# Malware/Virus Removal



## jlski (Dec 2, 2002)

OS Version: Microsoft Windows XP Professional Version 5.1.2600 - Service Pack 3
Processor: Intel(R) Celeron(R) D CPU 3.33GHz 
Processor Count: 
RAM: 1 GB
Graphics Card: 
Hard Drives: 
Motherboard: 
Antivirus: Comodo

PROBLEM

If running IE 7 or Google Chrome and let running for a period of time withou8t surfing they become severly slow

or none responsive.

Complete sytem is very slow.

I have two notices pop up upon rebooting that I have not been able to get rid of. A snapshot of those two notices

I have posted as an attachment as well...file - rebbot3.

hijackthis file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:29:23 AM, on 11/29/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17114)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Documents and Settings\All Users\Application Data\Browser

Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Documents and Settings\All Users\Application Data\Browser

Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Workspace\offSyncService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

http://toolbar.inbox.com/search/ie.aspx?tbid=80197&lng=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =

http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80197
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://toolbar.inbox.com/search/ie.aspx?tbid=80197&lng=en
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80197
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber

Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -

c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - (no file)
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber

Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet

Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ContactKeeper Birthday reminder] "C:\Program

Files\ContactKeeper\ContactKeeper.exe" /Reminder
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - S-1-5-18 Startup: KybtecWcCaller.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: KybtecWcCaller.exe (User 'Default user')
O4 - Startup: KybtecWcCaller.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Adobe\Common Files\Microsoft

Shared\MSInfo\MSINF16H.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Adobe\Common Files\Microsoft

Shared\MSInfo\MSINF16H.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: RoboForm Editor - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber

Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program

Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber

Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program

Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber

Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} -

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber

Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/mic...rols/en/x86/client/muweb_site.cab?13540343156

93
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) -

http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer =

8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll

C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems

Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Application

Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program

Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program

Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program

Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: File Backup Service (File Backup) - Starfield Technologies - C:\Program

Files\Workspace\offSyncService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New

Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program

Files\Skype\Updater\Updater.exe

--
End of file - 12197 bytes


----------



## jlski (Dec 2, 2002)

DDS FILE

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.17114
Run by Owner at 7:46:13 on 2012-11-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.358 [GMT -6:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* 
.
============== Running Processes ================
.
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Workspace\offSyncService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80197&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80197
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\bae.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ContactKeeper Birthday reminder] "c:\program files\contactkeeper\ContactKeeper.exe" /Reminder
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Power2GoExpress] NA
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\KybtecWcCaller.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\adobe\common files\microsoft shared\msinfo\MSINF16H.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\adobe\common files\microsoft shared\msinfo\MSINF16H.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Password Generator - c:\program files\siber systems\ai roboform\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - c:\program files\siber systems\ai roboform\RoboFormComEditIdent.html
IE: RoboForm TaskBar Icon - c:\program files\siber systems\ai roboform\RoboFormComTaskBarIcon.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {45DB34C3-955C-11D3-ABEF-444553540001} - {45DB34C3-955C-11D3-ABEF-444553540001} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354034315693
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 216.81.36.10 216.81.36.20
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C} : DHCPNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-3-11 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 32640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 Browser Manager;Browser Manager;c:\documents and settings\all users\application data\browser manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [2012-11-27 2402840]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-3-11 1990464]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-11-28 1868432]
R2 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2012-2-21 1168680]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
.
=============== File Associations ===============
.
.cmd: <filetype is not registered>
.pif: <filetype is not registered>
FileExt: .scr: Icad.load.scr - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]
FileExt: .ini: FreeOpener=notepad.exe %1
.vbe: <filetype is not registered>
FileExt: .js: FreeOpener=notepad.exe %1
.jse: <filetype is not registered>
.wsf: <filetype is not registered>
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-21 05:03:52	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-21 05:03:51	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 23:38:16	32640	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38:14	497952	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38:13	18096	----a-w-	c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37:35	34024	----a-w-	c:\windows\system32\cmdcsr.dll
2012-11-07 23:37:34	301264	----a-w-	c:\windows\system32\guard32.dll
2012-10-22 08:37:31	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-10-02 18:04:21	58368	----a-w-	c:\windows\system32\synceng.dll
2012-09-30 01:54:26	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-24 20:32:24	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-24 20:32:20	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-24 18:51:47	73728	----a-w-	c:\windows\system32\javacpl.cpl
.
============= FINISH: 7:47:50.45 ===============


----------



## jlski (Dec 2, 2002)

ATTACH File
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2010 11:56:12 AM
System Uptime: 11/29/2012 5:53:57 AM (2 hours ago)
.
Motherboard: Intel Corporation | | D101GGC
Processor: Intel(R) Celeron(R) D CPU 3.33GHz | | 3333/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 101.451 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.388 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&29C049B9&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&29C049B9&0
Service: i8042prt
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 
Device ID: ROOT\NET\0000
Manufacturer: 
Name: 
PNP Device ID: ROOT\NET\0000
Service: 
.
==== System Restore Points ===================
.
RP801: 9/1/2012 1:45:51 AM - System Checkpoint
RP802: 9/2/2012 1:47:05 AM - System Checkpoint
RP803: 9/3/2012 2:34:15 AM - System Checkpoint
RP804: 9/4/2012 3:15:23 AM - System Checkpoint
RP805: 9/5/2012 4:13:33 AM - System Checkpoint
RP806: 9/6/2012 5:12:29 AM - System Checkpoint
RP807: 9/7/2012 5:29:52 AM - System Checkpoint
RP808: 9/7/2012 3:03:53 PM - Installed Java(TM) 6 Update 35
RP809: 9/7/2012 3:05:16 PM - Installed Java Runtime Environment
RP810: 9/9/2012 12:46:36 AM - System Checkpoint
RP811: 9/10/2012 1:27:44 AM - System Checkpoint
RP812: 9/11/2012 7:23:03 AM - System Checkpoint
RP813: 9/12/2012 7:27:12 AM - System Checkpoint
RP814: 9/13/2012 3:00:18 AM - Software Distribution Service 3.0
RP815: 9/14/2012 3:40:06 AM - System Checkpoint
RP816: 9/15/2012 3:41:00 AM - System Checkpoint
RP817: 9/16/2012 4:40:26 AM - System Checkpoint
RP818: 9/17/2012 5:39:50 AM - System Checkpoint
RP819: 9/18/2012 6:39:05 AM - System Checkpoint
RP820: 9/19/2012 7:38:24 AM - System Checkpoint
RP821: 9/20/2012 8:36:13 AM - System Checkpoint
RP822: 9/21/2012 9:14:13 AM - System Checkpoint
RP823: 9/22/2012 9:34:12 AM - System Checkpoint
RP824: 9/22/2012 7:22:12 PM - Software Distribution Service 3.0
RP825: 9/23/2012 7:52:33 PM - System Checkpoint
RP826: 9/24/2012 6:23:07 AM - Removed Ask Toolbar.
RP827: 9/24/2012 6:30:05 AM - Removed Ask Toolbar.
RP828: 9/25/2012 6:44:07 AM - System Checkpoint
RP829: 9/26/2012 6:45:08 AM - System Checkpoint
RP830: 9/27/2012 8:58:33 AM - System Checkpoint
RP831: 9/28/2012 11:32:57 AM - System Checkpoint
RP832: 9/29/2012 11:41:56 AM - System Checkpoint
RP833: 9/30/2012 5:37:28 PM - System Checkpoint
RP834: 10/1/2012 6:13:38 PM - System Checkpoint
RP835: 10/2/2012 6:51:07 PM - System Checkpoint
RP836: 10/3/2012 9:22:42 PM - System Checkpoint
RP837: 10/4/2012 9:54:25 PM - System Checkpoint
RP838: 10/5/2012 11:37:39 PM - System Checkpoint
RP839: 10/7/2012 1:31:29 AM - System Checkpoint
RP840: 10/8/2012 1:45:16 AM - System Checkpoint
RP841: 10/9/2012 2:03:28 AM - System Checkpoint
RP842: 10/10/2012 2:25:55 AM - System Checkpoint
RP843: 10/11/2012 3:00:21 AM - Software Distribution Service 3.0
RP844: 10/12/2012 7:17:16 AM - System Checkpoint
RP845: 10/13/2012 8:09:33 AM - System Checkpoint
RP846: 10/14/2012 2:59:49 PM - System Checkpoint
RP847: 10/15/2012 3:31:26 PM - System Checkpoint
RP848: 10/16/2012 5:07:26 PM - System Checkpoint
RP849: 10/17/2012 5:49:59 PM - System Checkpoint
RP850: 10/18/2012 6:49:27 PM - System Checkpoint
RP851: 10/19/2012 6:55:15 PM - System Checkpoint
RP852: 10/20/2012 7:58:20 PM - System Checkpoint
RP853: 10/21/2012 11:07:11 PM - System Checkpoint
RP854: 10/22/2012 11:15:09 PM - System Checkpoint
RP855: 10/23/2012 11:42:59 PM - System Checkpoint
RP856: 10/25/2012 1:15:54 AM - System Checkpoint
RP857: 10/26/2012 1:53:19 AM - System Checkpoint
RP858: 10/27/2012 2:52:17 AM - System Checkpoint
RP859: 10/28/2012 7:52:05 AM - System Checkpoint
RP860: 10/29/2012 8:51:44 AM - System Checkpoint
RP861: 10/30/2012 9:49:06 AM - System Checkpoint
RP862: 10/30/2012 7:47:32 PM - Installed Java(TM) 6 Update 37
RP863: 10/31/2012 8:44:20 PM - System Checkpoint
RP864: 11/1/2012 11:25:37 PM - System Checkpoint
RP865: 11/3/2012 12:27:20 AM - System Checkpoint
RP866: 11/3/2012 11:59:59 PM - System Checkpoint
RP867: 11/5/2012 12:22:48 AM - System Checkpoint
RP868: 11/6/2012 12:40:16 AM - System Checkpoint
RP869: 11/7/2012 2:25:20 AM - System Checkpoint
RP870: 11/8/2012 2:38:32 AM - System Checkpoint
RP871: 11/9/2012 3:09:15 AM - System Checkpoint
RP872: 11/10/2012 3:34:36 AM - System Checkpoint
RP873: 11/11/2012 4:34:19 AM - System Checkpoint
RP874: 11/12/2012 7:32:59 AM - System Checkpoint
RP875: 11/13/2012 7:33:31 AM - System Checkpoint
RP876: 11/14/2012 8:32:47 AM - System Checkpoint
RP877: 11/15/2012 9:03:11 AM - System Checkpoint
RP878: 11/16/2012 3:00:20 AM - Software Distribution Service 3.0
RP879: 11/17/2012 3:34:52 AM - System Checkpoint
RP880: 11/18/2012 4:23:25 AM - System Checkpoint
RP881: 11/19/2012 6:29:02 AM - System Checkpoint
RP882: 11/20/2012 6:54:30 AM - System Checkpoint
RP883: 11/21/2012 7:05:05 AM - System Checkpoint
RP884: 11/22/2012 7:06:18 AM - System Checkpoint
RP885: 11/23/2012 7:16:39 AM - System Checkpoint
RP886: 11/24/2012 8:33:31 AM - System Checkpoint
RP887: 11/25/2012 10:45:11 AM - Installed Windows Internet Explorer 8.
RP888: 11/25/2012 10:46:26 AM - Software Distribution Service 3.0
RP889: 11/26/2012 3:00:20 AM - Software Distribution Service 3.0
RP890: 11/27/2012 3:55:20 AM - System Checkpoint
RP891: 11/28/2012 5:42:57 AM - Removed Claro Chrome Toolbar
RP892: 11/28/2012 11:56:36 AM - Installed WinZip 17.0
RP893: 11/29/2012 3:00:18 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI
Adobe Shockwave Player 11.6
AiO_Scan_CDA
AiOSoftwareNPI
ATI Display Driver
Big Fish Games: Game Manager
Browser Address Error Redirector
BufferChm
CCleaner
Comodo Dragon
COMODO Internet Security
COMODO livePCsupport
Comodo TrustConnect™ v.1.7.1
ContactKeeper 1.5.0
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
Digital Media Reader
DocProc
DVD Solution
eSupportQFolder
F300
F300_Help
F300Trb
Fax_CDA
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
HPProductAssistant
Internet Explorer (Enable DEP)
Java Auto Updater
Java(TM) 6 Update 37
Lost Treasures of Alexandria
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Namo WebEditor 5
NewCopy_CDA
Night In The Opera
OpenOffice.org 3.3
ProductContextNPI
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Software Suite eMachines
RoboForm 7-8-2-5 (All Users)
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype™ 5.10
SolutionCenter
Sonic Encoders
Sparkle
SpywareBlaster 4.6
Status
SUPERAntiSpyware
swMSM
System Requirements Lab for Intel
TigerCad version 3.001 Free
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 17.0
Workspace Desktop
.
==== Event Viewer Messages From Past Week ========
.
11/24/2012 4:56:44 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
11/24/2012 4:55:33 PM, error: Dhcp [1002] - The IP address lease 192.168.1.124 for the Network Card with network address 0016767832AA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


