060933.IsOpenThankYouPage", false);
Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Found : user_pref("CT1060933.IsProtectorsInit", true);
Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standar[...]
Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Thu Jul 19 2012 15:04:51 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.14.1.0", "Fri Oct 05 2012 16:56:39 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.15.1.0", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standard Time)[...]
Found : user_pref("CT1060933.LastLogin_3.9.0.3", "Tue Jun 05 2012 20:43:26 GMT-0700 (Pacific Daylight Time)"[...]
Found : user_pref("CT1060933.LatestVersion", "3.15.1.0");
Found : user_pref("CT1060933.Locale", "en-us");
Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1060933.OriginalFirstVersion", "3.9.0.3");
Found : user_pref("CT1060933.RadioIsPodcast", false);
Found : user_pref("CT1060933.RadioLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standard Time)[...]
Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Found : user_pref("CT1060933.RadioMediaID", "21504191");
Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Found : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Found : user_pref("CT1060933.RadioStationName", "KFOG");
Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Found : user_pref("CT1060933.SavedHomepage", "www.google.com");
Found : user_pref("CT1060933.SearchCaption", "Freecorder Customized Web Search");
Found : user_pref("CT1060933.SearchEngineBeforeUnload", "Freecorder Customized Web Search");
Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Stand[...]
Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1060933.SearchProtectorEnabled", true);
Found : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT1060933.SendProtectorDataViaLogin", true);
Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Standard [...]
Found : user_pref("CT1060933.SettingsLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Standard Ti[...]
Found : user_pref("CT1060933.SettingsLastUpdate", "1358751869");
Found : user_pref("CT1060933.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13");
Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Sta[...]
Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1060933.UserID", "UN48120648147610634");
Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Found : user_pref("CT1060933.alertChannelId", "15651");
Found : user_pref("CT1060933.autoDisableScopes", -1);
Found : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423");
Found : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6C6A6C6F6F736E70");
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737270727575797476242F4B4947[...]
Found : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj7fk;kg#[email protected]+vkn", "247E61393F236B25737471712A212C6[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317[...]
Found : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Found : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT1060933.backendstorage./[email protected]", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Found : user_pref("CT1060933.backendstorage./9b-0?3g>d", "683B3B6B6A7470437A74467745204C4C7A7E257A5225252A26[...]
Found : user_pref("CT1060933.backendstorage./[email protected]:5;", "");
Found : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT1060933.backendstorage./9b/556,bi5a>g", "6E6D6C716F6F73726E72737978");
Found : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;[email protected]", "6A696B7273747576");
Found : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Found : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6B3B6A3E407170737A737344454A4878797920204D");
Found : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D6C6A6C6F6F727777717177");
Found : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<l8daj", "6D7070707673757975702A7972727B77757B7E");
Found : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT1060933.backendstorage./[email protected]<0bi6a7gn:[email protected]?", "6E6B");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
Found : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT1060933.backendstorage.cb_user_id_000", "43423332363239383038383833335F46697265666F78")[...]
Found : user_pref("CT1060933.backendstorage.cbcountry_000", "5553");
Found : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");
Found : user_pref("CT1060933.backendstorage.cbfirsttime", "5361742046656220303420323031322031393A35353A35342[...]
Found : user_pref("CT1060933.backendstorage.cbopenmamsettings", "30");
Found : user_pref("CT1060933.backendstorage.pg_enable", "74727565");
Found : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "547565204F637420303920323031322031343A[...]
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Found : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F7777772E61646461746165787072657[...]
Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific [...]
Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1060933.initDone", true);
Found : user_pref("CT1060933.isAppTrackingManagerOn", false);
Found : user_pref("CT1060933.isFirstRadioInstallation", false);
Found : user_pref("CT1060933.myStuffEnabled", true);
Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1060933.oldAppsList", "128346981843587669,128280995260143876,111,129272674122038321,129[...]
Found : user_pref("CT1060933.revertSettingsEnabled", false);
Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Found : user_pref("CT1060933.testingCtid", "");
Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific S[...]
Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific S[...]
Found : user_pref("CT1060933.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1060933&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "Freecorder Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4bab8194&[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT1060933");
Found : user_pref("CommunityToolbar.globalUserId", "24c39b8b-4c3c-497f-a727-2eff40b5f1ab");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 21 2013 00:19:5[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jan 21 2013 00:20:05 GMT-080[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jan 21 2013 00:19:57 GMT-0800 (P[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "e6654573-be95-4abc-af0d-1f84bc598e19");
Found : user_pref("CommunityToolbar.originalHomepage", "www.google.com");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

Found : user_pref("CT1060933..clientLogIsEnabled", false);
Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1060933.AppTrackingLastCheckTime", "Fri Jul 13 2012 11:15:00 GMT-0700 (Pacific Daylight[...]
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Found : user_pref("CT1060933.CTID", "CT1060933");
Found : user_pref("CT1060933.CurrentServerDate", "21-1-2013");
Found : user_pref("CT1060933.DSInstall", true);
Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standa[...]
Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Found : user_pref("CT1060933.FirstServerDate", "5-2-2012");
Found : user_pref("CT1060933.FirstTime", true);
Found : user_pref("CT1060933.FirstTimeFF3", true);
Found : user_pref("CT1060933.FixPageNotFoundErrors", true);
Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1060933.HPInstall", true);
Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Found : user_pref("CT1060933.HomePageProtectorEnabled", true);
Found : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=[...]
Found : user_pref("CT1060933.Initialize", true);
Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1060933.InstallationId", "ConduitNSISIntegration");
Found : user_pref("CT1060933.InstallationType", "ConduitXPEIntegration");
Found : user_pref("CT1060933.InstalledDate", "Sat Feb 04 2012 19:55:50 GMT-0800 (Pacific Standard Time)");
Found : user_pref("CT1060933.InvalidateCache", false);
Found : user_pref("CT1060933.IsAlertDBUpdated", true);
Found : user_pref("CT1060933.IsGrouping", false);
Found : user_pref("CT1060933.IsInitSetupIni", true);
Found : user_pref("CT1060933.IsMulticommunity", false);
Found : user_pref("CT1060933.IsOpenThankYouPage", false);
Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Found : user_pref("CT1060933.IsProtectorsInit", true);
Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standar[...]
Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Thu Jul 19 2012 15:04:51 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.14.1.0", "Fri Oct 05 2012 16:56:39 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.15.1.0", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standard Time)[...]
Found : user_pref("CT1060933.LastLogin_3.9.0.3", "Tue Jun 05 2012 20:43:26 GMT-0700 (Pacific Daylight Time)"[...]
Found : user_pref("CT1060933.LatestVersion", "3.15.1.0");
Found : user_pref("CT1060933.Locale", "en-us");
Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1060933.OriginalFirstVersion", "3.9.0.3");
Found : user_pref("CT1060933.RadioIsPodcast", false);
Found : user_pref("CT1060933.RadioLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standard Time)[...]
Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Found : user_pref("CT1060933.RadioMediaID", "21504191");
Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Found : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Found : user_pref("CT1060933.RadioStationName", "KFOG");
Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Found : user_pref("CT1060933.SavedHomepage", "www.google.com");
Found : user_pref("CT1060933.SearchCaption", "Freecorder Customized Web Search");
Found : user_pref("CT1060933.SearchEngineBeforeUnload", "Freecorder Customized Web Search");
Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Stand[...]
Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1060933.SearchProtectorEnabled", true);
Found : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT1060933.SendProtectorDataViaLogin", true);
Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Standard [...]
Found : user_pref("CT1060933.SettingsLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Standard Ti[...]
Found : user_pref("CT1060933.SettingsLastUpdate", "1358751869");
Found : user_pref("CT1060933.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13");
Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Sta[...]
Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1060933.UserID", "UN48120648147610634");
Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Found : user_pref("CT1060933.alertChannelId", "15651");
Found : user_pref("CT1060933.autoDisableScopes", -1);
Found : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423");
Found : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6C6A6C6F6F736E70");
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737270727575797476242F4B4947[...]
Found : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj7fk;kg#[email protected]+vkn", "247E61393F236B25737471712A212C6[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317[...]
Found : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Found : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT1060933.backendstorage./[email protected]", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Found : user_pref("CT1060933.backendstorage./9b-0?3g>d", "683B3B6B6A7470437A74467745204C4C7A7E257A5225252A26[...]
Found : user_pref("CT1060933.backendstorage./[email protected]:5;", "");
Found : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT1060933.backendstorage./9b/556,bi5a>g", "6E6D6C716F6F73726E72737978");
Found : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;[email protected]", "6A696B7273747576");
Found : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Found : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6B3B6A3E407170737A737344454A4878797920204D");
Found : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D6C6A6C6F6F727777717177");
Found : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<l8daj", "6D7070707673757975702A7972727B77757B7E");
Found : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT1060933.backendstorage./[email protected]<0bi6a7gn:[email protected]?", "6E6B");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
Found : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT1060933.backendstorage.cb_user_id_000", "43423332363239383038383833335F46697265666F78")[...]
Found : user_pref("CT1060933.backendstorage.cbcountry_000", "5553");
Found : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");
Found : user_pref("CT1060933.backendstorage.cbfirsttime", "5361742046656220303420323031322031393A35353A35342[...]
Found : user_pref("CT1060933.backendstorage.cbopenmamsettings", "30");
Found : user_pref("CT1060933.backendstorage.pg_enable", "74727565");
Found : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "547565204F637420303920323031322031343A[...]
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Found : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F7777772E61646461746165787072657[...]
Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific [...]
Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1060933.initDone", true);
Found : user_pref("CT1060933.isAppTrackingManagerOn", false);
Found : user_pref("CT1060933.isFirstRadioInstallation", false);
Found : user_pref("CT1060933.myStuffEnabled", true);
Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1060933.oldAppsList", "128346981843587669,128280995260143876,111,129272674122038321,129[...]
Found : user_pref("CT1060933.revertSettingsEnabled", false);
Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Found : user_pref("CT1060933.testingCtid", "");
Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific S[...]
Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific S[...]
Found : user_pref("CT1060933.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1060933&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "Freecorder Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4bab8194&[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT1060933");
Found : user_pref("CommunityToolbar.globalUserId", "24c39b8b-4c3c-497f-a727-2eff40b5f1ab");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 21 2013 00:19:5[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jan 21 2013 00:20:05 GMT-080[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jan 21 2013 00:19:57 GMT-0800 (P[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "e6654573-be95-4abc-af0d-1f84bc598e19");
Found : user_pref("CommunityToolbar.originalHomepage", "www.google.com");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