----------



## jlski (Dec 2, 2002)

ARK. File

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-29 10:19:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 HDT722516DLAT80 rev.V43OA96A
Running: e5ulmr7r.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwtyykog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xEDC447E4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xEDC43D90]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xEDC4444A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xEDC45040]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xEDC46C20]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xEDC46F9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xEDC4377C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)  ZwDeleteKey [0xEDC449D0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xEDC44BE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xEDC43582]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xEDC4582A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xEDC45A80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xEDC46652]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xEDC44058]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xEDC44626]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xEDC45030]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xEDC431B0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xEDC442F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xEDC433B4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xEDC45C8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xEDC460E2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xEDC45EA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xEDC455B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xEDC44E54]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xEDC4693E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xEDC4530A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xEDC43FC2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xEDC441DE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEDB24640]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xEDC43980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2480 80501CD0 4 Bytes [E8, 4B, C4, ED]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003BD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 003CBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 003CB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003BD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003C3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003C44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003C8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 003C8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003C9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\WinZip\WZQKPICK32.EXE[136] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 003C9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 007DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 007DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 007D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 007D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\svchost.exe[420] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 007D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] GDI32.dll!GetPixel 77F1B74C 3 Bytes JMP 007D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] GDI32.dll!GetPixel + 4  77F1B750 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[420] GDI32.dll!CreateDCA 77F1B7D2 3 Bytes JMP 007D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] GDI32.dll!CreateDCA + 4 77F1B7D6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[420] GDI32.dll!CreateDCW 77F1BE38 3 Bytes JMP 007D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[420] GDI32.dll!CreateDCW + 4 77F1BE3C 1 Byte [88]
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0095D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0096BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0096B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00967F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0095D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00965070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00965C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00963BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 009644D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00968D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] GDI32.dll!GetPixel  77F1B74C 5 Bytes JMP 00968AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00969E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00969D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[428] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[508] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A3D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00A4BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00A4B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A47F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A3D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A45070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A45C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A43BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A444D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00A48D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00A48AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00A49E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00A49D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[532] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 007C42C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\csrss.exe[560] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[560] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[592] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\services.exe[636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005DD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 005EBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 005EB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005E7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 005DD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005E5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005E5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005E3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005E44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 005DF870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\services.exe[636] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 005E8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 005E8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 005E9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[636] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 005E9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 007DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 007DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 007D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!CreateProcessAsUserA  77E10CE8 5 Bytes JMP 007D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\lsass.exe[648] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 007D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] GDI32.dll!GetPixel 77F1B74C 3 Bytes JMP 007D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] GDI32.dll!GetPixel + 4 77F1B750 1 Byte [88]
.text C:\WINDOWS\system32\lsass.exe[648] GDI32.dll!CreateDCA 77F1B7D2 3 Bytes JMP 007D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] GDI32.dll!CreateDCA + 4 77F1B7D6 1 Byte [88]
.text C:\WINDOWS\system32\lsass.exe[648] GDI32.dll!CreateDCW 77F1BE38 3 Bytes JMP 007D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[648] GDI32.dll!CreateDCW + 4 77F1BE3C 1 Byte [88]
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 029D42C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[772] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0066D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0067BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0067B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00677F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0066D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00675070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00675C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00673BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 006744D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00678D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00678AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00679E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[804] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00679D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] kernel32.dll!CreateProcessA  7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[816] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 007DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 007DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 007D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 007D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 007CF870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\svchost.exe[832] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 007D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] GDI32.dll!GetPixel 77F1B74C 3 Bytes JMP 007D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] GDI32.dll!GetPixel + 4 77F1B750 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[832] GDI32.dll!CreateDCA 77F1B7D2 3 Bytes JMP 007D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] GDI32.dll!CreateDCA + 4 77F1B7D6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[832] GDI32.dll!CreateDCW 77F1BE38 3 Bytes JMP 007D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[832] GDI32.dll!CreateDCW + 4 77F1BE3C 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 007DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 007DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 007D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 007D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 007CF870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\svchost.exe[904] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 007D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] GDI32.dll!GetPixel 77F1B74C 3 Bytes JMP 007D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] GDI32.dll!GetPixel + 4 77F1B750 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[904] GDI32.dll!CreateDCA 77F1B7D2 3 Bytes JMP 007D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] GDI32.dll!CreateDCA + 4 77F1B7D6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[904] GDI32.dll!CreateDCW 77F1BE38 3 Bytes JMP 007D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[904] GDI32.dll!CreateDCW + 4 77F1BE3C 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[904] rpcss.dll!WhichService 76A84234 8 Bytes JMP EDF0007C 
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[968] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[968] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 007DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 007DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 007D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 007D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 007CF870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\svchost.exe[1004] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 007D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] GDI32.dll!GetPixel 77F1B74C 3 Bytes JMP 007D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text  C:\WINDOWS\system32\svchost.exe[1004] GDI32.dll!GetPixel + 4 77F1B750 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1004] GDI32.dll!CreateDCA 77F1B7D2 3 Bytes JMP 007D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] GDI32.dll!CreateDCA + 4 77F1B7D6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1004] GDI32.dll!CreateDCW 77F1BE38 3 Bytes JMP 007D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] GDI32.dll!CreateDCW + 4 77F1BE3C 1 Byte [88]
.text C:\WINDOWS\eHome\ehSched.exe[1028] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1028] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1028] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1028] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1028] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1028] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text  C:\WINDOWS\eHome\ehSched.exe[1028] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1028] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1028] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1048] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003BD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 003CBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 003CB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003BD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003C3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003C44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003C8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 003C8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003C9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] GDI32.dll!CreateDCW  77F1BE38 5 Bytes JMP 003C9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Workspace\offSyncService.exe[1136] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 007DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 007DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 007D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 007D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\svchost.exe[1216] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 007D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] GDI32.dll!GetPixel 77F1B74C 3 Bytes JMP 007D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] GDI32.dll!GetPixel + 4 77F1B750 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1216] GDI32.dll!CreateDCA 77F1B7D2 3 Bytes JMP 007D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] GDI32.dll!CreateDCA + 4 77F1B7D6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1216] GDI32.dll!CreateDCW 77F1BE38 3 Bytes JMP 007D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1216] GDI32.dll!CreateDCW + 4 77F1BE3C 1 Byte [88]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0066D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0067BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0067B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00677F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0066D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00675070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00675C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00673BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 006744D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00678D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00678AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00679E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00679D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 015442C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1344] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 007DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 007DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 007D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 007D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\svchost.exe[1412] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 007D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] GDI32.dll!GetPixel 77F1B74C 3 Bytes JMP 007D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] GDI32.dll!GetPixel + 4 77F1B750 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1412] GDI32.dll!CreateDCA 77F1B7D2 3 Bytes JMP 007D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] GDI32.dll!CreateDCA + 4 77F1B7D6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1412] GDI32.dll!CreateDCW 77F1BE38 3 Bytes JMP 007D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1412] GDI32.dll!CreateDCW + 4 77F1BE3C 1 Byte [88]
.text C:\WINDOWS\Explorer.EXE[1424] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0087D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0088BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0088B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00887F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0087D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00885070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00885C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00883BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 008844D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00888D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00888AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00889E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00889D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1424] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A4D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00A5BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00A5B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A57F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A4D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A55070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A55C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A53BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A544D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00A58D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00A58AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00A59E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00A59D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1572] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\ehome\ehtray.exe[1796] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 012F42C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\WINDOWS\ehome\ehtray.exe[1796] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\ehtray.exe[1796] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 012342C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Digital Media Reader\readericon45G.exe[1804] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 027142C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\WINDOWS\RTHDCPL.EXE[1812] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1812] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00A442C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1844] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1860] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00780630 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1860] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00F942C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 003DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 003DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 003D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 003D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1888] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0097D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0098BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0098B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00987F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0097D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00985070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00985C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ADVAPI32.dll!CreateProcessAsUserW  77DEA8A9 5 Bytes JMP 00983BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 009844D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1888] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00988D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00988AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00989E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1888] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00989D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0091D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0092BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0092B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00927F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] ntdll.dll!LdrUnloadDll 7C9171CD 3 Bytes JMP 0091D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] ntdll.dll!LdrUnloadDll + 4 7C9171D1 1 Byte [84]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00925070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00925C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 012A42C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00928D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00928AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00929E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00929D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00923BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[1920] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 009244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 09E942C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1928] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00FA42C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1968] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0064D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0065BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0065B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00657F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0064D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00655070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00655C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00653BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 006544D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\HPZipm12.exe[2040] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00658D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00658AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00659E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\HPZipm12.exe[2040] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00659D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00AF42C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe[2148] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2336] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 007DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 007DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 007D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!CreateProcessAsUserA  77E10CE8 5 Bytes JMP 007D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\svchost.exe[2452] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 007D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] GDI32.dll!GetPixel 77F1B74C 3 Bytes JMP 007D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] GDI32.dll!GetPixel + 4 77F1B750 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[2452] GDI32.dll!CreateDCA 77F1B7D2 3 Bytes JMP 007D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] GDI32.dll!CreateDCA + 4 77F1B7D6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[2452] GDI32.dll!CreateDCW 77F1BE38 3 Bytes JMP 007D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2452] GDI32.dll!CreateDCW + 4 77F1BE3C 1 Byte [88]
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0095D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0096BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0096B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00967F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0095D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00965070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] kernel32.dll!CreateProcessA  7C80236B 5 Bytes JMP 00965C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00963BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 009644D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00968D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00968AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00969E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00969D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2476] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\svchost.exe[2492] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 007DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 007DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] kernel32.dll!CreateProcessA  7C80236B 5 Bytes JMP 007D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 007D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 007D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\system32\svchost.exe[2492] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 007D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] GDI32.dll!GetPixel 77F1B74C 3 Bytes JMP 007D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] GDI32.dll!GetPixel + 4 77F1B750 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[2492] GDI32.dll!CreateDCA 77F1B7D2 3 Bytes JMP 007D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] GDI32.dll!CreateDCA + 4 77F1B7D6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[2492] GDI32.dll!CreateDCW 77F1BE38 3 Bytes JMP 007D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2492] GDI32.dll!CreateDCW + 4 77F1BE3C 1 Byte [88]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] ntdll.dll!LdrUnloadDll  7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2592] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0058D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0059BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0059B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00597F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0058D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00595070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00595C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00593BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005944D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00598D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00598AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00599E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00599D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E354846 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3547C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35480B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E354753 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35478D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!DialogBoxIndirectParamA 7E456D7D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E354881 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20177A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E354A43 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003AD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 003BBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 003BB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003AD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00C542C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003B8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 003B8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003B9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 003B9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003B3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2824] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003B44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 006DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 006DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 006CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 006D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 006D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 006D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 006D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] GDI32.dll!CreateDCA  77F1B7D2 5 Bytes JMP 006D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 006D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[3116] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 100042C0 c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\WINDOWS\System32\alg.exe[3280] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] ADVAPI32.dll!CreateProcessAsUserW  77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3280] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 008242C0 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
.text C:\WINDOWS\eHome\ehmsas.exe[3476] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] ADVAPI32.dll!CreateProcessAsUserW  77DEA8A9 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehmsas.exe[3476] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\62B17165-9056-4E51-BEDE-29C0845DF66F.data.info 86 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\831603C1-4F8A-4960-9BEF-24AB49400828.data 1045504 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\831603C1-4F8A-4960-9BEF-24AB49400828.data.info 238 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\85F43CE8-E341-45CB-9064-88CC52948ADA.data 211000 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\85F43CE8-E341-45CB-9064-88CC52948ADA.data.info 284 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AD1977F3-ABC2-4BBC-A8F1-36AA878F23A2.data 4117 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AD1977F3-ABC2-4BBC-A8F1-36AA878F23A2.data.info 270 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B7912664-08A7-4013-B653-4FE62E0AB509.data 2293168 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B7912664-08A7-4013-B653-4FE62E0AB509.data.info 240 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C23F7AE2-FCB8-40DA-A4FC-493A25906BA3.data 79436 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C23F7AE2-FCB8-40DA-A4FC-493A25906BA3.data.info 240 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F75485D4-521B-44A9-93F0-C890529FB12D.data 1852264 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F75485D4-521B-44A9-93F0-C890529FB12D.data.info 278 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\Cookies 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\History 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\History\History.IE5 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\Temporary Internet Files 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\Temporary Internet Files\Content.IE5 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0E496BBC-D824-47CE-8094-4FFC320885D6.data 1045504 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0E496BBC-D824-47CE-8094-4FFC320885D6.data.info 238 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\30F56BE5-971F-4DAF-973A-E8E4D9A3A9FF.data 2078136 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\30F56BE5-971F-4DAF-973A-E8E4D9A3A9FF.data.info 240 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3B31EE13-81CF-459B-AE81-83DB91012519.data 56236 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3B31EE13-81CF-459B-AE81-83DB91012519.data.info 304 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\62B17165-9056-4E51-BEDE-29C0845DF66F.data 2419783 bytes executable

---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## jlski (Dec 2, 2002)

No objects detected and no log file produced.


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## jlski (Dec 2, 2002)

ComboFix 12-12-01.01 - Owner 11/30/2012 21:14:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.462 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\puppy.exe.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\System
c:\documents and settings\Owner\System\win_qs8.jqx
c:\documents and settings\Owner\WINDOWS
C:\index.htm
c:\windows\system32\aosmtp.dll
c:\windows\system32\Cache
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET35C.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\Update.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-11-30 13:38 . 2012-11-30 13:38	--------	d-----w-	c:\documents and settings\Owner\Application Data\WinZip
2012-11-29 21:59 . 2012-11-29 21:59	--------	d-----w-	c:\windows\ERUNT
2012-11-29 21:58 . 2012-11-29 21:58	--------	d-----w-	C:\JRT
2012-11-29 02:14 . 2012-11-29 02:14	--------	d-----w-	c:\program files\bfgclient
2012-11-28 20:11 . 2012-11-28 20:11	--------	d-----w-	c:\program files\SystemRequirementsLab
2012-11-28 17:59 . 2012-11-28 17:59	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2012-11-28 17:56 . 2012-11-28 17:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2012-11-28 11:18 . 2012-11-28 11:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-11-28 02:46 . 2012-11-28 02:46	--------	d-----w-	c:\documents and settings\Owner\Application Data\Angler
2012-11-28 02:35 . 2012-11-28 02:36	--------	d-----w-	c:\program files\Night In The Opera
2012-11-28 02:14 . 2012-11-29 02:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\Big Fish Games
2012-11-28 02:12 . 2012-11-29 02:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\BigFishGamesCache
2012-11-27 16:51 . 2012-11-27 16:51	--------	d-----w-	c:\windows\system32\searchplugins
2012-11-27 16:51 . 2012-11-27 16:51	--------	d-----w-	c:\windows\system32\Extensions
2012-11-27 16:49 . 2012-11-27 16:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\Browser Manager
2012-11-27 16:48 . 2012-11-27 16:48	--------	d-----w-	c:\documents and settings\Owner\Application Data\Babylon
2012-11-27 16:48 . 2012-11-27 16:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\Babylon
2012-11-27 16:32 . 2001-08-17 18:11	96640	-c--a-w-	c:\windows\system32\dllcache\b57xp32.sys
2012-11-27 16:32 . 2001-08-17 18:11	96640	----a-w-	c:\windows\system32\drivers\b57xp32.sys
2012-11-25 16:43 . 2012-08-27 19:12	78336	-c--a-w-	c:\windows\system32\dllcache\ieencode.dll
2012-11-25 16:43 . 2012-08-27 19:12	78336	----a-w-	c:\windows\system32\ieencode.dll
2012-11-15 04:37 . 2012-11-15 04:37	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\CRE
2012-11-01 11:53 . 2012-11-01 11:55	--------	d-----w-	c:\program files\WildTangent Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 05:03 . 2012-05-08 04:05	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-21 05:03 . 2011-07-04 20:39	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2007-07-11 20:28	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2007-07-11 20:27	58368	----a-w-	c:\windows\system32\synceng.dll
2012-09-30 01:54 . 2011-09-07 03:06	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-24 20:32 . 2012-07-22 11:48	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-24 20:32 . 2011-04-27 18:36	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-24 18:51 . 2012-07-22 11:48	73728	----a-w-	c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ContactKeeper Birthday reminder"="c:\program files\ContactKeeper\ContactKeeper.exe" [2011-11-11 921600]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-09-04 109336]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-28 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
KybtecWcCaller.exe [2006-12-3 6144]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Microsoft Find Fast.lnk - c:\program files\Adobe\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE [1997-8-5 16304]
Office Startup.lnk - c:\program files\Adobe\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE [1997-8-5 16304]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-10-18 685496]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Namo\\WebEditor 5\\bin\\WebEditor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [11/27/2012 10:49 AM 2402840]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\COMODO\Dragon\dragon_updater.exe [11/28/2012 5:45 AM 1868432]
R2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2/21/2012 8:58 AM 1168680]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 05:03]
.
2012-12-01 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2012-12-01 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-11 07:39]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-11 07:39]
.
2012-12-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
2012-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
2012-12-01 c:\windows\Tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Password Generator - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: RoboForm TaskBar Icon - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: secureserver.net\email14
TCP: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 8.26.56.26,156.154.70.22
.
.
------- File Associations -------
.
.scr=Icad.load.scr
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{154d932f-dc51-4a4f-9d52-b78b1419d3b4} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-30 21:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\WININET.dll
c:\program files\Workspace\offsyncext.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\documents and settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\RTHDCPL.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2012-11-30 21:28:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-01 03:28
.
Pre-Run: 109,076,766,720 bytes free
Post-Run: 109,422,456,832 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /SOS
.
- - End Of File - - EE3894FAC3DCF0B760388689573C32E4


----------



## Cookiegal (Aug 27, 2003)

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished it will ask to reboot so please allow this.

After the reboot a log will be produced. Please copy and paste the log into your next reply.


----------



## jlski (Dec 2, 2002)

# AdwCleaner v2.010 - Logfile created 12/01/2012 at 17:42:51
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - JERRYSCOMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Browser Manager

***** [Files / Folders] *****

File Found : C:\WINDOWS\system32\conduitEngine.tmp
File Found : C:\WINDOWS\Tasks\Browser Manager.job
File Found : C:\WINDOWS\Uninstall.exe
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\Browser Manager
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\Owner\Application Data\Babylon
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\BitTorrentBar
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Found : C:\Documents and Settings\Owner\Start Menu\Programs\Browser Manager
Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\BitTorrentBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BitTorrentBar
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2300955
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3000930
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64735F3B-D7A4-45B3-88A1-4D86A432304A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A567AA91-6345-4954-AF0F-0D809EA4DB49}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKU\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80197&lng=en
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80197

-\\ Google Chrome v23.0.1271.95

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.18] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "hxxp://www.claro-search.com/?affID=117465&tt=4812_4&babsrc=HP_ss&mntrId=742510ee0000000000000016767832aa" ]
Found [l.2901] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "hxxp://www.claro-search.com/?affID=117465&tt=4812_4&babsrc=HP_ss&mntrId=742510ee0000000000000016767832aa" ]

*************************

AdwCleaner[R1].txt - [7905 octets] - [01/12/2012 17:42:51]

########## EOF - C:\AdwCleaner[R1].txt - [7965 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please run Adwcleaner again and this time select "delete" and post the new log.


----------



## jlski (Dec 2, 2002)

# AdwCleaner v2.010 - Logfile created 12/01/2012 at 18:36:51
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - JERRYSCOMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\Browser Manager
Deleted on reboot : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Deleted on reboot : C:\WINDOWS\system32\Zynga
Deleted on reboot : C:\WINDOWS\Zynga
File Deleted : C:\WINDOWS\Uninstall.exe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\BitTorrentBar
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\BitTorrentBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2300955
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3000930
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64735F3B-D7A4-45B3-88A1-4D86A432304A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A567AA91-6345-4954-AF0F-0D809EA4DB49}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKU\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80197&lng=en --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80197 --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.95

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.18] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48"[...]
Deleted [l.2901] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "[...]

*************************

AdwCleaner[R1].txt - [8034 octets] - [01/12/2012 17:42:51]
AdwCleaner[R2].txt - [8094 octets] - [01/12/2012 18:35:51]
AdwCleaner[S2].txt - [7697 octets] - [01/12/2012 18:36:51]

########## EOF - C:\AdwCleaner[S2].txt - [7757 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## jlski (Dec 2, 2002)

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-01 21:40:26
-----------------------------
21:40:26.500 OS Version: Windows 5.1.2600 Service Pack 3
21:40:26.500 Number of processors: 1 586 0x604
21:40:26.500 ComputerName: JERRYSCOMP UserName: Owner
21:40:31.828 Initialize success
21:46:21.640 AVAST engine defs: 12120100
21:47:11.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
21:47:11.937 Disk 0 Vendor: HDT722516DLAT80 V43OA96A Size: 157066MB BusType: 3
21:47:11.937 Disk 0 MBR read successfully
21:47:11.937 Disk 0 MBR scan
21:47:12.156 Disk 0 unknown MBR code
21:47:12.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152954 MB offset 8401995
21:47:12.218 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4102 MB offset 63
21:47:12.250 Disk 0 scanning sectors +321653430
21:47:12.343 Disk 0 scanning C:\WINDOWS\system32\drivers
21:47:35.203 Service scanning
21:48:04.640 Modules scanning
21:48:13.859 Disk 0 trace - called modules:
21:48:13.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
21:48:14.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85572ab8]
21:48:14.390 3 CLASSPNP.SYS[f76c2fd7] -> nt!IofCallDriver -> \Device\00000088[0x855cd820]
21:48:14.390 5 ACPI.sys[f74d9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-16[0x855d0d98]
21:48:15.468 AVAST engine scan C:\WINDOWS
21:48:42.125 AVAST engine scan C:\WINDOWS\system32
21:53:36.656 AVAST engine scan C:\WINDOWS\system32\drivers
21:54:07.656 AVAST engine scan C:\Documents and Settings\Owner
21:54:51.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
21:54:51.171 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
22:09:22.156 AVAST engine scan C:\Documents and Settings\All Users
22:11:38.843 Scan finished successfully
22:13:42.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:13:42.328 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## jlski (Dec 2, 2002)

OTL logfile created on: 12/2/2012 3:24:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.59 Mb Total Physical Memory | 439.77 Mb Available Physical Memory | 49.21% Memory free
2.11 Gb Paging File | 1.56 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.37 Gb Total Space | 101.62 Gb Free Space | 68.03% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 1.39 Gb Free Space | 34.71% Space Free | Partition Type: FAT32
Drive J: | 7.45 Gb Total Space | 3.55 Gb Free Space | 47.59% Space Free | Partition Type: FAT32

Computer Name: JERRYSCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/11/30 21:54:49 | 001,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/11/30 21:54:49 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/11/28 06:21:28 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/11/28 05:45:16 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
PRC - [2012/11/12 04:05:14 | 002,402,840 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
PRC - [2012/10/18 17:00:00 | 000,685,496 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2012/09/04 05:11:31 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe
PRC - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 18:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 19:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/28 05:45:16 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
MOD - [2012/11/12 04:05:14 | 002,402,840 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
MOD - [2012/11/12 04:03:58 | 002,147,352 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/11/30 21:54:49 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/11/28 05:45:16 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/11/20 23:03:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/12 04:05:14 | 002,402,840 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\puppy.exe\catchme.sys -- (catchme)
DRV - [2012/11/30 21:54:50 | 000,132,296 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2012/11/30 21:54:50 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/30 21:54:50 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2006/04/06 00:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/01/18 04:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 07:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 18:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/16 18:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/16 18:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{090F55E8-FB85-465B-9F91-F3B22DC17939}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_en
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=117465&tt=4812_4&babsrc=SP_ss&mntrId=742510ee0000000000000016767832aa
IE - HKCU\..\SearchScopes\{161CE5A3-5CAB-48A3-8538-EE949896E6FA}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{4EE32D15-65AB-409B-AAEC-26208C52A67C}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{A1BA6E36-5D80-49D3-B80B-DD84E69A85B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,6901,0,8,0
IE - HKCU\..\SearchScopes\{CDD4F616-9BF2-4E6D-8460-73D49EF70E41}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=91AD6A88-13B1-4453-B562-E522C9210DD3&apn_sauid=C27CB996-DAFE-4308-9AC7-808CEE93C0F8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/18 09:24:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012/11/27 10:49:15 | 000,000,000 | ---D | M]

[2011/11/03 04:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npwbe.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: Produtools Manuals 2.1 = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/11/30 21:24:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKCU..\Run: [ContactKeeper Birthday reminder] C:\Program Files\ContactKeeper\ContactKeeper.exe (ContactKeeper)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Adobe\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Adobe\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\KybtecWcCaller.exe ( )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: RoboForm Editor - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: secureserver.net ([email14] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354034315693 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 19:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/12/02 15:24:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/12/02 12:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
[2012/12/01 21:39:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/11/30 22:25:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/30 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/11/30 21:54:52 | 000,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/11/30 21:54:52 | 000,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/11/30 21:54:52 | 000,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/11/30 21:54:52 | 000,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/11/30 21:08:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/30 21:06:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/30 21:06:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/30 21:06:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/30 20:57:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/30 20:57:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/30 20:42:15 | 005,009,291 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\puppy.exe.exe
[2012/11/30 16:39:47 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/11/30 07:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinZip
[2012/11/29 15:59:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/11/29 15:58:57 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/29 07:45:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2012/11/29 05:52:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/11/28 20:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2012/11/28 14:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/11/28 11:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip
[2012/11/28 11:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/11/28 11:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/11/28 05:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/11/28 04:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography
[2012/11/27 20:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Angler
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Night In The Opera
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Night In The Opera
[2012/11/27 20:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/11/27 20:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2012/11/27 10:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/11/27 10:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/11/27 10:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2012/11/27 10:32:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2012/11/27 10:32:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/11/25 10:43:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/11/25 10:43:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2012/11/25 08:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\My Photos
[2012/11/24 08:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Post Photos
[2012/11/14 22:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CRE
[2012/11/07 06:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Sleep Packet
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/02 15:32:10 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012/12/02 15:31:19 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
[2012/12/02 15:30:22 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/12/02 15:21:28 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LearnMyShot - Search.url
[2012/12/02 15:11:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/02 15:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006UA.job
[2012/12/02 14:59:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/02 14:56:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/12/02 14:07:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006Core.job
[2012/12/02 13:20:40 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/02 13:20:40 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/12/02 13:20:40 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/02 13:20:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/02 13:08:54 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX Forecast.url
[2012/12/02 12:43:51 | 000,002,037 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX - Weather Radar.url
[2012/12/02 07:18:01 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 22:13:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/12/01 21:39:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/12/01 21:06:44 | 000,301,480 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\woodfungus_4.JPG
[2012/12/01 21:02:02 | 000,005,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 20:56:31 | 000,000,324 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Depth of Field Experiments Core Dump.url
[2012/12/01 20:47:52 | 000,158,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ironhorse_3_Reworked.JPG
[2012/12/01 20:40:41 | 004,067,196 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_4145.JPG
[2012/12/01 19:06:14 | 000,264,828 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Out On A Limb_2.JPG
[2012/12/01 18:52:56 | 000,092,158 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Homemade Summer Sausage_2.jpg
[2012/12/01 18:33:47 | 000,579,719 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Homemade Summer Sausage.JPG
[2012/12/01 17:44:15 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal - Tech Support Guy Forums.url
[2012/12/01 17:01:58 | 000,533,705 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2012/12/01 16:28:04 | 000,006,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Forecast.url
[2012/12/01 10:04:55 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/01 08:53:36 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/01 08:53:27 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/30 21:56:24 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/11/30 21:54:50 | 000,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/11/30 21:54:50 | 000,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/11/30 21:54:50 | 000,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/11/30 21:54:50 | 000,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/11/30 21:24:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/30 21:09:03 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2012/11/30 20:42:15 | 005,009,291 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\puppy.exe.exe
[2012/11/30 16:39:57 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/11/29 21:27:24 | 000,014,424 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/11/29 16:00:40 | 000,000,321 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Downloading Junkware Removal Tool.url
[2012/11/29 12:00:43 | 000,057,060 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MSCONFIG_3.gif
[2012/11/29 12:00:08 | 000,026,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MSCONFIG_2.gif
[2012/11/29 11:59:42 | 000,025,693 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MSCONFIG_1.gif
[2012/11/29 07:50:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe
[2012/11/29 07:45:47 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2012/11/28 20:15:44 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 11:57:22 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 11:57:22 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/11/28 11:19:19 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/28 11:14:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/28 10:46:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/28 08:40:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/28 07:02:29 | 000,012,910 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Reboot3.gif
[2012/11/28 06:59:37 | 000,006,608 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Reboot2.gif
[2012/11/28 06:58:30 | 000,006,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Reboot1.gif
[2012/11/28 05:39:58 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/28 05:18:37 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/28 05:16:11 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Home.url
[2012/11/28 04:15:37 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tower Laboratories Pauling Therapy Store Home Page.url
[2012/11/27 20:36:16 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/27 16:51:05 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/11/25 10:23:02 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:55 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:47 | 001,133,113 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[2012/11/20 23:03:52 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/11/20 23:03:51 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/11/19 11:47:48 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs.url
[2012/11/19 11:47:03 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Got Milk.url
[2012/11/19 11:46:54 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gluco-z - Google Search.url
[2012/11/19 11:46:38 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs is Possible.url
[2012/11/19 05:25:31 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\All You Need is C.url
[2012/11/19 04:51:08 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GlucoZ Order Now.url
[2012/11/17 15:24:21 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FRACTION TO DECIMAL AND MM TABLE.url
[2012/11/16 03:30:39 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/16 03:04:30 | 000,493,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/16 03:04:30 | 000,089,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/14 22:44:23 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Project Gutenberg - free ebooks.url
[2012/11/13 22:00:38 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Italian Dish - Posts - Stuffed Focaccia Bread with Sausage and*Onions.url
[2012/11/13 22:00:24 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Laser Hacker! Free energy made easy..url
[2012/11/12 05:06:00 | 000,004,412 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Self Sufficiency and the Country Life.url
[2012/11/09 18:52:17 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Pesto and Truffles URBANI TRUFFLES - real italian truffles online shop.url
[2012/11/07 18:26:15 | 000,001,999 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Meat Doneness Chart.url
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/02 15:21:28 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LearnMyShot - Search.url
[2012/12/02 13:20:55 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job
[2012/12/02 07:18:01 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 21:54:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/12/01 21:06:44 | 000,301,480 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\woodfungus_4.JPG
[2012/12/01 20:47:52 | 000,158,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ironhorse_3_Reworked.JPG
[2012/12/01 20:40:40 | 004,067,196 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_4145.JPG
[2012/12/01 19:06:14 | 000,264,828 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Out On A Limb_2.JPG
[2012/12/01 18:52:56 | 000,092,158 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Homemade Summer Sausage_2.jpg
[2012/12/01 18:33:46 | 000,579,719 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Homemade Summer Sausage.JPG
[2012/12/01 17:44:15 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal - Tech Support Guy Forums.url
[2012/12/01 17:01:55 | 000,533,705 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2012/12/01 10:04:55 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/01 08:53:35 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/01 08:53:26 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 08:53:20 | 000,005,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 08:53:10 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Depth of Field Experiments Core Dump.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/30 21:56:24 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/11/30 21:09:03 | 000,000,202 | ---- | C] () -- C:\Boot.bak
[2012/11/30 21:09:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/30 21:06:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/30 21:06:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/30 21:06:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/30 21:06:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/30 21:06:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/30 21:06:45 | 000,060,416 | ---- | C] () -- C:\WINDOWS\NIRCMD.exe
[2012/11/29 15:59:33 | 000,000,321 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Downloading Junkware Removal Tool.url
[2012/11/29 12:00:43 | 000,057,060 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MSCONFIG_3.gif
[2012/11/29 11:57:31 | 000,026,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MSCONFIG_2.gif
[2012/11/29 11:56:54 | 000,025,693 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MSCONFIG_1.gif
[2012/11/29 07:49:58 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\e5ulmr7r.exe
[2012/11/28 20:15:44 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 20:14:53 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2012/11/28 20:14:52 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2012/11/28 11:57:22 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 11:57:15 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/11/28 10:41:02 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/28 07:01:21 | 000,012,910 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Reboot3.gif
[2012/11/28 06:56:45 | 000,006,608 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Reboot2.gif
[2012/11/28 06:56:16 | 000,006,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Reboot1.gif
[2012/11/28 05:18:37 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/27 20:36:16 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/25 10:23:01 | 000,001,025 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:54 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:41 | 001,133,113 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[2012/11/19 11:47:47 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs.url
[2012/11/19 11:47:03 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Got Milk.url
[2012/11/19 11:46:54 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gluco-z - Google Search.url
[2012/11/19 11:46:46 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Tower Laboratories Pauling Therapy Store Home Page.url
[2012/11/19 11:46:38 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs is Possible.url
[2012/11/19 05:25:31 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\All You Need is C.url
[2012/11/19 04:51:08 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GlucoZ Order Now.url
[2012/11/13 22:00:37 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The Italian Dish - Posts - Stuffed Focaccia Bread with Sausage and*Onions.url
[2012/11/13 22:00:24 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Laser Hacker! Free energy made easy..url
[2012/11/09 18:52:17 | 000,001,642 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Pesto and Truffles URBANI TRUFFLES - real italian truffles online shop.url
[2012/11/07 18:26:15 | 000,001,999 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Meat Doneness Chart.url
[2012/03/15 20:38:13 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/02/14 22:09:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/24 00:00:57 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2011/11/28 15:17:55 | 000,001,582 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/10/15 19:07:59 | 002,463,996 | ---- | C] () -- C:\Documents and Settings\Owner\canaon basic.pdf
[2011/10/15 19:07:58 | 003,295,971 | ---- | C] () -- C:\Documents and Settings\Owner\Canon Manual.pdf
[2011/09/23 10:53:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/10 05:55:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2011/08/27 15:52:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\settings.dat
[2011/08/18 22:50:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/18 22:50:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/07 19:43:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/12/31 12:32:22 | 000,109,921 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/12/31 12:32:21 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/12/31 12:01:00 | 000,086,410 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/12/31 11:56:29 | 000,109,947 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2010/12/31 11:56:29 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2010/11/08 09:40:18 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/30 19:01:55 | 000,014,424 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/06 05:56:01 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Owner\AddressBook
[2010/05/20 15:32:08 | 000,005,790 | R--- | C] () -- C:\Program Files\EULA.nor
[2010/04/14 06:20:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2009/01/09 18:07:22 | 000,007,547 | R--- | C] () -- C:\Program Files\EULA.ger
[2009/01/09 18:07:22 | 000,006,808 | R--- | C] () -- C:\Program Files\EULA.itn
[2009/01/09 18:07:22 | 000,006,748 | R--- | C] () -- C:\Program Files\EULA.rus
[2009/01/09 18:07:22 | 000,006,668 | R--- | C] () -- C:\Program Files\EULA.pol
[2009/01/09 18:07:22 | 000,006,300 | R--- | C] () -- C:\Program Files\EULA.spa
[2009/01/09 18:07:22 | 000,006,120 | R--- | C] () -- C:\Program Files\EULA.dut
[2009/01/09 18:07:22 | 000,005,968 | R--- | C] () -- C:\Program Files\EULA.frn
[2009/01/09 18:07:22 | 000,005,461 | R--- | C] () -- C:\Program Files\EULA.swe
[2009/01/09 18:07:22 | 000,005,452 | R--- | C] () -- C:\Program Files\EULA.brz
[2009/01/09 18:07:22 | 000,005,304 | R--- | C] () -- C:\Program Files\EULA.cze
[2009/01/09 18:07:22 | 000,005,237 | R--- | C] () -- C:\Program Files\EULA.jpn
[2009/01/09 18:07:22 | 000,004,849 | R--- | C] () -- C:\Program Files\EULA.eng
[2009/01/09 18:07:22 | 000,004,711 | R--- | C] () -- C:\Program Files\EULA.kor
[2009/01/09 18:07:22 | 000,003,380 | R--- | C] () -- C:\Program Files\EULA.cht
[2009/01/09 18:07:22 | 000,003,345 | R--- | C] () -- C:\Program Files\EULA.chs

========== ZeroAccess Check ==========

[2005/01/09 19:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

OTL Extras logfile created on: 12/2/2012 3:24:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.59 Mb Total Physical Memory | 439.77 Mb Available Physical Memory | 49.21% Memory free
2.11 Gb Paging File | 1.56 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.37 Gb Total Space | 101.62 Gb Free Space | 68.03% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 1.39 Gb Free Space | 34.71% Space Free | Partition Type: FAT32
Drive J: | 7.45 Gb Total Space | 3.55 Gb Free Space | 47.59% Space Free | Partition Type: FAT32

Computer Name: JERRYSCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.scr [@ = Icad.load.scr] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Namo\WebEditor 5\bin\WebEditor.exe" = C:\Program Files\Namo\WebEditor 5\bin\WebEditor.exe:*:Enabled:Namo WebEditor 5 -- (Namo Interactive Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8DCC4911-EC3D-41E9-85C9-168CA356EFE1}" = Lost Treasures of Alexandria
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core
"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core - English
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0696CA8-CD01-4E27-BB5E-702CA0A9ED29}" = Namo WebEditor 5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AI RoboForm" = RoboForm 7-8-2-5 (All Users)
"ATI Display Driver" = ATI Display Driver
"BFGC" = Big Fish Games: Game Manager
"BFG-Night In The Opera" = Night In The Opera
"CCleaner" = CCleaner
"Comodo Dragon" = Comodo Dragon
"COMODO Internet Security" = COMODO Internet Security
"ContactKeeper_is1" = ContactKeeper 1.5.0
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"QuickTime" = QuickTime
"RealPlayer 15.0" = RealPlayer
"Sparkle" = Sparkle
"SpywareBlaster_is1" = SpywareBlaster 4.6
"TigerCad_is1" = TigerCad version 3.001 Free
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"workspacedesktop" = Workspace Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2012 3:20:45 PM | Computer Name = JERRYSCOMP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/2/2012 3:20:45 PM | Computer Name = JERRYSCOMP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/2/2012 4:56:04 PM | Computer Name = JERRYSCOMP | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0xC004F018

Error - 12/2/2012 4:56:04 PM | Computer Name = JERRYSCOMP | Source = MatSvc | ID = 262148
Description = The MATS service encountered a failure when uploading data. hr=0xC004F018

Error - 12/2/2012 5:01:01 PM | Computer Name = JERRYSCOMP | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0xC004F018

Error - 12/2/2012 5:01:01 PM | Computer Name = JERRYSCOMP | Source = MatSvc | ID = 262148
Description = The MATS service encountered a failure when uploading data. hr=0xC004F018

Error - 12/2/2012 5:02:48 PM | Computer Name = JERRYSCOMP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/2/2012 5:02:48 PM | Computer Name = JERRYSCOMP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/2/2012 5:10:50 PM | Computer Name = JERRYSCOMP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/2/2012 5:10:50 PM | Computer Name = JERRYSCOMP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 11/27/2012 9:57:32 PM | Computer Name = JERRYSCOMP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/30/2012 10:57:28 PM | Computer Name = JERRYSCOMP | Source = Service Control Manager | ID = 7031
Description = The Browser Manager service terminated unexpectedly. It has done 
this 1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 11/30/2012 11:06:19 PM | Computer Name = JERRYSCOMP | Source = Service Control Manager | ID = 7031
Description = The Browser Manager service terminated unexpectedly. It has done 
this 1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 11/30/2012 11:51:01 PM | Computer Name = JERRYSCOMP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'nckkof.sys' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 11/30/2012 11:51:43 PM | Computer Name = JERRYSCOMP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
iaStor
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 12/1/2012 12:32:00 AM | Computer Name = JERRYSCOMP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'lhldjq.sys' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 12/1/2012 12:32:02 AM | Computer Name = JERRYSCOMP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/1/2012 12:32:54 AM | Computer Name = JERRYSCOMP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
iaStor
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please navigate to the following file:

C:\WINDOWS\System32\.ini

Right click the ".ini" file and select "Open with" and then Notepad and copy and paste the contents here please.