Found : user_pref("CT1060933..clientLogIsEnabled", false);
Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1060933.AppTrackingLastCheckTime", "Fri Jul 13 2012 11:15:00 GMT-0700 (Pacific Daylight[...]
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Found : user_pref("CT1060933.CTID", "CT1060933");
Found : user_pref("CT1060933.CurrentServerDate", "21-1-2013");
Found : user_pref("CT1060933.DSInstall", true);
Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standa[...]
Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Found : user_pref("CT1060933.FirstServerDate", "5-2-2012");
Found : user_pref("CT1060933.FirstTime", true);
Found : user_pref("CT1060933.FirstTimeFF3", true);
Found : user_pref("CT1060933.FixPageNotFoundErrors", true);
Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1060933.HPInstall", true);
Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Found : user_pref("CT1060933.HomePageProtectorEnabled", true);
Found : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=[...]
Found : user_pref("CT1060933.Initialize", true);
Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1060933.InstallationId", "ConduitNSISIntegration");
Found : user_pref("CT1060933.InstallationType", "ConduitXPEIntegration");
Found : user_pref("CT1060933.InstalledDate", "Sat Feb 04 2012 19:55:50 GMT-0800 (Pacific Standard Time)");
Found : user_pref("CT1060933.InvalidateCache", false);
Found : user_pref("CT1060933.IsAlertDBUpdated", true);
Found : user_pref("CT1060933.IsGrouping", false);
Found : user_pref("CT1060933.IsInitSetupIni", true);
Found : user_pref("CT1060933.IsMulticommunity", false);
Found : user_pref("CT1060933.IsOpenThankYouPage", false);
Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Found : user_pref("CT1060933.IsProtectorsInit", true);
Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standar[...]
Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Thu Jul 19 2012 15:04:51 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.14.1.0", "Fri Oct 05 2012 16:56:39 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.15.1.0", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standard Time)[...]
Found : user_pref("CT1060933.LastLogin_3.9.0.3", "Tue Jun 05 2012 20:43:26 GMT-0700 (Pacific Daylight Time)"[...]
Found : user_pref("CT1060933.LatestVersion", "3.15.1.0");
Found : user_pref("CT1060933.Locale", "en-us");
Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1060933.OriginalFirstVersion", "3.9.0.3");
Found : user_pref("CT1060933.RadioIsPodcast", false);
Found : user_pref("CT1060933.RadioLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standard Time)[...]
Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Found : user_pref("CT1060933.RadioMediaID", "21504191");
Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Found : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Found : user_pref("CT1060933.RadioStationName", "KFOG");
Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Found : user_pref("CT1060933.SavedHomepage", "www.google.com");
Found : user_pref("CT1060933.SearchCaption", "Freecorder Customized Web Search");
Found : user_pref("CT1060933.SearchEngineBeforeUnload", "Freecorder Customized Web Search");
Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Stand[...]
Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1060933.SearchProtectorEnabled", true);
Found : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT1060933.SendProtectorDataViaLogin", true);
Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Standard [...]
Found : user_pref("CT1060933.SettingsLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Standard Ti[...]
Found : user_pref("CT1060933.SettingsLastUpdate", "1358751869");
Found : user_pref("CT1060933.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13");
Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Sta[...]
Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1060933.UserID", "UN48120648147610634");
Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Found : user_pref("CT1060933.alertChannelId", "15651");
Found : user_pref("CT1060933.autoDisableScopes", -1);
Found : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423");
Found : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6C6A6C6F6F736E70");
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737270727575797476242F4B4947[...]
Found : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj7fk;kg#[email protected]+vkn", "247E61393F236B25737471712A212C6[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317[...]
Found : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Found : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT1060933.backendstorage./[email protected]", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Found : user_pref("CT1060933.backendstorage./9b-0?3g>d", "683B3B6B6A7470437A74467745204C4C7A7E257A5225252A26[...]
Found : user_pref("CT1060933.backendstorage./[email protected]:5;", "");
Found : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT1060933.backendstorage./9b/556,bi5a>g", "6E6D6C716F6F73726E72737978");
Found : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;[email protected]", "6A696B7273747576");
Found : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Found : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6B3B6A3E407170737A737344454A4878797920204D");
Found : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D6C6A6C6F6F727777717177");
Found : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<l8daj", "6D7070707673757975702A7972727B77757B7E");
Found : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT1060933.backendstorage./[email protected]<0bi6a7gn:[email protected]?", "6E6B");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
Found : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT1060933.backendstorage.cb_user_id_000", "43423332363239383038383833335F46697265666F78")[...]
Found : user_pref("CT1060933.backendstorage.cbcountry_000", "5553");
Found : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");
Found : user_pref("CT1060933.backendstorage.cbfirsttime", "5361742046656220303420323031322031393A35353A35342[...]
Found : user_pref("CT1060933.backendstorage.cbopenmamsettings", "30");
Found : user_pref("CT1060933.backendstorage.pg_enable", "74727565");
Found : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "547565204F637420303920323031322031343A[...]
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Found : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F7777772E61646461746165787072657[...]
Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific [...]
Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1060933.initDone", true);
Found : user_pref("CT1060933.isAppTrackingManagerOn", false);
Found : user_pref("CT1060933.isFirstRadioInstallation", false);
Found : user_pref("CT1060933.myStuffEnabled", true);
Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1060933.oldAppsList", "128346981843587669,128280995260143876,111,129272674122038321,129[...]
Found : user_pref("CT1060933.revertSettingsEnabled", false);
Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Found : user_pref("CT1060933.testingCtid", "");
Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific S[...]
Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific S[...]
Found : user_pref("CT1060933.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1060933&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "Freecorder Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4bab8194&[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT1060933");
Found : user_pref("CommunityToolbar.globalUserId", "24c39b8b-4c3c-497f-a727-2eff40b5f1ab");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 21 2013 00:19:5[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jan 21 2013 00:20:05 GMT-080[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jan 21 2013 00:19:57 GMT-0800 (P[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "e6654573-be95-4abc-af0d-1f84bc598e19");
Found : user_pref("CommunityToolbar.originalHomepage", "www.google.com");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

Found : user_pref("CT1060933..clientLogIsEnabled", false);
Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1060933.AppTrackingLastCheckTime", "Fri Jul 13 2012 11:15:00 GMT-0700 (Pacific Daylight[...]
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Found : user_pref("CT1060933.CTID", "CT1060933");
Found : user_pref("CT1060933.CurrentServerDate", "21-1-2013");
Found : user_pref("CT1060933.DSInstall", true);
Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standa[...]
Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Found : user_pref("CT1060933.FirstServerDate", "5-2-2012");
Found : user_pref("CT1060933.FirstTime", true);
Found : user_pref("CT1060933.FirstTimeFF3", true);
Found : user_pref("CT1060933.FixPageNotFoundErrors", true);
Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1060933.HPInstall", true);
Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Found : user_pref("CT1060933.HomePageProtectorEnabled", true);
Found : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=[...]
Found : user_pref("CT1060933.Initialize", true);
Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1060933.InstallationId", "ConduitNSISIntegration");
Found : user_pref("CT1060933.InstallationType", "ConduitXPEIntegration");
Found : user_pref("CT1060933.InstalledDate", "Sat Feb 04 2012 19:55:50 GMT-0800 (Pacific Standard Time)");
Found : user_pref("CT1060933.InvalidateCache", false);
Found : user_pref("CT1060933.IsAlertDBUpdated", true);
Found : user_pref("CT1060933.IsGrouping", false);
Found : user_pref("CT1060933.IsInitSetupIni", true);
Found : user_pref("CT1060933.IsMulticommunity", false);
Found : user_pref("CT1060933.IsOpenThankYouPage", false);
Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Found : user_pref("CT1060933.IsProtectorsInit", true);
Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standar[...]
Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Thu Jul 19 2012 15:04:51 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.14.1.0", "Fri Oct 05 2012 16:56:39 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.15.1.0", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standard Time)[...]
Found : user_pref("CT1060933.LastLogin_3.9.0.3", "Tue Jun 05 2012 20:43:26 GMT-0700 (Pacific Daylight Time)"[...]
Found : user_pref("CT1060933.LatestVersion", "3.15.1.0");
Found : user_pref("CT1060933.Locale", "en-us");
Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1060933.OriginalFirstVersion", "3.9.0.3");
Found : user_pref("CT1060933.RadioIsPodcast", false);
Found : user_pref("CT1060933.RadioLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standard Time)[...]
Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Found : user_pref("CT1060933.RadioMediaID", "21504191");
Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Found : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Found : user_pref("CT1060933.RadioStationName", "KFOG");
Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Found : user_pref("CT1060933.SavedHomepage", "www.google.com");
Found : user_pref("CT1060933.SearchCaption", "Freecorder Customized Web Search");
Found : user_pref("CT1060933.SearchEngineBeforeUnload", "Freecorder Customized Web Search");
Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Stand[...]
Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1060933.SearchProtectorEnabled", true);
Found : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT1060933.SendProtectorDataViaLogin", true);
Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Standard [...]
Found : user_pref("CT1060933.SettingsLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Standard Ti[...]
Found : user_pref("CT1060933.SettingsLastUpdate", "1358751869");
Found : user_pref("CT1060933.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13");
Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Sta[...]
Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1060933.UserID", "UN48120648147610634");
Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Found : user_pref("CT1060933.alertChannelId", "15651");
Found : user_pref("CT1060933.autoDisableScopes", -1);
Found : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423");
Found : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6C6A6C6F6F736E70");
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737270727575797476242F4B4947[...]
Found : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj7fk;kg#[email protected]+vkn", "247E61393F236B25737471712A212C6[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317[...]
Found : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Found : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT1060933.backendstorage./[email protected]", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Found : user_pref("CT1060933.backendstorage./9b-0?3g>d", "683B3B6B6A7470437A74467745204C4C7A7E257A5225252A26[...]
Found : user_pref("CT1060933.backendstorage./[email protected]:5;", "");
Found : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT1060933.backendstorage./9b/556,bi5a>g", "6E6D6C716F6F73726E72737978");
Found : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;[email protected]", "6A696B7273747576");
Found : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Found : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6B3B6A3E407170737A737344454A4878797920204D");
Found : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D6C6A6C6F6F727777717177");
Found : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<l8daj", "6D7070707673757975702A7972727B77757B7E");
Found : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT1060933.backendstorage./[email protected]<0bi6a7gn:[email protected]?", "6E6B");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
Found : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT1060933.backendstorage.cb_user_id_000", "43423332363239383038383833335F46697265666F78")[...]
Found : user_pref("CT1060933.backendstorage.cbcountry_000", "5553");
Found : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");
Found : user_pref("CT1060933.backendstorage.cbfirsttime", "5361742046656220303420323031322031393A35353A35342[...]
Found : user_pref("CT1060933.backendstorage.cbopenmamsettings", "30");
Found : user_pref("CT1060933.backendstorage.pg_enable", "74727565");
Found : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "547565204F637420303920323031322031343A[...]
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Found : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F7777772E61646461746165787072657[...]
Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific [...]
Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1060933.initDone", true);
Found : user_pref("CT1060933.isAppTrackingManagerOn", false);
Found : user_pref("CT1060933.isFirstRadioInstallation", false);
Found : user_pref("CT1060933.myStuffEnabled", true);
Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1060933.oldAppsList", "128346981843587669,128280995260143876,111,129272674122038321,129[...]
Found : user_pref("CT1060933.revertSettingsEnabled", false);
Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Found : user_pref("CT1060933.testingCtid", "");
Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific S[...]
Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific S[...]
Found : user_pref("CT1060933.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1060933&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "Freecorder Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4bab8194&[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT1060933");
Found : user_pref("CommunityToolbar.globalUserId", "24c39b8b-4c3c-497f-a727-2eff40b5f1ab");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 21 2013 00:19:5[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jan 21 2013 00:20:05 GMT-080[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jan 21 2013 00:19:57 GMT-0800 (P[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "e6654573-be95-4abc-af0d-1f84bc598e19");
Found : user_pref("CommunityToolbar.originalHomepage", "www.google.com");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [83478 octets] - [17/02/2013 08:43:08]