Also, please do the following:

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
PRC - [2012/11/12 04:05:14 | 002,402,840 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
MOD - [2012/11/12 04:05:14 | 002,402,840 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
MOD - [2012/11/12 04:03:58 | 002,147,352 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
SRV - [2012/11/12 04:05:14 | 002,402,840 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager)
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=117465&tt=4812_4&babsrc=SP_ss&mntrId=742510ee0000000 000000016767832aa
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plug ins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plug ins/np-cwmp.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
[2012/12/02 12:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## jlski (Dec 2, 2002)

Not showing a C:\WINDOWS\System32\.ini folder, just system & sysystem32.


----------



## jlski (Dec 2, 2002)

Sorry, I missed it found.


----------



## jlski (Dec 2, 2002)

The only ini file showing is initpki. The file snapshot is attached.


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
C:\WINDOWS\System32\.ini
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## jlski (Dec 2, 2002)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:48 on 02/12/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "C:\WINDOWS\System32\.ini"
No files found.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## jlski (Dec 2, 2002)

OTS Attached


----------



## Cookiegal (Aug 27, 2003)

OTS is reporting that file exists. Please look again in the System32 folder. It would probably be the very first file at the top (not listed with the others that start with the letter "i" as in your screenshot.

C:\WINDOWS\System32\*.ini*

If you can attach a screenshot of the top and bottom of that folder that may be helpful.


----------



## jlski (Dec 2, 2002)

Soory, you said files and was thinking folders. Rechecking.


----------



## jlski (Dec 2, 2002)

Found an ini type file at the top that was not named. I checked the properties andd it said opens with notepad, however the file is not named as in the snapshot. The file is in the third row to the right.


----------



## Cookiegal (Aug 27, 2003)

OK, that's the one we want, the one with no name (under the wins folder on the right side in the last two screenshots). Please right-click on that file and then select "open with" and then Notepad and copy and paste the contents here.


----------



## jlski (Dec 2, 2002)

dC:\Program Files\COMODO\COMODO Internet Security\
e
k80000002\SYSTEM\Software\Comodo\Firewall Pro
k80000001\Software\CFP
k80000002\Software\CFP
k80000001\Software\ComodoGroup\CDI\1
k80000001\Software\ComodoGroup\CDI
k80000002\System\Software\Comodo\Firewall Pro
k80000002\System\Software\Comodo
k80000002\System\Software
k80000002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\COMODO Internet Security
k80000002\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\COMODO Internet Security
a80000002\Software\ComodoGroup\internet security
a80000002\Software\ComodoGroup\firewall
a80000002\Software\ComodoGroup\antivirus
a80000002\Software\ComodoGroup\cis
a80000002\Software\ComodoGroup\cfp
a80000001\Software\ComodoGroup\internet security
a80000001\Software\ComodoGroup\firewall
a80000001\Software\ComodoGroup\antivirus
a80000001\Software\ComodoGroup\cis
a80000001\Software\ComodoGroup\cfp
dC:\Documents and Settings\All Users\Application Data\Comodo\Firewall Pro
dC:\Documents and Settings\All Users\Application Data\Comodo\tmp
dC:\Documents and Settings\All Users\Application Data\Comodo\Installer
dC:\Documents and Settings\All Users\Application Data\Comodo\Cis
dC:\Documents and Settings\All Users\Application Data\Comodo\CisDumps
eC:\Documents and Settings\All Users\Application Data\Comodo
dC:\Documents and Settings\Owner\Local Settings\Application Data\Comodo\.tmp
eC:\Documents and Settings\Owner\Local Settings\Application Data\Comodo
dC:\DOCUME~1\Owner\LOCALS~1\Temp\\Comodo
dC:\VritualRoot
k80000002\System\VritualRoot


----------



## Cookiegal (Aug 27, 2003)

It looks like it's part of Comodo but odd just the same.

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## jlski (Dec 2, 2002)

What do I do with found threats?


----------



## Cookiegal (Aug 27, 2003)

Did you "Put a check by Remove found threats and then run the scan" as stated in the instructions?


----------



## jlski (Dec 2, 2002)

Disregard last question.

While I was scanning ESET, Comodo found 7 viruses. Not knowing what you would want me to do in this case I quarantined them. I can attach them later if you wish. Below is the log results.


[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=7.00.6000.17114 (vista_gdr.120824-1002)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=6098c658698fbf4ebb20fbc16a5cd4d5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-07 02:03:06
# local_time=2012-12-06 08:03:06 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3074 16777213 83 49 0 0 0 0
# scanned=109844
# found=1
# cleaned=1
# scan_time=7017
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP896\A0226250.data	Win32/TrojanDownloader.Agent.QYK trojan (cleaned by deleting - quarantined)	A7F09E021231BAC86FAD08DD683024BC978CED60	C


----------



## Cookiegal (Aug 27, 2003)

Please post the log from Comodo to show what it quarantined.


----------



## jlski (Dec 2, 2002)

Comodo quarantined files - had to take snap shot., access to log denied.


----------



## Cookiegal (Aug 27, 2003)

Please place the cursor over the line in the top portion beside the date and drag that column over to the right so you can see the rest of the path including the file names of the last six entries and then post a new screenshot.

The ones in system restore are harmless unless you do a restore and we will flush those out when we're finished.


----------



## jlski (Dec 2, 2002)

Expanded list


----------



## Cookiegal (Aug 27, 2003)

I suspect those are flash or other installers but can you navigate to one of those numbered folders and open it and let me know what files it contains please. You will have to unhide files/folders to see the Local Settings folder.

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.


----------



## jlski (Dec 2, 2002)

Numbered folders?


----------



## Cookiegal (Aug 27, 2003)

The last six items in the screenshot. Well they have letters too but you see the long folder name that's made up of numbers and letters.


----------



## Cookiegal (Aug 27, 2003)

I must be very tired. Sorry. They won't be there since Comodo has removed them. But I suspect they may have been false positives. I'm heading off to bed in a few minutes.

How are things with the system now?


----------



## jlski (Dec 2, 2002)

Thank you so very much. I will check into them anyway. Sweet Dreams.


----------



## jlski (Dec 2, 2002)

Not sure if it will help


----------



## jlski (Dec 2, 2002)

Not sure if it will help, I restored one file and will see if I can attach it.


----------



## jlski (Dec 2, 2002)

Won't upload.


----------



## Cookiegal (Aug 27, 2003)

It's best not to attach it. Are they folders or files? If they are files, what type of files are they?


----------



## jlski (Dec 2, 2002)

All it has for file type is File.


----------



## Cookiegal (Aug 27, 2003)

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and uncheck "Hide extensions for known file types". Now click "Apply to all folders". Click "Apply" then "OK".

Then let me know what file extension appears. I suspect it will be an .ini file. If that's the case, right-click the file and the select "open with" and "Notepad" and copy and paste the contents here.


----------



## jlski (Dec 2, 2002)

It still is showing file name as FILE. Look at the snapshot.


----------



## jlski (Dec 2, 2002)

This is one of the files Comodo picked and quaratined as a virus.


----------



## Cookiegal (Aug 27, 2003)

Yes, I know. Right-click the file and see if you can open it with Notepad.


----------



## jlski (Dec 2, 2002)

Access Denied


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*DF393001*
:regfind
DF393001
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## jlski (Dec 2, 2002)

SystemLook 30.07.11 by jpshortstuff
Log created at 16:52 on 08/12/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*DF393001*"
C:\Documents and Settings\Owner\Local Settings\Temp\{DF393001-9E9E-4432-BC7F-642C282C8E11}	--a---- 60416 bytes	[04:28 01/12/2012]	[04:28 01/12/2012] (Unable to calculate MD5)

========== regfind ==========

Searching for "DF393001"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU]
"a"="C:\Documents and Settings\Owner\Local Settings\Temp\{DF393001-9E9E-4432-BC7F-642C282C8E11}"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU]
"a"="C:\Documents and Settings\Owner\Local Settings\Temp\{DF393001-9E9E-4432-BC7F-642C282C8E11}"

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Go to the forum *here* and upload this (these) file(s):

*C:\Documents and Settings\Owner\Local Settings\Temp\{DF393001-9E9E-4432-BC7F-642C282C8E11} *

Here are the directions for uploading the file:

Just register to create an account then click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.


----------



## jlski (Dec 2, 2002)

Hey cookiegal, that page is a mess, can't see a new post button anywhere. What section of the forum should I post in?


----------



## Cookiegal (Aug 27, 2003)

Not sure why you say it's a mess. Have you registered first to create an account?

You will upload the file in the forum called "Uploads".


----------



## jlski (Dec 2, 2002)

The text and graphics are overlapping no matter what browser I use. Will give it a try.


----------



## jlski (Dec 2, 2002)

Success I hope.

http://thespykiller.co.uk/index.php?topic=10018.new#new


----------



## Cookiegal (Aug 27, 2003)

It's there but the file appears to be empty.
I guess we'll just have to assume it was malware although they may have been false positives.

The following will remove Temp files and should remove that one.

*Click here* to download ATF Cleaner by Atribune and save it to your desktop.
Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
*If you use Firefox:*
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


*If you use Opera:*
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*
[*]NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


Click *Exit* on the Main menu to close the program.


----------



## Cookiegal (Aug 27, 2003)

How are things with the system now?


----------



## jlski (Dec 2, 2002)

It did not remove the file. I guess I can scan again with Comodo and instead of quarantine it have Comodo remove it. What are your thoughts?


----------



## Cookiegal (Aug 27, 2003)

Have Comodo quarantine it.


----------



## jlski (Dec 2, 2002)

Will do. I'll then reboot and see how things go from there.


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## jlski (Dec 2, 2002)

The notices that were coming upno longer come up. The file I deleted with Comodo after quarantining it. When I first tried to come to this site I recieved a script error. Also upon rebooting I get another message which is in the attacment. I'm not sure what that is all about because there were no other programs running unless something on startup. Asd far as I can tell right now everything seems to be ok.


----------



## Cookiegal (Aug 27, 2003)

Please run DDS again and post the new log.


----------



## jlski (Dec 2, 2002)

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.17114
Run by Owner at 20:01:56 on 2012-12-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.352 [GMT -6:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Workspace\offSyncService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Cartwheel: {B50DF051-E1D4-439C-B94E-F4DE82B56542} - c:\documents and settings\owner\application data\cartwheel\Cartwheel.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\bae.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ContactKeeper Birthday reminder] "c:\program files\contactkeeper\ContactKeeper.exe" /Reminder
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [Power2GoExpress] NA
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\KybtecWcCaller.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\adobe\common files\microsoft shared\msinfo\MSINF16H.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\adobe\common files\microsoft shared\msinfo\MSINF16H.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Password Generator - c:\program files\siber systems\ai roboform\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - c:\program files\siber systems\ai roboform\RoboFormComEditIdent.html
IE: RoboForm TaskBar Icon - c:\program files\siber systems\ai roboform\RoboFormComTaskBarIcon.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {45DB34C3-955C-11D3-ABEF-444553540001} - {45DB34C3-955C-11D3-ABEF-444553540001} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354034315693
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 216.81.36.10 216.81.36.20
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C} : DHCPNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2012-11-30 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-11-30 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 Browser Manager;Browser Manager;c:\documents and settings\all users\application data\browser manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [2012-11-27 2402840]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-11-30 723632]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-11-28 1868432]
R2 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2012-2-21 1168680]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
.
=============== File Associations ===============
.
FileExt: .scr: Icad.load.scr - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]
FileExt: .ini: FreeOpener=notepad.exe %1
.vbe: <filetype is not registered>
FileExt: .js: FreeOpener=notepad.exe %1
.jse: <filetype is not registered>
.wsf: <filetype is not registered>
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2012-12-09 19:13:08	--------	d-----w-	c:\documents and settings\owner\local settings\application data\fontconfig
2012-12-09 19:12:59	--------	d-----w-	c:\documents and settings\owner\.gimp-2.8
2012-12-09 19:12:58	--------	d-----w-	c:\documents and settings\owner\local settings\application data\gegl-0.2
2012-12-09 18:57:19	--------	d-----w-	c:\documents and settings\all users\application data\PC Optimizer Pro
2012-12-09 18:52:34	--------	d-----w-	c:\program files\GimpShop
2012-12-09 18:47:28	--------	d-----w-	c:\program files\W3i
2012-12-09 18:47:27	--------	d-----w-	c:\documents and settings\all users\application data\W3i
2012-12-09 18:46:26	--------	d-----w-	c:\documents and settings\owner\application data\Cartwheel
2012-12-09 18:46:13	--------	d-----w-	c:\program files\Yahoo!
2012-12-06 23:57:16	--------	d-----w-	c:\program files\ESET
2012-12-02 18:57:46	--------	d-----w-	c:\documents and settings\owner\local settings\application data\Conduit
2012-12-01 03:54:55	--------	d-----w-	c:\documents and settings\all users\application data\Comodo
2012-12-01 03:54:52	25160	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2012-12-01 03:54:52	179792	----a-w-	c:\windows\system32\guard32.dll
2012-12-01 03:54:52	132296	----a-w-	c:\windows\system32\drivers\cmdguard.sys
2012-12-01 03:08:59	--------	d-sha-r-	C:\cmdcons
2012-12-01 03:06:45	98816	----a-w-	c:\windows\sed.exe
2012-12-01 03:06:45	256000	----a-w-	c:\windows\PEV.exe
2012-12-01 03:06:45	208896	----a-w-	c:\windows\MBR.exe
2012-11-30 13:38:15	--------	d-----w-	c:\documents and settings\owner\application data\WinZip
2012-11-29 21:59:51	--------	d-----w-	c:\windows\ERUNT
2012-11-29 21:58:57	--------	d-----w-	C:\JRT
2012-11-29 02:14:42	--------	d-----w-	c:\program files\bfgclient
2012-11-28 20:11:39	--------	d-----w-	c:\program files\SystemRequirementsLab
2012-11-28 17:59:59	--------	d-----w-	c:\documents and settings\owner\local settings\application data\WinZip
2012-11-28 11:18:33	--------	d-----w-	c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-11-28 02:46:55	--------	d-----w-	c:\documents and settings\owner\application data\Angler
2012-11-28 02:35:13	--------	d-----w-	c:\program files\Night In The Opera
2012-11-28 02:14:55	--------	d-----w-	c:\documents and settings\all users\application data\Big Fish Games
2012-11-28 02:12:38	--------	d-----w-	c:\documents and settings\all users\application data\BigFishGamesCache
2012-11-27 16:51:20	--------	d-----w-	c:\windows\system32\searchplugins
2012-11-27 16:51:20	--------	d-----w-	c:\windows\system32\Extensions
2012-11-27 16:49:12	--------	d-----w-	c:\documents and settings\all users\application data\Browser Manager
2012-11-27 16:32:30	96640	-c--a-w-	c:\windows\system32\dllcache\b57xp32.sys
2012-11-27 16:32:30	96640	----a-w-	c:\windows\system32\drivers\b57xp32.sys
2012-11-25 16:43:28	78336	-c--a-w-	c:\windows\system32\dllcache\ieencode.dll
2012-11-25 16:43:28	78336	----a-w-	c:\windows\system32\ieencode.dll
2012-11-15 04:37:07	--------	d-----w-	c:\documents and settings\owner\local settings\application data\CRE
.
==================== Find3M ====================
.
2012-11-21 05:03:52	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-21 05:03:51	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37:31	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-10-02 18:04:21	58368	----a-w-	c:\windows\system32\synceng.dll
2012-09-30 01:54:26	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-24 20:32:24	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-24 20:32:20	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-24 18:51:47	73728	----a-w-	c:\windows\system32\javacpl.cpl
.
============= FINISH: 20:03:51.17 ===============


----------



## Cookiegal (Aug 27, 2003)

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished it will ask to reboot so please allow this.

After the reboot a log will be produced. Please copy and paste the log into your next reply.


----------



## jlski (Dec 2, 2002)

It has not asked me to reboot but is waiting for some action to be initialized.

# AdwCleaner v2.100 - Logfile created 12/10/2012 at 20:52:38
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - JERRYSCOMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Browser Manager

***** [Files / Folders] *****

File Found : C:\WINDOWS\system32\conduitEngine.tmp
File Found : C:\WINDOWS\Tasks\Browser Manager.job
Folder Found : C:\Documents and Settings\All Users\Application Data\Browser Manager
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\SmartBar
Key Found : HKU\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17114

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8034 octets] - [01/12/2012 17:42:51]
AdwCleaner[R2].txt - [8094 octets] - [01/12/2012 18:35:51]
AdwCleaner[R3].txt - [2313 octets] - [10/12/2012 20:52:38]
AdwCleaner[S2].txt - [7826 octets] - [01/12/2012 18:36:51]

########## EOF - C:\AdwCleaner[R3].txt - [2433 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please run AdwCleaner again and this tyme select the "delete" option and then post the resulting log.


----------



## jlski (Dec 2, 2002)

# AdwCleaner v2.100 - Logfile created 12/10/2012 at 20:52:38
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - JERRYSCOMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Browser Manager

***** [Files / Folders] *****

File Found : C:\WINDOWS\system32\conduitEngine.tmp
File Found : C:\WINDOWS\Tasks\Browser Manager.job
Folder Found : C:\Documents and Settings\All Users\Application Data\Browser Manager
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\browse~1\25911~1.18\{c16c1~1\mngr.dll
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\SmartBar
Key Found : HKU\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17114

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8034 octets] - [01/12/2012 17:42:51]
AdwCleaner[R2].txt - [8094 octets] - [01/12/2012 18:35:51]
AdwCleaner[R3].txt - [2313 octets] - [10/12/2012 20:52:38]
AdwCleaner[S2].txt - [7826 octets] - [01/12/2012 18:36:51]

########## EOF - C:\AdwCleaner[R3].txt - [2433 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

You just posted the same log. There should be another log showing that the items were deleted.


----------



## jlski (Dec 2, 2002)

That is the only one that came up. I still have the file open from last evening. Should I run it again?


----------



## Cookiegal (Aug 27, 2003)

Yes please.


----------



## jlski (Dec 2, 2002)

Below is the only report I recieved from the "Delete" mode.

# AdwCleaner v2.100 - Logfile created 12/11/2012 at 13:33:15
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - JERRYSCOMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17114

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8034 octets] - [01/12/2012 17:42:51]
AdwCleaner[R2].txt - [8094 octets] - [01/12/2012 18:35:51]
AdwCleaner[R3].txt - [2502 octets] - [10/12/2012 20:52:38]
AdwCleaner[S2].txt - [7826 octets] - [01/12/2012 18:36:51]
AdwCleaner[S3].txt - [2454 octets] - [10/12/2012 21:27:48]
AdwCleaner[S4].txt - [1008 octets] - [11/12/2012 13:33:15]

########## EOF - C:\AdwCleaner[S4].txt - [1068 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Well it looks like everything was taken care of.

Please post a new HijackThis scan log.

Also, using HijackThis please post an uninstall list:

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## jlski (Dec 2, 2002)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:17:54 PM, on 12/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17114)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Workspace\offSyncService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Desktop\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Cartwheel - {B50DF051-E1D4-439C-B94E-F4DE82B56542} - C:\Documents and Settings\Owner\Application Data\Cartwheel\Cartwheel.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ContactKeeper Birthday reminder] "C:\Program Files\ContactKeeper\ContactKeeper.exe" /Reminder
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - S-1-5-18 Startup: KybtecWcCaller.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: KybtecWcCaller.exe (User 'Default user')
O4 - Startup: KybtecWcCaller.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Adobe\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Adobe\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: RoboForm Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1354034315693
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\guard32.dll C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: File Backup Service (File Backup) - Starfield Technologies - C:\Program Files\Workspace\offSyncService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 11582 bytes

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI
Adobe Shockwave Player 11.6
ATI Display Driver
Big Fish Games: Game Manager
Browser Address Error Redirector
Cartwheel Shopping
CCleaner
Comodo Dragon
COMODO Internet Security
ContactKeeper 1.5.0
Digital Media Reader
DVD Solution
ESET Online Scanner v3
GimpShop 2.8
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
Internet Explorer (Enable DEP)
Java(TM) 6 Update 37
Lost Treasures of Alexandria
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Namo WebEditor 5
Night In The Opera
OpenOffice.org 3.3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
RoboForm 7-8-4-7 (All Users)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype™ 5.10
Sonic Encoders
Sparkle
SpywareBlaster 4.6
SUPERAntiSpyware
swMSM
System Requirements Lab for Intel
Uninstall Helper
Uninstall Helper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Backup Utility
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 17.0


----------



## Cookiegal (Aug 27, 2003)

Do you recognize this program and did you install it intentionally?

Cartwheel Shopping

I can't find much information on it.

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

Then reboot and post a new HijackThis log and let me know if any problems remain please.


----------



## jlski (Dec 2, 2002)

Thank you cookiegal. No I did not install it. Is it alright to put a check by Cartwheel also?


----------



## Cookiegal (Aug 27, 2003)

jlski said:


> Thank you cookiegal. No I did not install it. Is it alright to put a check by Cartwheel also?


No, it's best to uninstall it via the Control Panel - Add or Remove programs.


----------



## jlski (Dec 2, 2002)

The same notice is still poping up. Snapshot in the attachment.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:09:03 PM, on 12/12/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17115)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet

Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Workspace\offSyncService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New

Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Skype\Updater\Updater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java

Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet

Security\cfp.exe
C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\Desktop\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for

Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} -

C:\Documents and Settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrec

ordplugin.dll
O2 - BHO: RoboForm BHO -

{724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program

Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector -

{CA6319C0-31B7-401E-A518-A07C3DB8F777} -

c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm Toolbar -

{724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program

Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ehTray]

C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital

Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard]

%WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder]

%WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program

Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program

Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security]

"C:\Program Files\COMODO\COMODO Internet

Security\cfp.exe" -h
O4 - HKCU\..\Run: [ContactKeeper Birthday reminder]

"C:\Program Files\ContactKeeper\ContactKeeper.exe"

/Reminder
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber

Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - S-1-5-18 Startup: KybtecWcCaller.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: KybtecWcCaller.exe (User 'Default

user')
O4 - Startup: KybtecWcCaller.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk =

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program

Files\Adobe\Common Files\Microsoft

Shared\MSInfo\MSINF16H.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program

Files\Adobe\Common Files\Microsoft

Shared\MSInfo\MSINF16H.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program

Files\WinZip\WZQKPICK32.EXE
O8 - Extra context menu item: Customize Menu -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program

Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Password Generator -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: RoboForm Editor -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: RoboForm TaskBar Icon -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: Save Forms - file://C:\Program

Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} -

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} -

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} -

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} -

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Editor -

{45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program

Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RoboForm Editor -

{45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program

Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: (no name) -

{53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Show Toolbar -

{724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program

Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar -

{724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program

Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: (no name) -

{925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O16 - DPF:

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

http://appldnld.apple.com.edgesuite.net/content.info.apple.com

/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Cont

rols/en/x86/client/muweb_site.cab?1354034315693
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}

(OnlineScanner Control) -

http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF:

{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo

Class) -

http://content.systemrequirementslab.com.s3.amazonaws.com/

global/bin/srldetect_intel_4.5.11.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{D344F2B7-845D-4D2

9-AA15-15FDBF0C859C}: NameServer =

156.154.70.22,156.154.71.22
O18 - Protocol: skype4com -

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\guard32.dll

C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache

daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service

(AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated

-

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdat

eService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service

(cmdAgent) - COMODO - C:\Program

Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Dragon Update Service

(DragonUpdater) - Unknown owner - C:\Program

Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: File Backup Service (File Backup) - Starfield

Technologies - C:\Program

Files\Workspace\offSyncService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) -

Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem)

- Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService)

- Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. -

C:\Program Files\Common Files\New

Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Skype Updater (SkypeUpdate) - Skype

Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 10726 bytes


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start * *Run *- type *msconfig*  click OK and click on the *startup tab*. Uncheck everything there except for your anti-virus program. Then reboot and let me know if the problem persists please.


----------



## jlski (Dec 2, 2002)

Yes, still getting the can't run 16-bit windows program.


----------



## Cookiegal (Aug 27, 2003)

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## jlski (Dec 2, 2002)

StartupList report, 12/12/2012, 9:46:40 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Owner\Desktop\analyse.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.17115)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Workspace\offSyncService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\analyse.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
KybtecWcCaller.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Find Fast.lnk = C:\Program Files\Adobe\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE
Office Startup.lnk = C:\Program Files\Adobe\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
RTHDCPL = RTHDCPL.EXE
Reminder = %WINDIR%\Creator\Remind_XP.exe
Recguard = %WINDIR%\SMINST\RECGUARD.EXE
readericon = C:\Program Files\Digital Media Reader\readericon45G.exe
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
ehTray = C:\WINDOWS\ehome\ehtray.exe
COMODO Internet Security = "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
ContactKeeper Birthday reminder = "C:\Program Files\ContactKeeper\ContactKeeper.exe" /Reminder

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\Icad.load.scr\shell\open\command

*Registry key not found*

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /HideWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[KB910393] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{407408d4-94ed-4d86-ab69-a7f649d112ee}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= c:\windows\system32\guard32.dll C:\WINDOWS\system32\guard32.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: *Registry key not found*
.wsh: *Registry key not found*
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: *Registry key not found*

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
RoboForm BHO - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll - {724d43a9-0d85-11d4-9908-00400523e39a}
(no name) - C:\Program Files\Java\jre6\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Browser Address Error Redirector - c:\windows\system32\BAE.dll - {CA6319C0-31B7-401E-A518-A07C3DB8F777}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Adobe Flash Player Updater.job
ConfigExec.job
DataUpload.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006Core.job
GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006UA.job
RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

[{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
CODEBASE = http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1354034315693

[OnlineScanner Control]
InProcServer32 = C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX
CODEBASE = http://download.eset.com/special/eos/OnlineScanner.cab

[Java Plug-in 1.6.0_37]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

[Java Plug-in 1.6.0_37]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

[Java Plug-in 1.6.0_37]
InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_37.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

[SysInfo Class]
InProcServer32 = C:\Program Files\SystemRequirementsLab\srldetect_intel_4.5.11.0.dll
CODEBASE = http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab

[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: system32\DRIVERS\ABP480N5.SYS (system)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Adobe Flash Player Update Service: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (manual start)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system)
AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system)
amsint: system32\DRIVERS\amsint.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: system32\DRIVERS\asc.sys (system)
asc3350p: system32\DRIVERS\asc3350p.sys (system)
asc3550: system32\DRIVERS\asc3550.sys (system)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
BCM5701 Gigabit Ethernet: system32\DRIVERS\b57xp32.sys (manual start)
BITS: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\puppy.exe\catchme.sys (manual start)
cbidf: system32\DRIVERS\cbidf2k.sys (system)
cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COMODO Internet Security Helper Service: "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" (autostart)
COMODO Internet Security Sandbox Driver: System32\DRIVERS\cmdguard.sys (system)
COMODO Internet Security Helper Driver: System32\DRIVERS\cmdhlp.sys (system)
CmdIde: system32\DRIVERS\cmdide.sys (system)
COM+ System Application: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: system32\DRIVERS\cpqarray.sys (system)
cpudrv: \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys (manual start)
CryptSvc: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: system32\DRIVERS\dac2w2k.sys (system)
dac960nt: system32\DRIVERS\dac960nt.sys (system)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
dpti2o: system32\DRIVERS\dpti2o.sys (system)
COMODO Dragon Update Service: C:\Program Files\Comodo\Dragon\dragon_updater.exe (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Media Center Receiver Service: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
Media Center Scheduler Service: C:\WINDOWS\eHome\ehSched.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
File Backup Service: C:\Program Files\Workspace\offSyncService.exe (autostart)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Update Service (gupdate): "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (autostart)
Google Update Service (gupdatem): "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
hpn: system32\DRIVERS\hpn.sys (system)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HSFHWBS2: system32\DRIVERS\HSFHWBS2.sys (manual start)
HSF_DPV: system32\DRIVERS\HSF_DPV.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: system32\DRIVERS\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
iaStor: SYSTEM32\DRIVERS\IASTOR.SYS (system)
Windows CardSpace: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
ini910u: system32\DRIVERS\ini910u.sys (system)
COMODO Internet Security Firewall Driver: System32\DRIVERS\inspect.sys (system)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Lavasoft helper driver: \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Microsoft Automated Troubleshooting Service: "C:\Program Files\Microsoft Fix it Center\Matsvc.exe" (manual start)
Media Center Extender Service: C:\WINDOWS\ehome\mcrdsvc.exe (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Macronix MX987xx Family Fast Ethernet NT Driver: system32\DRIVERS\mxnic.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Intel PentiumIII Processor Driver: system32\DRIVERS\p3.sys (system)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: system32\DRIVERS\perc2.sys (system)
perc2hib: system32\DRIVERS\perc2hib.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
PrismXL: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
ql1080: system32\DRIVERS\ql1080.sys (system)
Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)
ql12160: system32\DRIVERS\ql12160.sys (system)
ql1240: system32\DRIVERS\ql1240.sys (system)
ql1280: system32\DRIVERS\ql1280.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32\DRIVERS\Rtnicxp.sys (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system)
Skype Updater: "C:\Program Files\Skype\Updater\Updater.exe" (autostart)
Sparrow: system32\DRIVERS\sparrow.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{3FF47403-8D58-44E8-ACA4-F0ED40B1E66E} (manual start)
symc810: system32\DRIVERS\symc810.sys (system)
symc8xx: system32\DRIVERS\symc8xx.sys (system)
sym_hi: system32\DRIVERS\sym_hi.sys (system)
sym_u3: system32\DRIVERS\sym_u3.sys (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (manual start)
TosIde: system32\DRIVERS\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: system32\DRIVERS\ultra.sys (system)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\shell32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 40,927 bytes
Report generated in 0.235 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Cookiegal (Aug 27, 2003)

Try removing the following links from the C:\Documents and Settings\All Users\Start Menu\Programs\Startup folder:

Microsoft Find Fast.lnk
Office Startup.lnk

Then reboot and let me know if you still get that error message please.


----------



## jlski (Dec 2, 2002)

Thank you cookiegal, you've done something that no one else from here has been able to do. I tried a few times a year or so ago with no help. Now that pestering notice is gone. Other than Google Chrome taking over 2 1/2 minutes to initialize everything else seems to be ok.


----------



## Cookiegal (Aug 27, 2003)

That's good. I figured those were the culprits. 

Please run OTL again (not OTS) and post the new log.


----------



## jlski (Dec 2, 2002)

OTL logfile created on: 12/13/2012 4:00:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.59 Mb Total Physical Memory | 292.55 Mb Available Physical Memory | 32.74% Memory free
2.11 Gb Paging File | 1.05 Gb Available in Paging File | 49.85% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.37 Gb Total Space | 98.13 Gb Free Space | 65.69% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 1.39 Gb Free Space | 34.71% Space Free | Partition Type: FAT32
Drive J: | 7.45 Gb Total Space | 4.35 Gb Free Space | 58.37% Space Free | Partition Type: FAT32

Computer Name: JERRYSCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/13 04:07:26 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
PRC - [2012/12/06 15:17:52 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/11/30 21:54:49 | 001,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/11/30 21:54:49 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/11/28 06:21:28 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/10/18 17:00:00 | 000,685,496 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 19:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/13 04:07:26 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
MOD - [2012/12/04 19:15:15 | 012,456,040 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 19:15:15 | 000,460,904 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 19:15:14 | 004,008,040 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 19:14:21 | 000,157,304 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 19:14:20 | 000,275,576 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 19:14:19 | 002,168,952 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/11/30 21:54:50 | 000,274,704 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll
MOD - [2012/11/14 18:41:18 | 004,537,856 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll
MOD - [2012/11/14 18:41:18 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/13 04:07:26 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/12/12 20:12:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/30 21:54:49 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\puppy.exe\catchme.sys -- (catchme)
DRV - [2012/11/30 21:54:50 | 000,132,296 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2012/11/30 21:54:50 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/30 21:54:50 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2006/04/06 00:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/01/18 04:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 07:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 18:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/16 18:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/16 18:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{090F55E8-FB85-465B-9F91-F3B22DC17939}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_en
IE - HKCU\..\SearchScopes\{161CE5A3-5CAB-48A3-8538-EE949896E6FA}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{4EE32D15-65AB-409B-AAEC-26208C52A67C}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{A1BA6E36-5D80-49D3-B80B-DD84E69A85B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121250,6900,0,5,0
IE - HKCU\..\SearchScopes\{CDD4F616-9BF2-4E6D-8460-73D49EF70E41}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=91AD6A88-13B1-4453-B562-E522C9210DD3&apn_sauid=C27CB996-DAFE-4308-9AC7-808CEE93C0F8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/18 09:24:19 | 000,000,000 | ---D | M]