########## EOF - C:\AdwCleaner[R1].txt - [83539 octets] ##########


----------



## bsacco (Jun 12, 2003)

wow! the log file is jammed with all kinds of crap...kinda scary. What are the next steps?


----------



## Cookiegal (Aug 27, 2003)

There's a lot of junk that gets installed with other applications.

Please run AdwCleaner again and this time select the "delete" option. The machine should reboot. Please post the resulting log.


----------



## bsacco (Jun 12, 2003)

# AdwCleaner v2.112 - Logfile created 02/17/2013 at 11:07:55
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : bsacco - BS-TOWER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Billeo
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Billeo
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FreeRIP3

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Billeo
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKU\S-1-5-21-73586283-1993962763-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\user.js ... Deleted !

Deleted : user_pref("CT1060933..clientLogIsEnabled", false);
Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1060933.AppTrackingLastCheckTime", "Fri Jul 13 2012 11:15:00 GMT-0700 (Pacific Daylight[...]
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Deleted : user_pref("CT1060933.CTID", "CT1060933");
Deleted : user_pref("CT1060933.CurrentServerDate", "21-1-2013");
Deleted : user_pref("CT1060933.DSInstall", true);
Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standa[...]
Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Deleted : user_pref("CT1060933.FirstServerDate", "5-2-2012");
Deleted : user_pref("CT1060933.FirstTime", true);
Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Deleted : user_pref("CT1060933.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1060933.HPInstall", true);
Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
Deleted : user_pref("CT1060933.HomePageProtectorEnabled", true);
Deleted : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=[...]
Deleted : user_pref("CT1060933.Initialize", true);
Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1060933.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT1060933.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT1060933.InstalledDate", "Sat Feb 04 2012 19:55:50 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT1060933.InvalidateCache", false);
Deleted : user_pref("CT1060933.IsAlertDBUpdated", true);
Deleted : user_pref("CT1060933.IsGrouping", false);
Deleted : user_pref("CT1060933.IsInitSetupIni", true);
Deleted : user_pref("CT1060933.IsMulticommunity", false);
Deleted : user_pref("CT1060933.IsOpenThankYouPage", false);
Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
Deleted : user_pref("CT1060933.IsProtectorsInit", true);
Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standar[...]
Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1060933.LastLogin_3.13.0.6", "Thu Jul 19 2012 15:04:51 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.14.1.0", "Fri Oct 05 2012 16:56:39 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.15.1.0", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standard Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.9.0.3", "Tue Jun 05 2012 20:43:26 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("CT1060933.LatestVersion", "3.15.1.0");
Deleted : user_pref("CT1060933.Locale", "en-us");
Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT1060933.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Deleted : user_pref("CT1060933.RadioLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific Standard Time)[...]
Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Deleted : user_pref("CT1060933.RadioMediaID", "21504191");
Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Deleted : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT1060933.RadioStationName", "KFOG");
Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Deleted : user_pref("CT1060933.SavedHomepage", "www.google.com");
Deleted : user_pref("CT1060933.SearchCaption", "Freecorder Customized Web Search");
Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "Freecorder Customized Web Search");
Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Stand[...]
Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1060933.SearchProtectorEnabled", true);
Deleted : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT1060933.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Standard [...]
Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Standard Ti[...]
Deleted : user_pref("CT1060933.SettingsLastUpdate", "1358751869");
Deleted : user_pref("CT1060933.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13");
Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Mon Jan 21 2013 00:19:52 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT1060933.UserID", "UN48120648147610634");
Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1060933.alertChannelId", "15651");
Deleted : user_pref("CT1060933.autoDisableScopes", -1);
Deleted : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423");
Deleted : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6C6A6C6F6F736E70");
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737270727575797476242F4B4947[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj7fk;kg#[email protected]+vkn", "247E61393F236B25737471712A212C6[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT1060933.backendstorage./[email protected]", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g>d", "683B3B6B6A7470437A74467745204C4C7A7E257A5225252A26[...]
Deleted : user_pref("CT1060933.backendstorage./[email protected]:5;", "");
Deleted : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT1060933.backendstorage./9b/556,bi5a>g", "6E6D6C716F6F73726E72737978");
Deleted : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;[email protected]", "6A696B7273747576");
Deleted : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Deleted : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6B3B6A3E407170737A737344454A4878797920204D");
Deleted : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D6C6A6C6F6F727777717177");
Deleted : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<l8daj", "6D7070707673757975702A7972727B77757B7E");
Deleted : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT1060933.backendstorage./[email protected]<0bi6a7gn:[email protected]?", "6E6B");
Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
Deleted : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT1060933.backendstorage.cb_user_id_000", "43423332363239383038383833335F46697265666F78")[...]
Deleted : user_pref("CT1060933.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "5361742046656220303420323031322031393A35353A35342[...]
Deleted : user_pref("CT1060933.backendstorage.cbopenmamsettings", "30");
Deleted : user_pref("CT1060933.backendstorage.pg_enable", "74727565");
Deleted : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "547565204F637420303920323031322031343A[...]
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F7777772E61646461746165787072657[...]
Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific [...]
Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.initDone", true);
Deleted : user_pref("CT1060933.isAppTrackingManagerOn", false);
Deleted : user_pref("CT1060933.isFirstRadioInstallation", false);
Deleted : user_pref("CT1060933.myStuffEnabled", true);
Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1060933.oldAppsList", "128346981843587669,128280995260143876,111,129272674122038321,129[...]
Deleted : user_pref("CT1060933.revertSettingsEnabled", false);
Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.testingCtid", "");
Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Mon Jan 21 2013 00:19:56 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT1060933.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1060933&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Freecorder Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4bab8194&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1060933");
Deleted : user_pref("CommunityToolbar.globalUserId", "24c39b8b-4c3c-497f-a727-2eff40b5f1ab");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 21 2013 00:19:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jan 21 2013 00:20:05 GMT-080[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jan 21 2013 00:19:57 GMT-0800 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "e6654573-be95-4abc-af0d-1f84bc598e19");
Deleted : user_pref("CommunityToolbar.originalHomepage", "www.google.com");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [83609 octets] - [17/02/2013 08:43:08]
AdwCleaner[R2].txt - [83670 octets] - [17/02/2013 11:07:35]
AdwCleaner[S1].txt - [25076 octets] - [17/02/2013 11:07:55]

########## EOF - C:\AdwCleaner[S1].txt - [25137 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Let's try OTL again.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## bsacco (Jun 12, 2003)

OK, downloaded OTL and ran Scan as directed in last post. Though, when the scan gets to "Pattern Check" it crashes my PC. Please advise.


----------



## Cookiegal (Aug 27, 2003)

Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## bsacco (Jun 12, 2003)

Just curious.... Since I've have installed and ran numerous apps to try to fix my pc can you bring me up to speed on why we are doing all this? I mean has my pc been so severely infected we have to run these apps? Can you please explain?


----------



## Cookiegal (Aug 27, 2003)

I'm trying to figure out why OTL crashes the machine. It could be there's still malware causing that.

But if you don't want to continue that's fine with me.


----------



## bsacco (Jun 12, 2003)

RogueKiller V8.5.1 [Feb 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : bsacco [Admin rights]
Mode : Scan -- Date : 02/19/2013 15:25:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] Fuze_Meeting.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Fuze Box\Fuze Meeting\FUZE_Meeting.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS @ 0xA71B2640)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS +++++
--- User ---
[MBR] f1494a7bca4ad50a0e2e6695b7edf2ae
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 238339 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02192013_02d1525.txt >>
RKreport[1]_S_02192013_02d1525.txt


----------



## Cookiegal (Aug 27, 2003)

Please see if you can get GMER to run now.


----------



## bsacco (Jun 12, 2003)

GMER Crashes my PC

It runs the quick scan when you open it. Then I made the selections of what to scan (see attachment). Then i hit run scan and it scans for about 30 seconds then it hangs on "cdfs?" then my screen goes BLACK and PC stops operating.

Please advise


----------



## Cookiegal (Aug 27, 2003)

Did it show any signs of rootkit activity after running the initial quick scan?


----------



## bsacco (Jun 12, 2003)

Not sure what you mean by rootkit activity but as the scan ran, there was activity within the center window that show line by line identification of items. Is this what you are referring to?


----------



## Cookiegal (Aug 27, 2003)

I'll post a portion of the instructions for running GMER:


> If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side


So after the initial quick scan the tool would inform you if there is any sign of alteration due to rootkit activity and ask if you want to run a full scan. So I assume this did not happen?


----------



## bsacco (Jun 12, 2003)

no, it did not happen. After I opened GMER it ran a quick scan that only lasted less than 15 seconds. Then i was shown the program. I sent you an image of what I saw (see GMER image run. jpg) I sent you as an attachment. All the items checked or unchecked is how the program ran after i hit the SCAN button in the lower bottom right of the window. As the scan ran (for about 30 seconds, i saw line by line items starting to fill in the center portion of the window where the columns are names TYPE, NAME & VALUE. There were about 10 or so items, then the program crashed.


----------



## Cookiegal (Aug 27, 2003)

OK, would you please try running OTL in safe mode this time?

If that won't work, I'll check with the developer to see what may be causing it.


----------



## bsacco (Jun 12, 2003)

OK, I was able to get a screen shot of GMER while it was running its scan just before it crashed. see attached


----------



## Cookiegal (Aug 27, 2003)

OK, please see my post no. 68.


----------



## bsacco (Jun 12, 2003)

OK, running it now in safe mode though it seems to be getting stuck again on the Pattern search area. THe specific spot is C;\Documents and Settings\Administrator\Local SettingsApplication Data\Plex.......... at the moment that's all I can make out.


----------



## bsacco (Jun 12, 2003)

OTL logfile created on: 2/20/2013 11:59:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 70.21% Memory free
7.09 Gb Paging File | 6.18 Gb Available in Paging File | 87.16% Paging File free
Paging file location(s): C:\pagefile.sys 4091 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.75 Gb Total Space | 124.33 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive T: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive U: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive V: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive W: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive X: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive Y: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS

Computer Name: BS-TOWER | User Name: bsacco | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/20 11:58:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL (1).exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/25 18:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/09/13 07:53:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/14 03:09:36 | 012,638,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013/01/25 18:35:06 | 000,460,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/25 18:35:04 | 004,012,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/25 18:34:16 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/01 22:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2013/01/01 22:49:10 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2012/12/18 11:58:08 | 000,163,584 | ---- | M] () -- C:\WINDOWS\system32\AirfoilInject3.dll
MOD - [2011/11/03 07:28:36 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/14 01:42:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 01:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:41:54 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/14 01:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/18 22:33:34 | 000,446,352 | ---- | M] () -- C:\WINDOWS\system32\OpenQuicktimeLib.dll

========== Services (SafeList) ==========

SRV - [2013/02/13 04:43:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 07:52:32 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/09 19:00:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/13 07:53:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/17 14:10:54 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/05/18 09:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/01/10 12:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/10/05 11:09:38 | 000,081,920 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe -- (MediaCollectorService)
SRV - [2009/10/05 11:09:38 | 000,020,992 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe -- (HPMSSConnectorSvc)
SRV - [2009/09/04 14:56:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/04 16:41:22 | 000,451,904 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/11/11 18:09:34 | 003,223,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OSP EVault\Agent\VVAgent.exe -- (EVault InfoStage Agent)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/01/30 03:52:22 | 000,106,496 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/06/12 13:09:16 | 002,521,880 | ---- | M] (Intel) [Auto | Stopped] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2007/06/12 13:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2007/06/12 13:09:14 | 000,109,336 | ---- | M] (Intel) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2007/03/20 12:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvpopflt.sys -- (lvpopflt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/02/20 11:09:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5A46E37-D429-4E12-9776-6BE22D985BB7}\MpKsl3142c0dd.sys -- (MpKsl3142c0dd)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/03 09:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2012/03/26 12:00:20 | 000,583,296 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L6TPortB.sys -- (L6TPortB)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/08/01 14:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/08 03:12:48 | 007,023,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/07/27 01:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 01:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/07 12:49:18 | 000,044,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/08 19:58:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/03/17 08:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2007/06/15 09:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/06/12 17:05:50 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/10 17:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 17:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/02/11 14:15:50 | 000,014,572 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC.SYS -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.pandora.com/http://www [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9B51B2C6-9540-4ECC-A7DE-DDD52DE5B835}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: [email protected]:2.6.2
FF - prefs.js..extensions.enabledAddons: [email protected]:4.1.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1.10
FF - prefs.js..extensions.enabledAddons: {0cbdfb73-07e9-4cdb-8e40-9cd9742057be}:0.6
FF - prefs.js..extensions.enabledAddons: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..extensions.enabledAddons: [email protected]:0.7.7
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.98
FF - prefs.js..extensions.enabledItems: [email protected]:2.6.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:7.005.030.004
FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.5.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {0cbdfb73-07e9-4cdb-8e40-9cd9742057be}:0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1: C:\Documents and Settings\Administrator\Local Settings\Application Data\Fuze Box\Fuze Meeting\npfuzeshare.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/09 19:00:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/09 18:59:45 | 000,000,000 | ---D | M]

[2008/09/11 08:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/02/16 22:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions
[2010/05/05 21:59:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/29 19:15:29 | 000,000,000 | ---D | M] (Bookmark Duplicate Detector) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2012/10/04 13:58:31 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/10/05 17:23:13 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\[email protected]
[2012/10/07 15:05:34 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\[email protected]
[2012/04/08 08:48:43 | 000,129,271 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\[email protected]
[2013/01/21 00:28:05 | 000,255,318 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\[email protected]
[2012/02/06 18:44:09 | 000,061,854 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\[email protected]
[2012/03/05 07:45:54 | 000,016,072 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{0cbdfb73-07e9-4cdb-8e40-9cd9742057be}.xpi
[2012/11/09 18:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6J5ZSW01.DEFAULT\EXTENSIONS\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
[2012/11/09 19:00:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/10/06 12:05:59 | 000,107,848 | ---- | M] (WebEx Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\mwmcli.dll
[2012/11/09 19:00:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/09 19:00:01 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Send using Gmail\u2122 (no button) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.13.1.6_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\.bak
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Replace New Tab Page = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Smartr Inbox for Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gakklmehjhhdfjjgnmpkjoemjmeomnli\0.70_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: ToutApp for Gmail\u2122 = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gllmkcahdekdbapmdfnffclacbpnicaj\4.2.6_0\
CHR - Extension: Rapportive = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.1_0\
CHR - Extension: Cloud Reader = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: Adblock for Pirate Bay = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd\1.30_0\
CHR - Extension: WhatFont = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm\2.0.2_0\
CHR - Extension: Yet Another Google Bookmarks Extension = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdnejaepfmacfdmhkplckpfdcjgbeode\1.32_0\
CHR - Extension: Bookmarks Menu = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhlkofhkkahcpbmgbgmopdjephahdeej\0.0.0.8_0\
CHR - Extension: Collabspot: Highrise for Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbmgfmocmjkhjamfenkdnkobjempbhjh\2013.2.18.1117_0\
CHR - Extension: Evernote Web = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Ghostery = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
CHR - Extension: Send from Gmail (by Google) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0\
CHR - Extension: Google Reader = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: RSS Feed Reader = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\4.1.6_0\

O1 HOSTS File: ([2013/02/10 19:05:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKCU..\Run: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk = C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1358756641328 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1349385223937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} file:///D:/html/nafcom.cab (Nafi Class)
O16 - DPF: {B87A4DE2-57A3-41CA-8781-89D43EA6EEF4} http://videomessages.live.com/Portal/ClientBin/VCaptCtl.cab (VideoCaptureCtl Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDAF0FD6-A7E5-4EDC-A9CB-E63FE9565669}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (AirfoilInject3.dll) - C:\WINDOWS\System32\AirfoilInject3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/20 16:41:44 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\G
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/02/20 11:58:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL (1).exe
[2013/02/19 15:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2013/02/19 10:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2013/02/19 10:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Fuze Meeting
[2013/02/19 10:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Fuze Box
[2013/02/16 22:18:56 | 000,000,000 | ---D | C] -- C:\_OTS
[2013/02/15 07:14:42 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTS.exe
[2013/02/13 16:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RINGTONES
[2013/02/13 09:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/02/13 09:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/02/13 09:01:36 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/02/13 05:41:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/02/12 13:36:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/02/11 15:51:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/09 16:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2013/02/09 16:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
[2013/02/09 16:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2013/02/09 14:01:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/09 14:01:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/09 14:01:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/09 14:01:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/09 13:58:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/09 13:57:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/09 13:53:58 | 005,030,592 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\puppy.exe
[2013/02/04 13:49:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/02/04 13:49:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2013/02/04 13:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2013/02/02 14:05:19 | 000,000,000 | ---D | C] -- C:\PSTools
[2013/01/24 06:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/12/13 12:18:33 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_437.exe

========== Files - Modified Within 30 Days ==========

[2013/02/20 11:58:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL (1).exe
[2013/02/20 11:55:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/20 11:50:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/20 11:50:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/20 11:43:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500UA.job
[2013/02/20 11:14:29 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/20 11:14:22 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk
[2013/02/20 11:13:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/20 11:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/20 09:30:29 | 000,037,351 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GMER image run.jpg
[2013/02/20 09:15:48 | 000,374,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\i5vykbzh.exe
[2013/02/19 16:43:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1993962763-839522115-500Core.job
[2013/02/19 15:23:33 | 000,798,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2013/02/19 10:15:24 | 000,001,378 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Fuze Meeting .lnk
[2013/02/18 07:12:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/02/18 03:01:34 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/02/17 12:23:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/02/15 07:14:54 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTS.exe
[2013/02/13 09:01:39 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/02/13 04:10:07 | 001,730,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 03:34:51 | 000,527,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 03:34:51 | 000,096,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/10 19:05:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/09 16:31:34 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/02/09 13:54:17 | 005,030,592 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\puppy.exe
[2013/02/08 16:28:10 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2013/02/04 14:22:48 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Install USB2.0 Driver.zip.lnk
[2013/02/04 13:48:34 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/01/31 12:40:28 | 000,002,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/31 12:40:28 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2013/01/29 16:06:13 | 000,001,534 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2013/01/25 15:54:16 | 000,043,704 | ---- | M] () -- C:\Eurosti.TTF
[2013/01/25 15:53:50 | 000,044,304 | ---- | M] () -- C:\Eurostib.TTF
[2013/01/25 15:52:56 | 000,053,980 | ---- | M] () -- C:\erosyt.ttf
[2013/01/24 06:26:22 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/24 06:26:22 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2013/01/23 20:07:40 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/23 20:07:25 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dropbox.lnk