[2011/11/03 04:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npwbe.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/30 21:24:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKCU..\Run: [ContactKeeper Birthday reminder] C:\Program Files\ContactKeeper\ContactKeeper.exe (ContactKeeper)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\KybtecWcCaller.exe ( )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: RoboForm Editor - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: secureserver.net ([email14] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354034315693 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 19:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/13 10:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mileage Report 2013
[2012/12/12 18:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\backups
[2012/12/09 22:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography, Digital Cameras, Lenses, Electronics - Shipping til 7PM - Adorama Camera_files
[2012/12/09 16:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\I SHOT IT How do I enter a Themed Photo Competition _files
[2012/12/09 13:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fontconfig
[2012/12/09 13:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.gimp-2.8
[2012/12/09 13:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\gegl-0.2
[2012/12/09 12:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/12/09 12:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GimpShop
[2012/12/09 12:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\GimpShop
[2012/12/09 12:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/12/09 12:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2012/12/09 12:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2012/12/09 12:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uninstall Helper
[2012/12/09 12:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/12/08 22:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Facebook_files
[2012/12/08 18:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Post to Fb
[2012/12/07 21:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography Assignments
[2012/12/06 19:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Comodo Detected Viruses
[2012/12/06 17:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/12/03 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
[2012/12/02 15:24:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/11/30 22:25:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/30 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/11/30 21:54:52 | 000,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/11/30 21:54:52 | 000,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/11/30 21:54:52 | 000,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/11/30 21:54:52 | 000,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/11/30 21:08:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/30 21:06:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/30 21:06:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/30 21:06:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/30 20:57:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/30 20:57:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/30 07:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinZip
[2012/11/29 15:59:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/11/29 15:58:57 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/29 05:52:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/11/28 20:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2012/11/28 14:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/11/28 11:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip
[2012/11/28 11:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/11/28 11:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/11/28 05:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/11/28 04:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography
[2012/11/27 20:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Angler
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Night In The Opera
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Night In The Opera
[2012/11/27 20:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/11/27 20:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2012/11/27 10:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/11/27 10:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/11/27 10:32:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2012/11/27 10:32:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/11/25 10:43:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/11/25 10:43:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2012/11/25 08:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\My Photos
[2012/11/24 08:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Post Photos
[2012/11/14 22:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CRE
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/13 16:05:50 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/12/13 16:01:17 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
[2012/12/13 15:59:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/13 15:26:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/13 15:26:12 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/12/13 15:26:12 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/13 15:26:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/13 15:15:38 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/13 15:11:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/13 15:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006UA.job
[2012/12/13 14:56:03 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/12/13 14:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006Core.job
[2012/12/13 12:17:09 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2012/12/13 12:17:09 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/13 10:15:13 | 000,014,940 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/12/12 21:45:19 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal - Page 2 - Tech Support Guy Forums.url
[2012/12/12 20:49:07 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2012/12/12 20:12:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/12 20:12:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/12 06:19:21 | 000,006,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Forecast.url
[2012/12/12 06:18:53 | 000,006,184 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX - Weather Radar.url
[2012/12/12 03:44:51 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/12 03:28:04 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/11 17:19:05 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX Forecast.url
[2012/12/11 16:51:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/09 22:11:40 | 000,085,614 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Photography, Digital Cameras, Lenses, Electronics - Shipping til 7PM - Adorama Camera.htm
[2012/12/09 16:18:01 | 000,009,375 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\I SHOT IT How do I enter a Themed Photo Competition .htm
[2012/12/09 16:04:00 | 000,000,153 | ---- | M] () -- C:\WINDOWS\cavscan.INI
[2012/12/09 15:28:59 | 000,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/09 13:19:57 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/09 13:19:24 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GimpShop.lnk
[2012/12/08 22:03:38 | 000,371,584 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Facebook.htm
[2012/12/08 08:19:35 | 000,034,105 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_0285_2.jpg
[2012/12/07 23:16:41 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Inwardly Without Identity - Mooji - Global One TV Multimedia for Mystics.url
[2012/12/07 23:15:09 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photography assignments for beginners - Google Search.url
[2012/12/07 23:15:01 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Weekly Photography Assignments.url
[2012/12/07 23:14:42 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fun With Photography - Water Balloons.url
[2012/12/06 23:29:06 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/06 20:01:55 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/12/02 07:18:01 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 21:02:02 | 000,005,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 08:53:27 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/30 21:56:24 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/11/30 21:54:50 | 000,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/11/30 21:54:50 | 000,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/11/30 21:54:50 | 000,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/11/30 21:54:50 | 000,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/11/30 21:24:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/28 20:15:44 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 11:57:22 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 11:57:22 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/11/28 11:19:19 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/28 11:14:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/28 10:46:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/28 08:40:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/28 06:59:37 | 000,006,608 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Reboot2.gif
[2012/11/28 06:58:30 | 000,006,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Reboot1.gif
[2012/11/28 05:39:58 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/28 05:18:37 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/28 05:16:11 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Home.url
[2012/11/28 04:15:37 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tower Laboratories Pauling Therapy Store Home Page.url
[2012/11/27 20:36:16 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/25 10:23:02 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:55 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:47 | 001,133,113 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[2012/11/19 11:47:48 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs.url
[2012/11/19 11:47:03 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Got Milk.url
[2012/11/19 11:46:54 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gluco-z - Google Search.url
[2012/11/19 11:46:38 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs is Possible.url
[2012/11/19 05:25:31 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\All You Need is C.url
[2012/11/19 04:51:08 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GlucoZ Order Now.url
[2012/11/17 15:24:21 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FRACTION TO DECIMAL AND MM TABLE.url
[2012/11/16 03:04:30 | 000,493,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/16 03:04:30 | 000,089,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/14 22:44:23 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Project Gutenberg - free ebooks.url
[2012/11/14 13:03:32 | 003,618,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012/11/13 22:00:38 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Italian Dish - Posts - Stuffed Focaccia Bread with Sausage and*Onions.url
[2012/11/13 22:00:24 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Laser Hacker! Free energy made easy..url
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/12 20:49:06 | 000,006,144 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\KybtecWcCaller.exe
[2012/12/12 20:49:06 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/12/12 20:49:06 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/12/12 03:24:51 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/12/10 10:42:39 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/09 22:11:37 | 000,085,614 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Photography, Digital Cameras, Lenses, Electronics - Shipping til 7PM - Adorama Camera.htm
[2012/12/09 16:18:00 | 000,009,375 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\I SHOT IT How do I enter a Themed Photo Competition .htm
[2012/12/09 15:28:59 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/09 13:19:57 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/09 12:55:03 | 000,002,321 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GimpShop.lnk
[2012/12/08 22:03:30 | 000,371,584 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Facebook.htm
[2012/12/08 08:19:35 | 000,034,105 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_0285_2.jpg
[2012/12/07 23:16:39 | 000,002,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Inwardly Without Identity - Mooji - Global One TV Multimedia for Mystics.url
[2012/12/07 23:15:09 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photography assignments for beginners - Google Search.url
[2012/12/07 23:15:01 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Weekly Photography Assignments.url
[2012/12/07 23:14:42 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fun With Photography - Water Balloons.url
[2012/12/06 21:50:24 | 000,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2012/12/06 20:01:55 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/12/02 16:35:13 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal - Page 2 - Tech Support Guy Forums.url
[2012/12/02 07:18:01 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 08:53:35 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/01 08:53:26 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 08:53:20 | 000,005,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/30 21:56:24 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/11/30 21:09:03 | 000,000,202 | ---- | C] () -- C:\Boot.bak
[2012/11/30 21:09:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/30 21:06:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/30 21:06:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/30 21:06:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/30 21:06:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/30 21:06:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/28 20:15:44 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 20:14:53 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2012/11/28 20:14:52 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2012/11/28 11:57:22 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 10:41:02 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/28 06:56:45 | 000,006,608 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Reboot2.gif
[2012/11/28 06:56:16 | 000,006,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Reboot1.gif
[2012/11/28 05:18:37 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/27 20:36:16 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/25 10:23:01 | 000,001,025 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:54 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:41 | 001,133,113 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[2012/11/19 11:47:47 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs.url
[2012/11/19 11:47:03 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Got Milk.url
[2012/11/19 11:46:54 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gluco-z - Google Search.url
[2012/11/19 11:46:46 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Tower Laboratories Pauling Therapy Store Home Page.url
[2012/11/19 11:46:38 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs is Possible.url
[2012/11/19 05:25:31 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\All You Need is C.url
[2012/11/19 04:51:08 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GlucoZ Order Now.url
[2012/11/13 22:00:37 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The Italian Dish - Posts - Stuffed Focaccia Bread with Sausage and*Onions.url
[2012/11/13 22:00:24 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Laser Hacker! Free energy made easy..url
[2012/03/15 20:38:13 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/02/14 22:09:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/28 15:17:55 | 000,001,582 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/10/15 19:07:59 | 002,463,996 | ---- | C] () -- C:\Documents and Settings\Owner\canaon basic.pdf
[2011/10/15 19:07:58 | 003,295,971 | ---- | C] () -- C:\Documents and Settings\Owner\Canon Manual.pdf
[2011/09/23 10:53:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/10 05:55:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2011/08/27 15:52:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\settings.dat
[2011/08/18 22:50:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/18 22:50:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/07 19:43:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/12/31 12:32:22 | 000,109,921 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/12/31 12:32:21 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/12/31 12:01:00 | 000,086,410 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/12/31 11:56:29 | 000,109,947 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2010/12/31 11:56:29 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2010/11/08 09:40:18 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/30 19:01:55 | 000,014,940 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/06 05:56:01 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Owner\AddressBook
[2010/05/20 15:32:08 | 000,005,790 | R--- | C] () -- C:\Program Files\EULA.nor
[2010/04/14 06:20:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2009/01/09 18:07:22 | 000,007,547 | R--- | C] () -- C:\Program Files\EULA.ger
[2009/01/09 18:07:22 | 000,006,808 | R--- | C] () -- C:\Program Files\EULA.itn
[2009/01/09 18:07:22 | 000,006,748 | R--- | C] () -- C:\Program Files\EULA.rus
[2009/01/09 18:07:22 | 000,006,668 | R--- | C] () -- C:\Program Files\EULA.pol
[2009/01/09 18:07:22 | 000,006,300 | R--- | C] () -- C:\Program Files\EULA.spa
[2009/01/09 18:07:22 | 000,006,120 | R--- | C] () -- C:\Program Files\EULA.dut
[2009/01/09 18:07:22 | 000,005,968 | R--- | C] () -- C:\Program Files\EULA.frn
[2009/01/09 18:07:22 | 000,005,461 | R--- | C] () -- C:\Program Files\EULA.swe
[2009/01/09 18:07:22 | 000,005,452 | R--- | C] () -- C:\Program Files\EULA.brz
[2009/01/09 18:07:22 | 000,005,304 | R--- | C] () -- C:\Program Files\EULA.cze
[2009/01/09 18:07:22 | 000,005,237 | R--- | C] () -- C:\Program Files\EULA.jpn
[2009/01/09 18:07:22 | 000,004,849 | R--- | C] () -- C:\Program Files\EULA.eng
[2009/01/09 18:07:22 | 000,004,711 | R--- | C] () -- C:\Program Files\EULA.kor
[2009/01/09 18:07:22 | 000,003,380 | R--- | C] () -- C:\Program Files\EULA.cht
[2009/01/09 18:07:22 | 000,003,345 | R--- | C] () -- C:\Program Files\EULA.chs

========== ZeroAccess Check ==========

[2005/01/09 19:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


----------



## Cookiegal (Aug 27, 2003)

You're no longer running AdAware, correct? Because I still see a component installed and we should remove that.

I also recommend that you uninstall these:

PC Optimizer Pro
Uninstall Helper

I'm not sure if you installed them intentionally or they got installed without your knowledge but optimizers don't really enhance performance and shouldn't be needed.

Do you still have World Clock installed and do you use it? If not you can remove this file from the startup folder:

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\*KybtecWcCaller.exe*

Also, WinZip doesn't need to be starting up on boot and can be removed from the startup folder as well (note that this one is the "All Users" account's startup folder whereas the previous one was in the "Owner" account's startup folder:

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*WinZip Quick Pick.lnk*

Last question - please let me know what usually displays as your J: drive (is it a flash or external drive)?

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plug ins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plug ins/np-cwmp.dll
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2012/11/27 10:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/11/27 10:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/11/14 22:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CRE
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## jlski (Dec 2, 2002)

I have uninstalled Adaware and Uninstall Helper. Could not find anything about PC Optimizer Pro. Removed KybtecWcCaller.exe & WinZip Quick Pick.lnk.

J drive is a flash.

OTL logfile created on: 12/14/2012 12:53:44 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.59 Mb Total Physical Memory | 414.57 Mb Available Physical Memory | 46.39% Memory free
2.11 Gb Paging File | 1.65 Gb Available in Paging File | 78.17% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.37 Gb Total Space | 97.66 Gb Free Space | 65.38% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 1.39 Gb Free Space | 34.71% Space Free | Partition Type: FAT32
Drive F: | 1.83 Gb Total Space | 0.60 Gb Free Space | 32.86% Space Free | Partition Type: FAT
Drive J: | 7.45 Gb Total Space | 4.35 Gb Free Space | 58.37% Space Free | Partition Type: FAT32

Computer Name: JERRYSCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/13 04:07:26 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
PRC - [2012/12/06 15:17:52 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/11/30 21:54:49 | 001,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/11/30 21:54:49 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/11/28 06:21:28 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/23 19:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 19:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/13 04:07:26 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/13 04:07:26 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/12/12 20:12:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/30 21:54:49 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\puppy.exe\catchme.sys -- (catchme)
DRV - [2012/11/30 21:54:50 | 000,132,296 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2012/11/30 21:54:50 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/30 21:54:50 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2006/04/06 00:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/01/18 04:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 07:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 18:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/16 18:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/16 18:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{090F55E8-FB85-465B-9F91-F3B22DC17939}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_en
IE - HKCU\..\SearchScopes\{161CE5A3-5CAB-48A3-8538-EE949896E6FA}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{4EE32D15-65AB-409B-AAEC-26208C52A67C}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{A1BA6E36-5D80-49D3-B80B-DD84E69A85B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121250,6900,0,5,0
IE - HKCU\..\SearchScopes\{CDD4F616-9BF2-4E6D-8460-73D49EF70E41}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=91AD6A88-13B1-4453-B562-E522C9210DD3&apn_sauid=C27CB996-DAFE-4308-9AC7-808CEE93C0F8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/18 09:24:19 | 000,000,000 | ---D | M]

[2011/11/03 04:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npwbe.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/30 21:24:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKCU..\Run: [ContactKeeper Birthday reminder] C:\Program Files\ContactKeeper\ContactKeeper.exe (ContactKeeper)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: RoboForm Editor - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: secureserver.net ([email14] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354034315693 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 19:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/14 12:36:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/13 10:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mileage Report 2013
[2012/12/12 18:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\backups
[2012/12/09 22:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography, Digital Cameras, Lenses, Electronics - Shipping til 7PM - Adorama Camera_files
[2012/12/09 16:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\I SHOT IT How do I enter a Themed Photo Competition _files
[2012/12/09 13:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fontconfig
[2012/12/09 13:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.gimp-2.8
[2012/12/09 13:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\gegl-0.2
[2012/12/09 12:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/12/09 12:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GimpShop
[2012/12/09 12:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\GimpShop
[2012/12/09 12:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/12/09 12:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/12/08 22:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Facebook_files
[2012/12/08 18:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Post to Fb
[2012/12/07 21:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography Assignments
[2012/12/06 19:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Comodo Detected Viruses
[2012/12/06 17:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/12/03 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
[2012/12/02 15:24:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/11/30 22:25:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/30 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/11/30 21:54:52 | 000,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/11/30 21:54:52 | 000,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/11/30 21:54:52 | 000,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/11/30 21:54:52 | 000,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/11/30 21:08:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/30 21:06:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/30 21:06:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/30 21:06:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/30 20:57:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/30 20:57:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/30 07:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinZip
[2012/11/29 15:59:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/11/29 15:58:57 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/29 05:52:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/11/28 20:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2012/11/28 14:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/11/28 11:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip
[2012/11/28 11:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/11/28 11:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/11/28 05:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/11/28 04:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography
[2012/11/27 20:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Angler
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Night In The Opera
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Night In The Opera
[2012/11/27 20:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/11/27 20:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2012/11/27 10:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/11/27 10:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/11/27 10:32:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2012/11/27 10:32:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/11/25 10:43:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/11/25 10:43:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2012/11/25 08:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\My Photos
[2012/11/24 08:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Post Photos
[2012/11/14 22:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CRE
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/14 12:59:22 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/14 12:55:36 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
[2012/12/14 12:52:31 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/14 12:52:25 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/12/14 12:52:22 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/14 12:52:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/14 12:51:23 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/12/14 12:11:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/14 12:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006UA.job
[2012/12/14 10:56:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/12/14 05:58:41 | 000,006,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Forecast.url
[2012/12/14 05:56:28 | 000,006,575 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX - Weather Radar.url
[2012/12/13 22:07:04 | 000,015,122 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/12/13 18:42:13 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX Forecast.url
[2012/12/13 15:15:38 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/13 14:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006Core.job
[2012/12/13 12:17:09 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2012/12/13 12:17:09 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/12 21:45:19 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal - Page 2 - Tech Support Guy Forums.url
[2012/12/12 20:49:07 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2012/12/12 20:12:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/12 20:12:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/12 03:44:51 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/12 03:28:04 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/11 16:51:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/09 22:11:40 | 000,085,614 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Photography, Digital Cameras, Lenses, Electronics - Shipping til 7PM - Adorama Camera.htm
[2012/12/09 16:18:01 | 000,009,375 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\I SHOT IT How do I enter a Themed Photo Competition .htm
[2012/12/09 16:04:00 | 000,000,153 | ---- | M] () -- C:\WINDOWS\cavscan.INI
[2012/12/09 15:28:59 | 000,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/09 13:19:57 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/09 13:19:24 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GimpShop.lnk
[2012/12/08 22:03:38 | 000,371,584 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Facebook.htm
[2012/12/08 08:19:35 | 000,034,105 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_0285_2.jpg
[2012/12/07 23:16:41 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Inwardly Without Identity - Mooji - Global One TV Multimedia for Mystics.url
[2012/12/07 23:15:09 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photography assignments for beginners - Google Search.url
[2012/12/07 23:15:01 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Weekly Photography Assignments.url
[2012/12/07 23:14:42 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fun With Photography - Water Balloons.url
[2012/12/06 23:29:06 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/06 20:01:55 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/12/02 07:18:01 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 21:02:02 | 000,005,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 08:53:27 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/30 21:56:24 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/11/30 21:54:50 | 000,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/11/30 21:54:50 | 000,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/11/30 21:54:50 | 000,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/11/30 21:54:50 | 000,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/11/30 21:24:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/28 20:15:44 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 11:57:22 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 11:19:19 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/28 11:14:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/28 10:46:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/28 08:40:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/28 06:59:37 | 000,006,608 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Reboot2.gif
[2012/11/28 06:58:30 | 000,006,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Reboot1.gif
[2012/11/28 05:39:58 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/28 05:18:37 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/28 05:16:11 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Home.url
[2012/11/28 04:15:37 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tower Laboratories Pauling Therapy Store Home Page.url
[2012/11/27 20:36:16 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/25 10:23:02 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:55 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:47 | 001,133,113 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[2012/11/19 11:47:48 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs.url
[2012/11/19 11:47:03 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Got Milk.url
[2012/11/19 11:46:54 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gluco-z - Google Search.url
[2012/11/19 11:46:38 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs is Possible.url
[2012/11/19 05:25:31 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\All You Need is C.url
[2012/11/19 04:51:08 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GlucoZ Order Now.url
[2012/11/17 15:24:21 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FRACTION TO DECIMAL AND MM TABLE.url
[2012/11/16 03:04:30 | 000,493,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/16 03:04:30 | 000,089,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/14 22:44:23 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Project Gutenberg - free ebooks.url
[2012/11/14 13:03:32 | 003,618,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/12 20:49:06 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/12/12 03:24:51 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/12/10 10:42:39 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/09 22:11:37 | 000,085,614 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Photography, Digital Cameras, Lenses, Electronics - Shipping til 7PM - Adorama Camera.htm
[2012/12/09 16:18:00 | 000,009,375 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\I SHOT IT How do I enter a Themed Photo Competition .htm
[2012/12/09 15:28:59 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/09 13:19:57 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/09 12:55:03 | 000,002,321 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GimpShop.lnk
[2012/12/08 22:03:30 | 000,371,584 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Facebook.htm
[2012/12/08 08:19:35 | 000,034,105 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_0285_2.jpg
[2012/12/07 23:16:39 | 000,002,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Inwardly Without Identity - Mooji - Global One TV Multimedia for Mystics.url
[2012/12/07 23:15:09 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photography assignments for beginners - Google Search.url
[2012/12/07 23:15:01 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Weekly Photography Assignments.url
[2012/12/07 23:14:42 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fun With Photography - Water Balloons.url
[2012/12/06 21:50:24 | 000,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2012/12/06 20:01:55 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/12/02 16:35:13 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal - Page 2 - Tech Support Guy Forums.url
[2012/12/02 07:18:01 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 08:53:35 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/01 08:53:26 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 08:53:20 | 000,005,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/30 21:56:24 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/11/30 21:09:03 | 000,000,202 | ---- | C] () -- C:\Boot.bak
[2012/11/30 21:09:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/30 21:06:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/30 21:06:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/30 21:06:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/30 21:06:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/30 21:06:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/28 20:15:44 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 20:14:53 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2012/11/28 20:14:52 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2012/11/28 11:57:22 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 10:41:02 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/28 06:56:45 | 000,006,608 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Reboot2.gif
[2012/11/28 06:56:16 | 000,006,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Reboot1.gif
[2012/11/28 05:18:37 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/27 20:36:16 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/25 10:23:01 | 000,001,025 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:54 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:41 | 001,133,113 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[2012/11/19 11:47:47 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs.url
[2012/11/19 11:47:03 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Got Milk.url
[2012/11/19 11:46:54 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gluco-z - Google Search.url
[2012/11/19 11:46:46 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Tower Laboratories Pauling Therapy Store Home Page.url
[2012/11/19 11:46:38 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs is Possible.url
[2012/11/19 05:25:31 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\All You Need is C.url
[2012/11/19 04:51:08 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GlucoZ Order Now.url
[2012/03/15 20:38:13 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/02/14 22:09:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/28 15:17:55 | 000,001,582 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/10/15 19:07:59 | 002,463,996 | ---- | C] () -- C:\Documents and Settings\Owner\canaon basic.pdf
[2011/10/15 19:07:58 | 003,295,971 | ---- | C] () -- C:\Documents and Settings\Owner\Canon Manual.pdf
[2011/09/23 10:53:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/10 05:55:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2011/08/27 15:52:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\settings.dat
[2011/08/18 22:50:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/18 22:50:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/07 19:43:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/12/31 12:32:22 | 000,109,921 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/12/31 12:32:21 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/12/31 12:01:00 | 000,086,410 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/12/31 11:56:29 | 000,109,947 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2010/12/31 11:56:29 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2010/11/08 09:40:18 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/30 19:01:55 | 000,015,122 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/06 05:56:01 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Owner\AddressBook
[2010/05/20 15:32:08 | 000,005,790 | R--- | C] () -- C:\Program Files\EULA.nor
[2010/04/14 06:20:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2009/01/09 18:07:22 | 000,007,547 | R--- | C] () -- C:\Program Files\EULA.ger
[2009/01/09 18:07:22 | 000,006,808 | R--- | C] () -- C:\Program Files\EULA.itn
[2009/01/09 18:07:22 | 000,006,748 | R--- | C] () -- C:\Program Files\EULA.rus
[2009/01/09 18:07:22 | 000,006,668 | R--- | C] () -- C:\Program Files\EULA.pol
[2009/01/09 18:07:22 | 000,006,300 | R--- | C] () -- C:\Program Files\EULA.spa
[2009/01/09 18:07:22 | 000,006,120 | R--- | C] () -- C:\Program Files\EULA.dut
[2009/01/09 18:07:22 | 000,005,968 | R--- | C] () -- C:\Program Files\EULA.frn
[2009/01/09 18:07:22 | 000,005,461 | R--- | C] () -- C:\Program Files\EULA.swe
[2009/01/09 18:07:22 | 000,005,452 | R--- | C] () -- C:\Program Files\EULA.brz
[2009/01/09 18:07:22 | 000,005,304 | R--- | C] () -- C:\Program Files\EULA.cze
[2009/01/09 18:07:22 | 000,005,237 | R--- | C] () -- C:\Program Files\EULA.jpn
[2009/01/09 18:07:22 | 000,004,849 | R--- | C] () -- C:\Program Files\EULA.eng
[2009/01/09 18:07:22 | 000,004,711 | R--- | C] () -- C:\Program Files\EULA.kor
[2009/01/09 18:07:22 | 000,003,380 | R--- | C] () -- C:\Program Files\EULA.cht
[2009/01/09 18:07:22 | 000,003,345 | R--- | C] () -- C:\Program Files\EULA.chs