========== Files Created - No Company Name ==========

[2013/02/20 09:30:29 | 000,037,351 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GMER image run.jpg
[2013/02/20 09:15:52 | 000,374,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\i5vykbzh.exe
[2013/02/19 15:23:39 | 000,798,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2013/02/19 10:15:24 | 000,001,378 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Fuze Meeting .lnk
[2013/02/13 09:01:39 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/02/09 16:31:34 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2013/02/09 16:31:34 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/02/09 14:01:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/09 14:01:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/09 14:01:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/09 14:01:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/09 14:01:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/04 14:22:48 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Install USB2.0 Driver.zip.lnk
[2013/02/04 13:48:34 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/02/04 13:48:33 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2013/01/25 15:56:54 | 000,053,980 | ---- | C] () -- C:\erosyt.ttf
[2013/01/25 15:56:52 | 000,044,304 | ---- | C] () -- C:\Eurostib.TTF
[2013/01/25 15:56:49 | 000,043,704 | ---- | C] () -- C:\Eurosti.TTF
[2012/12/26 09:28:32 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/12/18 11:58:08 | 000,163,584 | ---- | C] () -- C:\WINDOWS\System32\AirfoilInject3.dll
[2012/11/18 14:21:13 | 000,121,254 | ---- | C] () -- C:\WINDOWS\File Renamer - Basic Uninstaller.exe
[2012/11/04 17:16:55 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2012/10/15 13:56:26 | 022,657,136 | ---- | C] () -- C:\Program Files\vlc-2.0.2-win32.exe
[2012/09/10 10:21:07 | 000,000,213 | ---- | C] () -- C:\WINDOWS\spwdr.INI
[2012/09/10 10:20:13 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2012/09/10 10:20:10 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2012/09/10 10:20:10 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2012/09/10 10:20:10 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2012/09/10 10:20:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2012/08/11 12:58:16 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/02/17 20:30:44 | 001,692,898 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-73586283-1993962763-839522115-500-0.dat
[2012/02/17 20:30:44 | 000,485,098 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 13:35:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/25 17:34:08 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/10/25 16:19:39 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2011/10/25 09:23:51 | 000,127,184 | ---- | C] () -- C:\WINDOWS\DEL_AH1.EXE
[2011/07/28 09:48:18 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\setup_ldm.iss
[2011/05/12 10:51:33 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/04/13 12:05:51 | 000,009,436 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Tab Separated Values (Windows).EML
[2011/04/13 11:36:45 | 000,009,434 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).EML
[2011/04/13 11:06:01 | 000,009,418 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel 97-2003.EML
[2010/08/18 16:27:16 | 000,038,485 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (DOS).ADR
[2010/08/18 16:23:15 | 000,038,533 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel 97-2003.ADR
[2010/08/17 13:02:26 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
[2010/03/25 13:04:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/03/12 08:45:35 | 000,002,170 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html
[2009/09/25 13:51:44 | 000,703,330 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2008/06/12 11:31:03 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2008/06/11 15:44:27 | 000,148,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/07/16 08:12:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/20 14:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ableton
[2010/01/16 16:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2012/08/04 10:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2012/12/15 21:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2011/03/20 11:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AnvSoft
[2010/12/13 16:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ASAP Utilities
[2013/01/12 16:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/03/24 18:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG9
[2009/11/09 13:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cakewalk
[2012/08/11 12:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2011/11/23 20:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2011/02/03 09:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon Easy-WebPrint EX
[2008/12/01 10:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cloudmark
[2009/02/23 19:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Conceptworld
[2011/03/11 10:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Costco Photo Organizer
[2012/10/24 17:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cycling '74
[2013/02/20 11:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2012/01/04 20:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
[2010/12/29 08:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2011/08/18 05:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2010/03/12 13:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FMZilla
[2013/02/14 09:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2012/09/04 20:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HD Tune Pro
[2010/01/06 19:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1
[2012/06/17 00:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Line 6
[2012/03/28 11:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LiveSoftware
[2012/12/26 22:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MediaMonkey
[2009/09/25 18:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Memeo
[2013/01/25 15:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mp3tag
[2009/04/24 22:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2012/07/03 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2009/12/05 12:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Panasonic
[2009/10/13 20:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Printer Info Cache
[2010/05/20 20:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2009/06/04 12:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\salesforce.com
[2010/02/08 10:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Similarity
[2013/02/13 03:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spotify
[2012/10/30 21:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeraCopy
[2011/07/21 11:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUpMedia
[2013/02/20 11:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/02/11 10:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WebEx
[2013/02/04 13:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/02/06 09:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Home Server
[2009/11/12 23:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/12/31 08:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/24 20:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2012/08/04 10:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2008/12/11 17:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/12/10 15:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2013/02/19 10:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2009/10/27 11:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2012/08/11 12:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2008/06/29 20:21:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/04 14:49:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/02/03 09:54:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/02/03 09:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2008/09/25 09:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/07/18 06:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2011/03/14 08:24:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/07/29 09:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2012/11/02 18:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lencom
[2012/04/03 15:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
[2012/10/30 14:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/02/11 14:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2011/12/10 09:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/21 20:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2012/06/16 10:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2008/10/11 17:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/06/26 03:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2008/08/10 16:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\salesforce.com
[2009/11/09 13:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonoma Wire Works
[2011/06/26 19:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2010/11/25 05:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Home Server
[2009/10/02 13:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/04 20:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 17:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/24 14:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/05/14 18:02:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/05/14 18:02:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\running downhill_2862_EDITED.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\Picture 029.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\Olivia the Rocker Angus Young.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\Olivia Ramp model_EDITED.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\olivia haute coture_EDITED.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\Olivia Butterfly.JPG:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\IMG_1125.JPG:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\IMG_0941123.JPG:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\file406.jpg:$DEPRIMARY
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\Administrator\Desktop\2675151680.jpg:$DEPRIMARY
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\Desktop\George Skarpelos- I Won't Stand as a Martyr_Radio edit.mp3:Roxio EMC Stream

< End of report >


----------



## bsacco (Jun 12, 2003)

OTL Extras logfile created on: 2/20/2013 11:59:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 70.21% Memory free
7.09 Gb Paging File | 6.18 Gb Available in Paging File | 87.16% Paging File free
Paging file location(s): C:\pagefile.sys 4091 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.75 Gb Total Space | 124.33 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive T: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive U: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive V: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive W: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive X: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS
Drive Y: | 1843.01 Gb Total Space | 3893.69 Gb Free Space | 211.27% Space Free | Partition Type: NTFS

Computer Name: BS-TOWER | User Name: bsacco | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"23423:TCP" = 23423:TCP:LocalSubNetisabled:Serviio
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Airfoil\Airfoil.exe" = C:\Program Files\Airfoil\Airfoil.exe:*:Enabled:Airfoil -- (Rogue Amoeba)
"C:\Program Files\Airfoil\AirfoilSpeakers.exe" = C:\Program Files\Airfoil\AirfoilSpeakers.exe:*:Enabled:Airfoil Speakers -- (Rogue Amoeba)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe" = C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe:*:Enabledlex Media Server -- (Plex, Inc.)
"C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe" = C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe:*:Enabledlex Scripting Host -- ()
"C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe" = C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe:*:Enabledlex DLNA Server -- (Plex, Inc.)
"C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe" = C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe:LocalSubNet:Enabled:MediaCollectorClient -- (Hewlett-Packard Company)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Cakewalk\Shared Utilities\VstScan.exe" = C:\Program Files\Cakewalk\Shared Utilities\VstScan.exe:*:Enabled:Cakewalk VST Scan -- (Cakewalk Music Software)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{11ABE2F4-DBCD-45D1-ABBB-C13FDDC4568A}" = Similarity 1.1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR} 
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38EE230F-F631-451F-8800-E29F5E5C9E7D}" = iTunes Library Updater
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C26E039-BE18-4B5E-A723-45390C451819}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.1
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F58EF0F-3E92-49B9-A315-872C65F30F05}" = PHOTOfunSTUDIO 8.1 PE
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{668CC71A-C2AD-4D56-866D-CF300BD1D5BE}_is1" = Ontrack EasyRecovery Professional
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E23182E-ED23-465D-B11D-1C219AE2AFD0}" = Plex Media Server
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788B97E8-D825-419A-8558-1C0B344C5371}" = Costco Photo Organizer
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AB01508-C2B2-43C8-8B44-514801E7CCC9}" = Jing
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{964D0D1C-1D28-4802-8EE8-345CC8D2633B}" = HP MediaSmart Server 3.0 Update 1
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D77A09-10EA-4574-8C09-9B6E1A21C95F}" = Virus Guard - powered by BitDefender
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 2.0.0.1
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2393794-69B8-CD96-80CB-746DD220C15B}" = AMD Catalyst Install Manager
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC5D11F-83D2-4E74-9521-86CAD955B7E5}" = Fuze Meeting
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Ace Utilities_is1" = Ace Utilities
"Addictive Drums" = Addictive Drums
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Airfoil" = Airfoil
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Any Video Converter_is1" = Any Video Converter 3.2.0
"ASAP Utilities_is1" = ASAP Utilities
"Audacity_is1" = Audacity 2.0
"Belarc Advisor" = Belarc Advisor 8.3
"Cakewalk Audio FX Pack 2" = Cakewalk Audio FX Pack 2
"Cakewalk Audio FX Pack 3" = Cakewalk Audio FX Pack 3
"Canon MX870 series User Registration" = Canon MX870 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Duplicate Music Files Finder_is1" = Duplicate Music Files Finder 1.5.5
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"File Renamer - Basic" = File Renamer - Basic
"FileZilla Client" = FileZilla Client 3.2.4.1
"Foxit Reader_is1" = Foxit Reader
"Free Video Dub_is1" = Free Video Dub version 2.0.3.1228
"GoToAssist" = GoToAssist Corporate
"HECI" = Intel® Management Engine Interface
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Line 6 Uninstaller" = Line 6 Uninstaller
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MediaMonkey_is1" = MediaMonkey 4.0
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"MiniTool Power Data Recovery_is1" = MiniTool Power Data Recovery
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Mp3tag" = Mp3tag v2.54
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Service Center" = Native Instruments Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"ReaPlugs" = ReaPlugs
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SONAR8Producer_is1" = SONAR 8.0 Producer Edition
"Speed Dial Utility" = Canon Speed Dial Utility
"Spotify" = Spotify
"The KMPlayer" = The KMPlayer (remove only)
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XobniMain" = Xobni
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XWeb" = Microsoft Expression Web 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.2.0.952
"JoinMe" = join.me
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2013 11:38:54 PM | Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 2/19/2013 11:38:54 PM | Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 2/19/2013 11:38:54 PM | Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 2/19/2013 11:38:54 PM | Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 2/19/2013 11:38:54 PM | Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 2/19/2013 11:38:54 PM | Computer Name = BS-TOWER | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

Error - 2/20/2013 1:25:47 PM | Computer Name = BS-TOWER | Source = Intel(R) AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel(R) AMT.