========== ZeroAccess Check ==========

[2005/01/09 19:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Nothing was fixed. Please run the fix again and this time post the resulting log before running a new scan.


----------



## jlski (Dec 2, 2002)

========== OTL ==========
File C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plug ins/ConduitChromeApiPlugin.dll not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plug ins/np-cwmp.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\WINDOWS\System32\searchplugins folder moved successfully.
C:\WINDOWS\System32\Extensions folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\CRE folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 12142012_142344


----------



## Cookiegal (Aug 27, 2003)

Thanks. Would you please run a new scan so I can be sure they are all gone.


----------



## jlski (Dec 2, 2002)

OTL logfile created on: 12/14/2012 4:20:43 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.59 Mb Total Physical Memory | 187.53 Mb Available Physical Memory | 20.99% Memory free
2.11 Gb Paging File | 1.00 Gb Available in Paging File | 47.45% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.37 Gb Total Space | 97.66 Gb Free Space | 65.38% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 1.39 Gb Free Space | 34.71% Space Free | Partition Type: FAT32
Drive F: | 1.83 Gb Total Space | 0.60 Gb Free Space | 32.86% Space Free | Partition Type: FAT
Drive J: | 7.45 Gb Total Space | 4.35 Gb Free Space | 58.37% Space Free | Partition Type: FAT32

Computer Name: JERRYSCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/13 04:07:26 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
PRC - [2012/12/06 15:17:52 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/11/30 21:54:49 | 001,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/11/30 21:54:49 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/11/28 06:21:28 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 19:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/13 04:07:26 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
MOD - [2012/12/04 19:15:15 | 012,456,040 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 19:15:15 | 000,460,904 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 19:15:14 | 004,008,040 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 19:14:21 | 000,157,304 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 19:14:20 | 000,275,576 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 19:14:19 | 002,168,952 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/11/30 21:54:50 | 000,274,704 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll
MOD - [2012/11/14 18:41:18 | 004,537,856 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll
MOD - [2012/11/14 18:41:18 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/13 04:07:26 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/12/12 20:12:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/30 21:54:49 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\puppy.exe\catchme.sys -- (catchme)
DRV - [2012/11/30 21:54:50 | 000,132,296 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2012/11/30 21:54:50 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/30 21:54:50 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2006/04/06 00:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/01/18 04:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 07:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 18:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/16 18:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/16 18:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{090F55E8-FB85-465B-9F91-F3B22DC17939}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_en
IE - HKCU\..\SearchScopes\{161CE5A3-5CAB-48A3-8538-EE949896E6FA}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{4EE32D15-65AB-409B-AAEC-26208C52A67C}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{A1BA6E36-5D80-49D3-B80B-DD84E69A85B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121250,6900,0,5,0
IE - HKCU\..\SearchScopes\{CDD4F616-9BF2-4E6D-8460-73D49EF70E41}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=91AD6A88-13B1-4453-B562-E522C9210DD3&apn_sauid=C27CB996-DAFE-4308-9AC7-808CEE93C0F8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/18 09:24:19 | 000,000,000 | ---D | M]

[2011/11/03 04:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfffenfdjeibfomfbppoljahojkbbobb\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npwbe.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/30 21:24:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKCU..\Run: [ContactKeeper Birthday reminder] C:\Program Files\ContactKeeper\ContactKeeper.exe (ContactKeeper)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: RoboForm Editor - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: secureserver.net ([email14] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354034315693 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 19:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/14 12:36:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/13 10:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mileage Report 2013
[2012/12/12 18:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\backups
[2012/12/09 22:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography, Digital Cameras, Lenses, Electronics - Shipping til 7PM - Adorama Camera_files
[2012/12/09 16:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\I SHOT IT How do I enter a Themed Photo Competition _files
[2012/12/09 13:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fontconfig
[2012/12/09 13:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.gimp-2.8
[2012/12/09 13:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\gegl-0.2
[2012/12/09 12:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/12/09 12:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GimpShop
[2012/12/09 12:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\GimpShop
[2012/12/09 12:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/12/09 12:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/12/08 22:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Facebook_files
[2012/12/08 18:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Post to Fb
[2012/12/07 21:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography Assignments
[2012/12/06 19:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Comodo Detected Viruses
[2012/12/06 17:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/12/03 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
[2012/12/02 15:24:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/11/30 22:25:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/30 21:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/11/30 21:54:52 | 000,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/11/30 21:54:52 | 000,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/11/30 21:54:52 | 000,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/11/30 21:54:52 | 000,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/11/30 21:08:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/30 21:06:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/30 21:06:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/30 21:06:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/30 20:57:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/30 20:57:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/30 07:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinZip
[2012/11/29 15:59:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/11/29 15:58:57 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/29 05:52:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/11/28 20:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2012/11/28 14:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/11/28 11:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip
[2012/11/28 11:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/11/28 11:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/11/28 05:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/11/28 04:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography
[2012/11/27 20:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Angler
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Night In The Opera
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Night In The Opera
[2012/11/27 20:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/11/27 20:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2012/11/27 10:32:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2012/11/27 10:32:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/11/25 10:43:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/11/25 10:43:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2012/11/25 08:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\My Photos
[2012/11/24 08:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Post Photos

========== Files - Modified Within 30 Days ==========

[2012/12/14 16:27:23 | 000,007,777 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX - Weather Radar.url
[2012/12/14 16:25:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
[2012/12/14 16:21:52 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/12/14 16:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/14 16:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006UA.job
[2012/12/14 15:59:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/14 14:56:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/12/14 14:23:05 | 000,036,989 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\No fix.gif
[2012/12/14 14:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006Core.job
[2012/12/14 12:52:31 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/14 12:52:25 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/12/14 12:52:22 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/14 12:52:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/14 05:58:41 | 000,006,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Forecast.url
[2012/12/13 22:07:04 | 000,015,122 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/12/13 18:42:13 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX Forecast.url
[2012/12/13 15:15:38 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/13 12:17:09 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2012/12/13 12:17:09 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/12 21:45:19 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal - Page 2 - Tech Support Guy Forums.url
[2012/12/12 20:49:07 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2012/12/12 20:12:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/12 20:12:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/12 03:44:51 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/12 03:28:04 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/11 16:51:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/09 22:11:40 | 000,085,614 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Photography, Digital Cameras, Lenses, Electronics - Shipping til 7PM - Adorama Camera.htm
[2012/12/09 16:18:01 | 000,009,375 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\I SHOT IT How do I enter a Themed Photo Competition .htm
[2012/12/09 16:04:00 | 000,000,153 | ---- | M] () -- C:\WINDOWS\cavscan.INI
[2012/12/09 15:28:59 | 000,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/09 13:19:57 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/09 13:19:24 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GimpShop.lnk
[2012/12/08 22:03:38 | 000,371,584 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Facebook.htm
[2012/12/08 08:19:35 | 000,034,105 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_0285_2.jpg
[2012/12/07 23:16:41 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Inwardly Without Identity - Mooji - Global One TV Multimedia for Mystics.url
[2012/12/07 23:15:09 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photography assignments for beginners - Google Search.url
[2012/12/07 23:15:01 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Weekly Photography Assignments.url
[2012/12/07 23:14:42 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fun With Photography - Water Balloons.url
[2012/12/06 23:29:06 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/06 20:01:55 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/12/02 07:18:01 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 21:02:02 | 000,005,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 08:53:27 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/30 21:56:24 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/11/30 21:54:50 | 000,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/11/30 21:54:50 | 000,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/11/30 21:54:50 | 000,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/11/30 21:54:50 | 000,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/11/30 21:24:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/28 20:15:44 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 11:57:22 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 11:19:19 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/28 11:14:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/28 10:46:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/28 08:40:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/28 06:59:37 | 000,006,608 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Reboot2.gif
[2012/11/28 06:58:30 | 000,006,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Reboot1.gif
[2012/11/28 05:39:58 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/28 05:18:37 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/28 05:16:11 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Home.url
[2012/11/28 04:15:37 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tower Laboratories Pauling Therapy Store Home Page.url
[2012/11/27 20:36:16 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/25 10:23:02 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:55 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:47 | 001,133,113 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[2012/11/19 11:47:48 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs.url
[2012/11/19 11:47:03 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Got Milk.url
[2012/11/19 11:46:54 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gluco-z - Google Search.url
[2012/11/19 11:46:38 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs is Possible.url
[2012/11/19 05:25:31 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\All You Need is C.url
[2012/11/19 04:51:08 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GlucoZ Order Now.url
[2012/11/17 15:24:21 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FRACTION TO DECIMAL AND MM TABLE.url
[2012/11/16 03:04:30 | 000,493,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/16 03:04:30 | 000,089,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/14 22:44:23 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Project Gutenberg - free ebooks.url

========== Files Created - No Company Name ==========

[2012/12/14 14:23:05 | 000,036,989 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\No fix.gif
[2012/12/12 20:49:06 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/12/12 03:24:51 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/12/10 10:42:39 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/09 22:11:37 | 000,085,614 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Photography, Digital Cameras, Lenses, Electronics - Shipping til 7PM - Adorama Camera.htm
[2012/12/09 16:18:00 | 000,009,375 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\I SHOT IT How do I enter a Themed Photo Competition .htm
[2012/12/09 15:28:59 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/09 13:19:57 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/09 12:55:03 | 000,002,321 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GimpShop.lnk
[2012/12/08 22:03:30 | 000,371,584 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Facebook.htm
[2012/12/08 08:19:35 | 000,034,105 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_0285_2.jpg
[2012/12/07 23:16:39 | 000,002,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Inwardly Without Identity - Mooji - Global One TV Multimedia for Mystics.url
[2012/12/07 23:15:09 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photography assignments for beginners - Google Search.url
[2012/12/07 23:15:01 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Weekly Photography Assignments.url
[2012/12/07 23:14:42 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fun With Photography - Water Balloons.url
[2012/12/06 21:50:24 | 000,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2012/12/06 20:01:55 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/12/02 16:35:13 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal - Page 2 - Tech Support Guy Forums.url
[2012/12/02 07:18:01 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 08:53:35 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/01 08:53:26 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 08:53:20 | 000,005,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/30 21:56:24 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/11/30 21:09:03 | 000,000,202 | ---- | C] () -- C:\Boot.bak
[2012/11/30 21:09:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/30 21:06:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/30 21:06:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/30 21:06:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/30 21:06:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/30 21:06:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/28 20:15:44 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 20:14:53 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2012/11/28 20:14:52 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2012/11/28 11:57:22 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 10:41:02 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/28 06:56:45 | 000,006,608 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Reboot2.gif
[2012/11/28 06:56:16 | 000,006,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Reboot1.gif
[2012/11/28 05:18:37 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/27 20:36:16 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/25 10:23:01 | 000,001,025 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:54 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:41 | 001,133,113 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[2012/11/19 11:47:47 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs.url
[2012/11/19 11:47:03 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Got Milk.url
[2012/11/19 11:46:54 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gluco-z - Google Search.url
[2012/11/19 11:46:46 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Tower Laboratories Pauling Therapy Store Home Page.url
[2012/11/19 11:46:38 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaulingTherapy.com - Reversing Heart Disease w-o Drugs is Possible.url
[2012/11/19 05:25:31 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\All You Need is C.url
[2012/11/19 04:51:08 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GlucoZ Order Now.url
[2012/03/15 20:38:13 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/02/14 22:09:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/28 15:17:55 | 000,001,582 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/10/15 19:07:59 | 002,463,996 | ---- | C] () -- C:\Documents and Settings\Owner\canaon basic.pdf
[2011/10/15 19:07:58 | 003,295,971 | ---- | C] () -- C:\Documents and Settings\Owner\Canon Manual.pdf
[2011/09/23 10:53:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/10 05:55:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2011/08/27 15:52:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\settings.dat
[2011/08/18 22:50:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/18 22:50:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/07 19:43:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/12/31 12:32:22 | 000,109,921 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/12/31 12:32:21 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/12/31 12:01:00 | 000,086,410 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/12/31 11:56:29 | 000,109,947 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2010/12/31 11:56:29 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2010/11/08 09:40:18 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/30 19:01:55 | 000,015,122 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/06 05:56:01 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Owner\AddressBook
[2010/05/20 15:32:08 | 000,005,790 | R--- | C] () -- C:\Program Files\EULA.nor
[2010/04/14 06:20:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2009/01/09 18:07:22 | 000,007,547 | R--- | C] () -- C:\Program Files\EULA.ger
[2009/01/09 18:07:22 | 000,006,808 | R--- | C] () -- C:\Program Files\EULA.itn
[2009/01/09 18:07:22 | 000,006,748 | R--- | C] () -- C:\Program Files\EULA.rus
[2009/01/09 18:07:22 | 000,006,668 | R--- | C] () -- C:\Program Files\EULA.pol
[2009/01/09 18:07:22 | 000,006,300 | R--- | C] () -- C:\Program Files\EULA.spa
[2009/01/09 18:07:22 | 000,006,120 | R--- | C] () -- C:\Program Files\EULA.dut
[2009/01/09 18:07:22 | 000,005,968 | R--- | C] () -- C:\Program Files\EULA.frn
[2009/01/09 18:07:22 | 000,005,461 | R--- | C] () -- C:\Program Files\EULA.swe
[2009/01/09 18:07:22 | 000,005,452 | R--- | C] () -- C:\Program Files\EULA.brz
[2009/01/09 18:07:22 | 000,005,304 | R--- | C] () -- C:\Program Files\EULA.cze
[2009/01/09 18:07:22 | 000,005,237 | R--- | C] () -- C:\Program Files\EULA.jpn
[2009/01/09 18:07:22 | 000,004,849 | R--- | C] () -- C:\Program Files\EULA.eng
[2009/01/09 18:07:22 | 000,004,711 | R--- | C] () -- C:\Program Files\EULA.kor
[2009/01/09 18:07:22 | 000,003,380 | R--- | C] () -- C:\Program Files\EULA.cht
[2009/01/09 18:07:22 | 000,003,345 | R--- | C] () -- C:\Program Files\EULA.chs

========== ZeroAccess Check ==========

[2005/01/09 19:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Some went and some didn't. Please run ComboFix again and post the new log.