Error - 2/20/2013 1:34:03 PM | Computer Name = BS-TOWER | Source = Intel(R) AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel(R) AMT.

Error - 2/20/2013 2:57:11 PM | Computer Name = BS-TOWER | Source = Intel(R) AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel(R) AMT.

Error - 2/20/2013 3:13:33 PM | Computer Name = BS-TOWER | Source = Intel(R) AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel(R) AMT.

[ OSession Events ]
Error - 4/13/2011 3:38:30 PM | Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1316
seconds with 120 seconds of active time. This session ended with a crash.

Error - 4/25/2011 12:36:40 AM | Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 92451
seconds with 660 seconds of active time. This session ended with a crash.

Error - 4/26/2011 9:46:01 PM | Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 73250
seconds with 3900 seconds of active time. This session ended with a crash.

Error - 9/5/2011 7:56:37 PM | Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 504806 seconds with 40020 seconds of active time. This session ended with
a crash.

Error - 10/12/2011 5:29:07 PM | Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 84 seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/30/2011 1:32:30 PM | Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 198507
seconds with 3540 seconds of active time. This session ended with a crash.

Error - 12/9/2011 12:13:17 PM | Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 235813
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 2/2/2012 4:14:33 PM | Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 439294 seconds with 28440 seconds of active time. This session ended with
a crash.

Error - 2/26/2012 5:05:30 PM | Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12019
seconds with 600 seconds of active time. This session ended with a crash.

Error - 11/3/2012 12:32:25 AM | Computer Name = BS-TOWER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5673
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/20/2013 3:56:13 PM | Computer Name = BS-TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 2/20/2013 3:56:13 PM | Computer Name = BS-TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 2/20/2013 3:56:13 PM | Computer Name = BS-TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 2/20/2013 3:56:13 PM | Computer Name = BS-TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 2/20/2013 3:56:13 PM | Computer Name = BS-TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 2/20/2013 3:56:13 PM | Computer Name = BS-TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 2/20/2013 3:56:13 PM | Computer Name = BS-TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 2/20/2013 3:56:13 PM | Computer Name = BS-TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 2/20/2013 3:56:13 PM | Computer Name = BS-TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 2/20/2013 3:56:13 PM | Computer Name = BS-TOWER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

< End of report >


----------



## Cookiegal (Aug 27, 2003)

There's a lot to go through and I'm actually not feeling very well. I will be around off and on but will review those logs tomorrow morning when I can focus more clearly on all of the data.


----------



## bsacco (Jun 12, 2003)

PC now does not boot up. It cannot find windows OS. Just a blank black screen with a blinking icon in the upper left corner of the screen. Please advise.


----------



## Cookiegal (Aug 27, 2003)

What is the exact error message you're seeing?

What had you done just before this happened?

Can you boot to safe mode, safe mode with networking or safe mode with command prompt? If none of those work, have you tried booting to Last Known Good Configuration?


----------



## bsacco (Jun 12, 2003)

I was able to get to "Last good config" and it re-booted. 

What I did just before it happened was that I ran GMER in safe mode and it made it all the way through.


----------



## bsacco (Jun 12, 2003)

when it crashed I got the this error msg:

Exception occured module MPCACHE.MDM file "IOAPICSP.asm line 1645"


----------



## Cookiegal (Aug 27, 2003)

Do you see any files in this folder?

C:\Windows\Minidump

They would have names similar to the following where the numbers represent the date the crash occurred:

Mini010113-01.dmp

If so, please zip it (right-click the file and select "send to" and then select "compressed (zipped) folder" and upload it here as an attachment.


----------



## bsacco (Jun 12, 2003)

unfortunately there are no file inside C:\Windows\Minidump folder.


----------



## Cookiegal (Aug 27, 2003)

Perhaps a full dump was created. Is there anything like this?

c:\Windows\MEMORY.DMP


----------



## bsacco (Jun 12, 2003)

no such file as c:\Windows\MEMORY.DMP.


----------



## Cookiegal (Aug 27, 2003)

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


Double-click *VEW.exe*

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## bsacco (Jun 12, 2003)

Vino's Event Viewer v01c run on Windows XP in English
Report run at 21/02/2013 9:29:03 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/02/2013 10:04:52 PM
Type: error Category: 3
Event: 2002 Source: Intel(R) AMT
[UNS] Failed to subscribe to local Intel(R) AMT.

Log: 'Application' Date/Time: 20/02/2013 11:13:33 AM
Type: error Category: 3
Event: 2002 Source: Intel(R) AMT
[UNS] Failed to subscribe to local Intel(R) AMT.

Log: 'Application' Date/Time: 20/02/2013 10:57:11 AM
Type: error Category: 3
Event: 2002 Source: Intel(R) AMT
[UNS] Failed to subscribe to local Intel(R) AMT.

Log: 'Application' Date/Time: 20/02/2013 9:34:03 AM
Type: error Category: 3
Event: 2002 Source: Intel(R) AMT
[UNS] Failed to subscribe to local Intel(R) AMT.

Log: 'Application' Date/Time: 20/02/2013 9:25:47 AM
Type: error Category: 3
Event: 2002 Source: Intel(R) AMT
[UNS] Failed to subscribe to local Intel(R) AMT.

Log: 'Application' Date/Time: 19/02/2013 7:38:54 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
ERROR: handle_resolve_request bad interfaceIndex 24

Log: 'Application' Date/Time: 19/02/2013 7:38:54 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
ERROR: handle_resolve_request bad interfaceIndex 23

Log: 'Application' Date/Time: 19/02/2013 7:38:54 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
ERROR: handle_resolve_request bad interfaceIndex 22

Log: 'Application' Date/Time: 19/02/2013 7:38:54 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
ERROR: handle_resolve_request bad interfaceIndex 21

Log: 'Application' Date/Time: 19/02/2013 7:38:54 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
ERROR: handle_resolve_request bad interfaceIndex 20

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/02/2013 3:26:48 AM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 09/02/2013 3:12:09 PM
Type: warning Category: 3
Event: 3036 Source: Windows Search Service
The content source <outlookexpress://{s-1-5-21-73586283-1993962763-839522115-1004}/{53e27f22-75fa-46ec-9125-3f655462724f}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The item cannot be processed further because search failed to find one of its properties. Check that the item is valid in the store. (0x80041213)

Log: 'Application' Date/Time: 08/02/2013 4:12:42 PM
Type: warning Category: 1
Event: 4132 Source: Ci
1 inconsistencies were detected in PropertyStore during recovery of catalog c:\system volume information\catalog.wci.

Log: 'Application' Date/Time: 08/02/2013 3:36:40 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 08/02/2013 3:36:39 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 08/02/2013 3:36:38 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 08/02/2013 3:36:37 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 08/02/2013 3:36:36 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 08/02/2013 3:36:35 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

Log: 'Application' Date/Time: 08/02/2013 3:36:34 PM
Type: warning Category: 0
Event: 2001 Source: PerfDisk
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/02/2013 9:39:32 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 20/02/2013 9:31:40 PM
Type: error Category: 0
Event: 2019 Source: Srv
The server was unable to allocate from the system nonpaged pool because the pool was empty.

Log: 'System' Date/Time: 20/02/2013 9:19:40 PM
Type: error Category: 0
Event: 2019 Source: Srv
The server was unable to allocate from the system nonpaged pool because the pool was empty.

Log: 'System' Date/Time: 20/02/2013 9:07:40 PM
Type: error Category: 0
Event: 2019 Source: Srv
The server was unable to allocate from the system nonpaged pool because the pool was empty.

Log: 'System' Date/Time: 20/02/2013 9:03:01 PM
Type: error Category: 0
Event: 8003 Source: MRxSmb
The master browser has received a server announcement from the computer HPSTORAGE1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DDAF0FD6-A7E5-4ED. The master browser is stopping or an election is being forced.

Log: 'System' Date/Time: 20/02/2013 8:55:40 PM
Type: error Category: 0
Event: 2019 Source: Srv
The server was unable to allocate from the system nonpaged pool because the pool was empty.

Log: 'System' Date/Time: 20/02/2013 8:46:10 PM
Type: error Category: 0
Event: 11 Source: Cdrom
The driver detected a controller error on \Device\CdRom1.

Log: 'System' Date/Time: 20/02/2013 11:56:13 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 20/02/2013 11:56:13 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 20/02/2013 11:56:13 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/02/2013 8:50:58 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HPSTORAGE1 on the network \Device\NetBT_Tcpip_{DDAF0FD6-A7E5-4EDC-A9CB-E63FE9565669}. The data is the error code.

Log: 'System' Date/Time: 20/02/2013 8:46:14 PM
Type: warning Category: 0
Event: 50 Source: Ntfs
{Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Log: 'System' Date/Time: 20/02/2013 12:28:40 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 20/02/2013 11:55:21 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 20/02/2013 10:04:55 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 19/02/2013 7:39:49 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 19/02/2013 3:58:02 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 19/02/2013 10:26:59 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 19/02/2013 7:47:23 AM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\HPSTORAGE1 on the network \Device\NetBT_Tcpip_{DDAF0FD6-A7E5-4EDC-A9CB-E63FE9565669}. The data is the error code.

Log: 'System' Date/Time: 19/02/2013 7:47:12 AM
Type: warning Category: 0
Event: 27 Source: e1express
Intel(R) 82566DM-2 Gigabit Network Connection Link has been disconnected.


----------



## Cookiegal (Aug 27, 2003)

I assume the last crash happened last night (February 20th). Can you tell me around what time that happened?


----------



## bsacco (Jun 12, 2003)

late last night. i don't recall the exact time. say 10pm PDT


----------



## Cookiegal (Aug 27, 2003)

I don't really see anything there that would contribute to the machine not booting.

Have you ever had crashes, BSODs before we started this troubleshooting process?


----------



## bsacco (Jun 12, 2003)

none.

I've had some (rare) random blue screen of death crashes. But I've been able to keep the OS going somehow. i did though run across a problem that has puzzled me. For some reason, I cannot get my Midi controller keyboard (Alesis QX49) to be recognized properly under this system. It only recognizes it as a USB midi device not as an Alesis QX49 midi controller keyboard and thus does not work properly. I tested this on my other PC running Windows 7 and it works perfectly and is recognized as Alesis QX49.


----------



## bsacco (Jun 12, 2003)

also, just curious why we never fixed any problems we found using all that software you had me install?


----------



## Cookiegal (Aug 27, 2003)

bsacco said:


> also, just curious why we never fixed any problems we found using all that software you had me install?


What do you mean?


----------



## bsacco (Jun 12, 2003)

re: all the different malware apps we tried...


----------



## Cookiegal (Aug 27, 2003)

We have removed things with them but we're having trouble running some of the tools and I'm not sure why. It could be a conflict of some sort with other software or hardware.

Please delete this folder manually rather than risk running OTL again (this is from the last OTL log):

C:\Documents and Settings\All Users\Application Data\*boost_interprocess*

Then please run DDS again and post both logs. Perhaps if we disable some things we can get things to work better.


----------



## bsacco (Jun 12, 2003)

this is weird. This is the 3rd time you've asked me to specifically locate a file on my PC but each time I look for it, it does not exist. Are you sure you have not confused me with another thread?


----------



## bsacco (Jun 12, 2003)

oops...OK I just found it...Please disregard earlier message


----------



## bsacco (Jun 12, 2003)

Attach text log file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/20/2008 10:20:07 AM
System Uptime: 2/20/2013 10:04:05 PM (17 hours ago)
.
Motherboard: Dell Inc. | | 0GM819
Processor: Intel Pentium III Xeon processor | CPU | 1967/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 120.986 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
M: is NetworkDisk (NTFS) - 1843 GiB total, 265.03 GiB free.
T: is NetworkDisk (NTFS) - 1843 GiB total, 265.03 GiB free.
U: is NetworkDisk (NTFS) - 1843 GiB total, 265.03 GiB free.
V: is NetworkDisk (NTFS) - 1843 GiB total, 265.03 GiB free.
W: is NetworkDisk (NTFS) - 1843 GiB total, 265.03 GiB free.
X: is NetworkDisk (NTFS) - 1843 GiB total, 265.03 GiB free.
Y: is NetworkDisk (NTFS) - 1843 GiB total, 265.03 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 2/8/2013 3:20:04 PM - System Checkpoint
RP4: 2/8/2013 4:17:44 PM - Software Distribution Service 3.0
RP5: 2/8/2013 5:37:57 PM - System Checkpoint
RP6: 2/8/2013 11:03:03 PM - Software Distribution Service 3.0
RP7: 2/9/2013 1:58:27 AM - Software Distribution Service 3.0
RP8: 2/9/2013 4:31:32 PM - Installed Windows 7 Upgrade Advisor
RP9: 2/10/2013 2:18:01 AM - Software Distribution Service 3.0
RP10: 2/11/2013 1:43:24 AM - Software Distribution Service 3.0
RP11: 2/11/2013 11:37:33 AM - Software Distribution Service 3.0
RP12: 2/12/2013 1:43:34 AM - Software Distribution Service 3.0
RP13: 2/12/2013 11:37:30 AM - Software Distribution Service 3.0
RP14: 2/13/2013 1:43:28 AM - Software Distribution Service 3.0
RP15: 2/13/2013 3:06:47 AM - Software Distribution Service 3.0
RP16: 2/13/2013 5:44:50 AM - Software Distribution Service 3.0
RP17: 2/14/2013 2:21:50 AM - Software Distribution Service 3.0
RP18: 2/14/2013 5:01:24 AM - Software Distribution Service 3.0
RP19: 2/15/2013 2:08:11 AM - Software Distribution Service 3.0
RP20: 2/15/2013 5:00:29 AM - Software Distribution Service 3.0
RP21: 2/16/2013 2:14:28 AM - Software Distribution Service 3.0
RP22: 2/16/2013 5:00:06 AM - Software Distribution Service 3.0
RP23: 2/17/2013 5:03:56 AM - System Checkpoint
RP24: 2/17/2013 8:09:19 AM - Software Distribution Service 3.0
RP25: 2/18/2013 2:21:07 AM - Software Distribution Service 3.0
RP26: 2/18/2013 3:00:17 AM - Software Distribution Service 3.0
RP27: 2/19/2013 8:06:18 AM - Software Distribution Service 3.0
RP28: 2/19/2013 10:15:19 AM - Installed Fuze Meeting
RP29: 2/20/2013 2:02:12 AM - Software Distribution Service 3.0
RP30: 2/21/2013 2:09:38 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Ace Utilities
Add or Remove Adobe Creative Suite 3 Design Premium
Addictive Drums
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 11.6
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR} 
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIO_Scan
Airfoil
Amazon MP3 Downloader 1.0.17
AMD Catalyst Install Manager
Any Video Converter 3.2.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASAP Utilities
ATI Catalyst Control Center
Audacity 2.0
Belarc Advisor 8.3
Bonjour
BufferChm
Cakewalk Audio FX Pack 2
Cakewalk Audio FX Pack 3
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.1
Canon MX870 series MP Drivers
Canon MX870 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CDBurnerXP
Costco Photo Organizer
Data Lifeguard Diagnostic for Windows 1.24
Dell Resource CD
Dropbox
Duplicate Music Files Finder 1.5.5
ESET Online Scanner v3
Fast Duplicate File Finder 2.0.0.1
FFmpeg for Audacity on Windows
File Renamer - Basic
FileZilla Client 3.2.4.1
FlipShare
Foxit Reader
Free Video Dub version 2.0.3.1228
FreeRIP v3.6
Fuze Meeting
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
GoToMeeting 5.2.0.952
HiJackThis
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP MediaSmart Server 3.0 Update 1
HP Update
Intel(R) PRO Network Connections Drivers
Intel® Active Management Technology
Intel® Management Engine Interface
iPhone Configuration Utility
iTunes
iTunes Library Updater
Java 7 Update 13
Java Auto Updater
Java(TM) 6 Update 31
JavaFX 2.1.1
Jing
join.me
LADSPA_plugins-win-0.4.15
LAME v3.98.3 for Audacity
Line 6 Uninstaller
Magical Jelly Bean KeyFinder
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.70.0.1100
MediaMonkey 4.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Easy Assist v2
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft IntelliPoint 8.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC90_CRT_x86
MIDI-OX
MiniTool Power Data Recovery
MobileMe Control Panel
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.54
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Plugin 1.0
Native Instruments Guitar Rig 3
Native Instruments Service Center
neroxml
Ontrack EasyRecovery Professional
PDF Settings
PHOTOfunSTUDIO 8.1 PE
PHOTOfunSTUDIO HD Edition
Plex Media Server
PS_AIO_Software_min
QuickTime
ReaPlugs
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Similarity 1.1.0
SIW version 2011.10.29
Skype™ 6.1
SONAR 8.0 Producer Edition
Sound Blaster Audigy
SoundMAX
Spotify
SUPERAntiSpyware
swMSM
The KMPlayer (remove only)
Toolbox
Total Video Converter 3.71 100812
Tweakui Powertoy for Windows XP
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Virus Guard - powered by BitDefender
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 2.0.4
WD Diagnostics
WD Drive Manager (x86)
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Home Server Connector
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles
Windows XP Service Pack 3
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Xobni
Xobni Core
.
==== Event Viewer Messages From Past Week ========
.
2/20/2013 9:27:14 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/20/2013 9:27:14 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/20/2013 9:03:01 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HPSTORAGE1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DDAF0FD6-A7E5-4ED. The master browser is stopping or an election is being forced.
2/20/2013 8:55:40 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
2/20/2013 8:46:10 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1.
2/20/2013 11:53:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/20/2013 11:51:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt Fips intelppm MpFilter NetworkX SASDIFSV SASKUTIL
2/20/2013 11:51:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/20/2013 11:50:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/18/2013 5:45:22 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.
2/17/2013 7:57:48 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2/16/2013 10:19:03 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:59 PM, error: Service Control Manager [7034] - The XobniService service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:59 PM, error: Service Control Manager [7034] - The WD Drive Manager Service service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:59 PM, error: Service Control Manager [7031] - The Windows Home Server Connector Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2/16/2013 10:18:58 PM, error: Service Control Manager [7034] - The NMSAccess service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:58 PM, error: Service Control Manager [7034] - The MediaCollectorService service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:58 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:58 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:58 PM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology User Notification Service service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:58 PM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology Local Management Service service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:58 PM, error: Service Control Manager [7034] - The HPMSSConnectorService service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:57 PM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology System Status Service service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:57 PM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:57 PM, error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:57 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
2/16/2013 10:18:56 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/16/2013 10:18:56 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
2/16/2013 10:18:56 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================


----------



## bsacco (Jun 12, 2003)

dds.txt log file:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2
Run by bsacco at 15:23:38 on 2013-02-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2362 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://outlookweb.invision.net/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - c:\program files\windows home server\WHSDeskBands.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] "c:\documents and settings\administrator\local settings\application data\google\chrome\application\chrome.exe" --type=service
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\administrator\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~2.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358756641328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349385223937
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///D:/html/nafcom.cab
DPF: {B87A4DE2-57A3-41CA-8781-89D43EA6EEF4} - hxxp://videomessages.live.com/Portal/ClientBin/VCaptCtl.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{DDAF0FD6-A7E5-4EDC-A9CB-E63FE9565669} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
AppInit_DLLs= AirfoilInject3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - 
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar_ff36.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - ExtSQL: 2013-01-21 00:20; [email protected]; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 195296]
R1 MpKsl3a09a2a9;MpKsl3a09a2a9;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb2bb6e1-d713-40a9-8559-dfa3568e5a01}\MpKsl3a09a2a9.sys [2013-2-21 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-15 398184]
R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-5-20 2521880]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2011-5-18 62184]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2012-5-7 45288]
R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [2012-4-3 583296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-18 21104]
RUnknown MpKsl3142c0dd;MpKsl3142c0dd; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-18 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-10-7 44776]
S3 EVault InfoStage Agent;OSP EVault Agent;c:\program files\osp evault\agent\VVAgent.exe [2008-11-11 3223552]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-02-21 10:11:07	60872	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb2bb6e1-d713-40a9-8559-dfa3568e5a01}\offreg.dll
2013-02-21 10:11:07	29904	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb2bb6e1-d713-40a9-8559-dfa3568e5a01}\MpKsl3a09a2a9.sys
2013-02-21 10:09:40	6954968	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb2bb6e1-d713-40a9-8559-dfa3568e5a01}\mpengine.dll
2013-02-20 10:02:36	6954968	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-02-19 18:15:19	--------	d-----w-	c:\documents and settings\administrator\local settings\application data\Fuze Box
2013-02-17 06:18:56	--------	d-----w-	C:\_OTS
2013-02-13 17:01:36	--------	d-----r-	c:\program files\Skype
2013-02-10 00:32:22	--------	d-----w-	c:\windows\Performance
2013-02-10 00:32:12	--------	d-----w-	c:\documents and settings\administrator\local settings\application data\Microsoft Corporation
2013-02-10 00:31:33	--------	d-----w-	c:\program files\Microsoft Windows 7 Upgrade Advisor
2013-02-09 22:21:16	52480	-c--a-w-	c:\windows\system32\dllcache\i8042prt.sys
2013-02-09 22:21:16	52480	----a-w-	c:\windows\system32\drivers\i8042prt.sys
2013-02-09 22:01:27	98816	----a-w-	c:\windows\sed.exe
2013-02-09 22:01:27	256000	----a-w-	c:\windows\PEV.exe
2013-02-09 22:01:27	208896	----a-w-	c:\windows\MBR.exe
2013-02-05 15:52:47	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-04 21:49:31	--------	d-----w-	c:\windows\system32\winrm
2013-02-04 21:49:22	--------	dc-h--w-	c:\windows\$968930Uinstall_KB968930$
2013-02-04 21:49:09	--------	d-----w-	c:\documents and settings\administrator\application data\Windows Desktop Search
2013-02-02 22:05:19	--------	d-----w-	C:\PSTools
.
==================== Find3M ====================
.
2013-02-13 12:43:27	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-13 12:43:27	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-05 15:52:31	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-02-05 15:52:30	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-05 15:52:30	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-30 10:53:21	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-26 03:55:44	552448	----a-w-	c:\windows\system32\oleaut32.dll
2013-01-20 23:59:04	195296	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:19:45	2148864	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01	2027520	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00	1867264	----a-w-	c:\windows\system32\win32k.sys
2013-01-02 06:49:10	148992	----a-w-	c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10	1292288	----a-w-	c:\windows\system32\quartz.dll
2012-12-26 20:16:29	916480	----a-w-	c:\windows\system32\wininet.dll
2012-12-26 20:16:28	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59	385024	----a-w-	c:\windows\system32\html.iec
2012-12-18 19:58:08	163584	----a-w-	c:\windows\system32\AirfoilInject3.dll
2012-12-16 12:23:59	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-15 00:49:28	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-15 21:57:23	22657136	----a-w-	c:\program files\vlc-2.0.2-win32.exe
.
============= FINISH: 15:25:02.66 ===============


----------



## Cookiegal (Aug 27, 2003)

Other than the needed devices (mouse, keyboard, printer) do you leave any other hardware attached to the system?

This might give some insight:

Please run the MGA Diagnostic Tool and post back the report it creates:
Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


----------



## bsacco (Jun 12, 2003)

I do run DAW hardware and software (Digital Audio Workstation). I run Line 6 Toneport Digital hardware interface and Cakewalk SONAR Producer 8.5 software. I'm also running HP Mediasmart server (NAS) 490EX off the network. Occasionally I run a microphone headphone for Skype AND external hard drives off my USB ports for backup.

I changed some of these product keys to protect my keys from hackers in this post

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-T6DFA-Y934T-YD4YT
Windows Product Key Hash: 3g4CZGFEDgbKmn/oA4pb2FZsssU=
Windows Product ID: 76487-OEM-2222906-00202
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {90DCAAF1-E723-43A4-AE9C-9FA48D2F5A76}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Expression Web 2 - 121
Microsoft Office Small Business 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 7E90FEE8-198-80004005_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{90DCABF1-E723-43B4-BE9C-9FB48D2F5B76}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YD4YT</PKey><PID>76487-OEM-2211906-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-73586283-1993962763-839522115</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>OptiPlex 755 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A20</Version><SMBIOSVersion major="2" minor="5"/><Date>20111006000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>699C314701844E78</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0045-0000-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Expression Web 2</Name><Ver>12</Ver><Val>5C75A1FD862B576</Val><Hash>cYq9KbAcKmw7RHHUxwPI1Qn9sa8=</Hash><Pid>78727-699-6506803-59692</Pid><PidType>0</PidType></Product><Product GUID="{91120000-00CA-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Small Business 2007</Name><Ver>12</Ver><Val>71FEF877113FF0C</Val><Hash>GBOlvgBC5RK9Gm0YRW+VSKHuYkU=</Hash><Pid>81606-902-3336184-64806</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1A0DFell Inc|1A0DF:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A


----------



## Cookiegal (Aug 27, 2003)

All I can say is it "may" be some of that extra hardware or server configurations that is causing some of the tools to crash the system. The only thing I see now is a Firefox extension from Freecorder that should be removed but I hesitate to try to run OTL again.

I assume though that you have everything important backed up to some external media?

Would you mind running AdwCleaner again? It found a lot of junk and I'd like to see if anything remains. Please remove the one you downloaded previously by dragging it to the Recycle Bin and then grab another copy.

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## bsacco (Jun 12, 2003)

thanks.

Ok, first , how do I remove the firefox extension for Freecorder? i opened Firfox plugins and it's not in there. Please advise on how to remove.

2) I need to back up all my files

3) I will run AdwCleaner and post results


----------



## bsacco (Jun 12, 2003)

quick question for you. Do you know how to re-install Adobe CS3? That is, it's installed on my PC, I have access to all the product keys etc... I just don't have the orig CD install discs. Could you helop me extract a copy of it so that i can re-install it if i need to wipe out the hard drive?

thanks,
b


----------



## Cookiegal (Aug 27, 2003)

bsacco said:


> thanks.
> 
> Ok, first , how do I remove the firefox extension for Freecorder? i opened Firfox plugins and it's not in there. Please advise on how to remove.
> 
> ...


I'm hoping AdwCleaner may detect the extension but if it doesn't then just delete this file (it's a very long path to it):

c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\*np-mswmp.dll*


----------



## Cookiegal (Aug 27, 2003)

bsacco said:


> quick question for you. Do you know how to re-install Adobe CS3? That is, it's installed on my PC, I have access to all the product keys etc... I just don't have the orig CD install discs. Could you helop me extract a copy of it so that i can re-install it if i need to wipe out the hard drive?
> 
> thanks,
> b


I found this discussion on the Adobe forums:

http://forums.adobe.com/message/5070485

Apparently you have to download the Trial version (if they have the product that you want there) and then activate it using your license key. But it states that you have to follow the instructions carefully or it may not work. I don't know if Adobe will give support for this older version if you were to contact them about it.


----------



## bsacco (Jun 12, 2003)

OK, attempting to delete file Firefox plugin manually but with no success. I cannot find the file using the path you gave me. 

I can only go so far. 

I've attached a screenshot of the window I'm looking at so that you can see what I'm seeing.


----------



## Cookiegal (Aug 27, 2003)

It may be super hidden. I'm hoping AdwCleaner will pick it up though.

But while you're in that location, please delete the last one at the bottom:

[email protected]


----------



## bsacco (Jun 12, 2003)

AdwCleaner Log file

# AdwCleaner v2.112 - Logfile created 02/23/2013 at 06:55:27
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : bsacco - BS-TOWER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [83609 octets] - [17/02/2013 08:43:08]
AdwCleaner[R2].txt - [83670 octets] - [17/02/2013 11:07:35]
AdwCleaner[R3].txt - [1895 octets] - [23/02/2013 06:55:27]
AdwCleaner[S1].txt - [25207 octets] - [17/02/2013 11:07:55]

########## EOF - C:\AdwCleaner[R3].txt - [2016 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

That didn't detect it so let's try this one.








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## bsacco (Jun 12, 2003)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Microsoft Windows XP x86
Ran by bsacco on Sun 02/24/2013 at 9:32:17.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\6j5zsw01.default\prefs.js

user_pref("[email protected]", true);
Emptied folder: C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\6j5zsw01.default\minidumps [2 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/24/2013 at 9:36:25.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:folderfind
*1392b8d2*
:filefind
*np-mswmp*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled


----------



## bsacco (Jun 12, 2003)

SystemLook 30.07.11 by jpshortstuff
Log created at 10:06 on 24/02/2013 by bsacco
Administrator - Elevation successful

========== folderfind ==========

Searching for "*1392b8d2*"
C:\_OTS\MovedFiles\02162013_221856\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}	d------	[06:20 17/02/2013]

========== filefind ==========

Searching for "*np-mswmp*"
C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll	--a---- 163256 bytes	[02:59 10/11/2012]	[01:21 11/04/2007] 99F97C9FE748C37528C338A423577FCB
C:\_OTS\MovedFiles\02162013_221856\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\Plugins\np-mswmp.dll	--a---- 163256 bytes	[19:58 05/10/2012]	[20:08 27/09/2012] 99F97C9FE748C37528C338A423577FCB

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

It looks like OTS did remove it although I don't know why OTL still lists it.

Are there any other problems with the computer now?


----------