----------



## jlski (Dec 2, 2002)

Having a lot of problems with ComboFix now. A lot of viruses quarantined plus see attachment.


----------



## Cookiegal (Aug 27, 2003)

You need to disable all security programs when running ComboFix. Please remove it by dragging the program to the Recycle Bin and download it again.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.


----------



## jlski (Dec 2, 2002)

Sorry, forgot about that. Will redo. Thank you.


----------



## jlski (Dec 2, 2002)

I regret the day I tried Firefox


----------



## Cookiegal (Aug 27, 2003)

Let's try uninstalling ComboFix completely and then reinstalling and running it again (after disabling all security programs).

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Reboot the machine and then trying installing and running it again please.


----------



## jlski (Dec 2, 2002)

I tried that last night. Just tried again and the following results are in the attachments.


----------



## Cookiegal (Aug 27, 2003)

Please try running ComboFix in safe mode.


----------



## jlski (Dec 2, 2002)

OK. I had to delete Comodo because it kept running in safemode. Also I had to run ComboFix from the Desktop folder because it would not show on the desktop in Safemode. Here is the results from that scan.

ComboFix 12-12-14.01 - Owner 12/15/2012 20:05:46.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.702 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\puppy.exe.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Owner\LOCALS~1\Temp\SAS3.tmp
c:\documents and settings\Owner\Local Settings\Temp\SAS3.tmp
C:\puppy.exe
c:\puppy.exe\CF3226.3XE
.
.
((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-15 02:25 . 2012-12-15 02:25	--------	d-----w-	C:\puppy.exe17509p
2012-12-15 00:45 . 2012-12-15 00:57	--------	d-----w-	C:\ComboFix
2012-12-14 18:36 . 2012-12-14 18:36	--------	d-----w-	C:\_OTL
2012-12-09 19:13 . 2012-12-09 19:13	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\fontconfig
2012-12-09 19:12 . 2012-12-15 00:34	--------	d-----w-	c:\documents and settings\Owner\.gimp-2.8
2012-12-09 19:12 . 2012-12-09 19:12	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\gegl-0.2
2012-12-09 18:57 . 2012-12-09 18:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2012-12-09 18:52 . 2012-12-09 18:54	--------	d-----w-	c:\program files\GimpShop
2012-12-09 18:47 . 2012-12-09 18:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo!
2012-12-09 18:46 . 2012-12-09 18:57	--------	d-----w-	c:\program files\Yahoo!
2012-12-06 23:57 . 2012-12-06 23:57	--------	d-----w-	c:\program files\ESET
2012-11-30 13:38 . 2012-11-30 13:38	--------	d-----w-	c:\documents and settings\Owner\Application Data\WinZip
2012-11-29 21:59 . 2012-11-29 21:59	--------	d-----w-	c:\windows\ERUNT
2012-11-29 21:58 . 2012-11-29 21:58	--------	d-----w-	C:\JRT
2012-11-29 02:14 . 2012-11-29 02:14	--------	d-----w-	c:\program files\bfgclient
2012-11-28 20:11 . 2012-11-28 20:11	--------	d-----w-	c:\program files\SystemRequirementsLab
2012-11-28 17:59 . 2012-11-28 17:59	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2012-11-28 17:56 . 2012-11-28 17:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2012-11-28 02:46 . 2012-11-28 02:46	--------	d-----w-	c:\documents and settings\Owner\Application Data\Angler
2012-11-28 02:35 . 2012-11-28 02:36	--------	d-----w-	c:\program files\Night In The Opera
2012-11-28 02:14 . 2012-11-29 02:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\Big Fish Games
2012-11-28 02:12 . 2012-11-29 02:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\BigFishGamesCache
2012-11-27 16:32 . 2001-08-17 18:11	96640	-c--a-w-	c:\windows\system32\dllcache\b57xp32.sys
2012-11-27 16:32 . 2001-08-17 18:11	96640	----a-w-	c:\windows\system32\drivers\b57xp32.sys
2012-11-25 16:43 . 2012-11-01 03:30	78336	-c--a-w-	c:\windows\system32\dllcache\ieencode.dll
2012-11-25 16:43 . 2012-11-01 03:30	78336	----a-w-	c:\windows\system32\ieencode.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 02:12 . 2012-05-08 04:05	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-13 02:12 . 2011-07-04 20:39	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2007-07-11 20:28	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2007-07-11 20:20	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2007-07-11 20:21	375296	----a-w-	c:\windows\system32\dpnet.dll
2012-11-01 03:30 . 2007-07-11 20:28	832512	----a-w-	c:\windows\system32\wininet.dll
2012-11-01 03:30 . 2007-07-11 20:23	1830912	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-01 03:30 . 2007-07-11 20:21	17408	----a-w-	c:\windows\system32\corpol.dll
2012-10-02 18:04 . 2007-07-11 20:27	58368	----a-w-	c:\windows\system32\synceng.dll
2012-09-30 01:54 . 2011-09-07 03:06	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-24 20:32 . 2012-07-22 11:48	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-24 20:32 . 2011-04-27 18:36	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-24 18:51 . 2012-07-22 11:48	73728	----a-w-	c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-12-06 109336]
"ContactKeeper Birthday reminder"="c:\program files\ContactKeeper\ContactKeeper.exe" [2011-11-11 921600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Namo\\WebEditor 5\\bin\\WebEditor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\COMODO\Dragon\dragon_updater.exe [12/13/2012 4:07 AM 1868432]
S2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2/21/2012 8:58 AM 1168680]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
SUnknown SASKUTIL;SASKUTIL; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 02:12]
.
2012-12-16 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2012-12-16 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-11 07:39]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-11 07:39]
.
2012-12-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
2012-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
2012-12-16 c:\windows\Tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Password Generator - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: RoboForm TaskBar Icon - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: secureserver.net\email14
TCP: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
.
.
------- File Associations -------
.
.scr=Icad.load.scr
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-15 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(248)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-12-15 20:28:23
ComboFix-quarantined-files.txt 2012-12-16 02:28
ComboFix2.txt 2012-12-01 03:28
.
Pre-Run: 104,767,082,496 bytes free
Post-Run: 104,908,357,632 bytes free
.
- - End Of File - - 3937A8CEA852946CF47B5C36DFD3032A


----------



## Cookiegal (Aug 27, 2003)

Did you install BigFishGames and GimpShop intentionally?

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## jlski (Dec 2, 2002)

Yes, I did install them. Is there a problem with them?

Here's the list.

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI
Adobe Shockwave Player 11.6
ATI Display Driver
Big Fish Games: Game Manager
Browser Address Error Redirector
CCleaner
Comodo Dragon
Comodo HopSurf
COMODO Internet Security
ContactKeeper 1.5.0
Digital Media Reader
DVD Solution
ESET Online Scanner v3
GimpShop 2.8
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
Internet Explorer (Enable DEP)
Java(TM) 6 Update 37
Lost Treasures of Alexandria
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Namo WebEditor 5
Night In The Opera
OpenOffice.org 3.3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
RoboForm 7-8-4-7 (All Users)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype&#8482; 5.10
Sonic Encoders
Sparkle
SpywareBlaster 4.6
swMSM
System Requirements Lab for Intel
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Backup Utility
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 17.0


----------



## Cookiegal (Aug 27, 2003)

No but I was curious because they were all installed at the same time as PC Optimizer Pro, which you said you never installed.


----------



## Cookiegal (Aug 27, 2003)

Please delete this folder:

c:\documents and settings\All Users\Application Data\*PC Optimizer Pro*

Are you still having problems with Firefox taking a long time to open up?

If so, does the same thing happen with Internet Explorer?


----------



## jlski (Dec 2, 2002)

I don't use FireFox because several times I tried and my computer went crazy. I use IE7 & Comodo Dragon a little but use mostly Google Chrome. All three have been slow to none responsive and never opening maximized. Not a major thing, an irritant more than anything else.

I deleted c:\documents and settings\All Users\Application Data\PC Optimizer Pro.

I will re boot now that file has been deleted and see what happens.

Be back shortly.


----------



## jlski (Dec 2, 2002)

23 seconds for Google chrome to come uo and start but opened maximized. 7 seconds on IE7 but opened maximized.


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start * *Run *- type *msconfig*  click OK and click on the *startup tab*. Uncheck everything there except for your anti-virus program. Then reboot and let me know if the problem persists please.


----------



## jlski (Dec 2, 2002)

Comodo is not listed. Uncheck everything still?


----------



## Cookiegal (Aug 27, 2003)

jlski said:


> Comodo is not listed. Uncheck everything still?


Yes please but take note of what was checked so you can return it to the same way it was before after the test.


----------



## jlski (Dec 2, 2002)

IE7 and Google Chrome initialized in 5-8 seconds, however, the page load time was about double that.


----------



## Cookiegal (Aug 27, 2003)

Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## jlski (Dec 2, 2002)

Tried Installing RogueKiller. My anti-virus was off and Windows Firewall was off. My internet connection is working. See attachment. GRRRR!!!!


----------



## Cookiegal (Aug 27, 2003)

Delete any of these folders that may exist and then try again please.

C:\Program Files\*W3i*
C:\Documents and Settings\All Users\Application Data\*W3i*
C:\Documents and Settings\All Users\Start Menu\Programs\*Uninstall Helper*


----------



## jlski (Dec 2, 2002)

None of these files are there.


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*W3i*
:folderfind
W3i
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## jlski (Dec 2, 2002)

SystemLook 30.07.11 by jpshortstuff
Log created at 12:39 on 18/12/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*W3i*"
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YI1A8TFG\4CAUC5F3CCABP0N1ICARRV0OXCAVWLEUJCAQWA0F8CARQ9LH4CAINUS8DCAIYXC1XCAIU3W3ICAD7LK5RCAI4EBP8CA1EPX0GCAQ0999BCA1M6I65CAA9T45CCAKC19MYCAAEDB70CATGA356CAMZWUVXCAFOYV79	--a---- 1520 bytes	[12:10 16/12/2012]	[12:10 16/12/2012] B4109CBEAA49E49551828AE86400BFD0

========== folderfind ==========

Searching for "W3i"
No folders found.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please run Adwcleaner again as per the instructions in post no. 69.


----------



## jlski (Dec 2, 2002)

I ran search and this is the log.

# AdwCleaner v2.101 - Logfile created 12/18/2012 at 13:17:20
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - JERRYSCOMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17115

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.16] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "hxxp://www.claro-search.com/?affID=117465&tt=4812_4&babsrc=HP_ss&mntrId=742510ee0000000000000016767832aa", "hxxp://us.yahoo.com/?fr=fpc-comodo" ]
Found [l.2469] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "hxxp://www.claro-search.com/?affID=117465&tt=4812_4&babsrc=HP_ss&mntrId=742510ee0000000000000016767832aa", "hxxp://us.yahoo.com/?fr=fpc-comodo" ]

*************************

AdwCleaner[R1].txt - [1328 octets] - [18/12/2012 13:15:52]
AdwCleaner[R2].txt - [1259 octets] - [18/12/2012 13:17:20]

########## EOF - C:\AdwCleaner[R2].txt - [1319 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please run it again and select the option to delete what was found and post the resulting log.


----------



## jlski (Dec 2, 2002)

# AdwCleaner v2.101 - Logfile created 12/18/2012 at 13:17:20
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - JERRYSCOMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17115

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.16] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "hxxp://www.claro-search.com/?affID=117465&tt=4812_4&babsrc=HP_ss&mntrId=742510ee0000000000000016767832aa", "hxxp://us.yahoo.com/?fr=fpc-comodo" ]
Found [l.2469] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "hxxp://www.claro-search.com/?affID=117465&tt=4812_4&babsrc=HP_ss&mntrId=742510ee0000000000000016767832aa", "hxxp://us.yahoo.com/?fr=fpc-comodo" ]

*************************

AdwCleaner[R1].txt - [1328 octets] - [18/12/2012 13:15:52]
AdwCleaner[R2].txt - [1259 octets] - [18/12/2012 13:17:20]

########## EOF - C:\AdwCleaner[R2].txt - [1319 octets] ##########


----------



## jlski (Dec 2, 2002)

That log looks just like the Search log. I did run the deletew.


----------



## jlski (Dec 2, 2002)

Ran Again

# AdwCleaner v2.101 - Logfile created 12/18/2012 at 14:56:25
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - JERRYSCOMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17115

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1328 octets] - [18/12/2012 13:15:52]
AdwCleaner[R2].txt - [1388 octets] - [18/12/2012 13:17:20]
AdwCleaner[S1].txt - [1169 octets] - [18/12/2012 14:36:07]
AdwCleaner[S2].txt - [888 octets] - [18/12/2012 14:56:25]

########## EOF - C:\AdwCleaner[S2].txt - [947 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

It looks like it was successful.

Please try downloading and running RogueKiller again.


----------



## jlski (Dec 2, 2002)

I downloaded RogueKiller this time from Major Geeks and it worked perfectly.

RogueKiller V8.4.0 [Dec 18 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 12/18/2012 17:21:32

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDT722516DLAT80 +++++
--- User ---
[MBR] d90e6805366b0e7fa8701a4ee1fe39c5
[BSP] dfad42d9922357038cb44612ca38bbe6 : Legit2 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 8401995 | Size: 152954 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 4102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12182012_02d1721.txt >>
RKreport[1]_S_12182012_02d1721.txt


----------



## Cookiegal (Aug 27, 2003)

OK, that's good. Would you please try the other download and let me know if you have the same problem with that rogue installer. If so, we'll have to dig deeper to remove it.


----------



## jlski (Dec 2, 2002)

It ran ok. Here is the log from the scan.

RogueKiller V8.4.0 [Dec 18 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 12/18/2012 20:31:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDT722516DLAT80 +++++
--- User ---
[MBR] d90e6805366b0e7fa8701a4ee1fe39c5
[BSP] dfad42d9922357038cb44612ca38bbe6 : Legit2 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 8401995 | Size: 152954 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 4102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12182012_02d2031.txt >>
RKreport[1]_S_12182012_02d2031.txt


----------



## Cookiegal (Aug 27, 2003)

Are you still having problems with the browsers?


----------



## jlski (Dec 2, 2002)

IE7 Is still very slow to initialize and load. Google is faster but a little slow loading.


----------



## Cookiegal (Aug 27, 2003)

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## jlski (Dec 2, 2002)

Sorry cookiegal  Getting tired of me yet? 



When trying to download the Junkware Removal Tool I got a malicious warning at the lower left hand corner of my browser as shown in the third snapshot but went ahead and ran it anyway..

It still will not run. Anti-virus software and Windows Firewall were disabled.

The first snapshot is self explanatory. The second snapshot is the notice after aborting the InstallIQ.


----------



## jlski (Dec 2, 2002)

Everything OK?


----------



## Cookiegal (Aug 27, 2003)

Sorry I had no power all day yesterday and today I'm having vision problems.

Please run SystemLook again with the following script:

```
:filefind
*InstallIQ*
:folderfind
InstallIQ
:regfind
freeze.com
InstallIQ
```


----------



## jlski (Dec 2, 2002)

Hope all is well now for you.

That last ordeal with junkware has really goofed up programs and internet. Programs and browsers slow to initialized and internet very slow loading.

SystemLook 30.07.11 by jpshortstuff
Log created at 19:23 on 20/12/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*InstallIQ*"
C:\Documents and Settings\Owner\Desktop\Computer Cleanup\InstallIQ.gif	--a---- 122967 bytes	[21:20 17/12/2012]	[15:54 19/12/2012] 75823AD8BA8494B875C02887CFBD4D73
C:\Documents and Settings\Owner\Desktop\Computer Cleanup\InstallIQ_2.gif	--a---- 102221 bytes	[15:55 19/12/2012]	[15:55 19/12/2012] 79D1D686520197A79F397BD1785003B6
C:\Documents and Settings\Owner\Desktop\Computer Cleanup\InstallIQ_3.gif	--a---- 102084 bytes	[16:01 19/12/2012]	[16:01 19/12/2012] E8C6EC82118D742611E21E554F28BB70
C:\Documents and Settings\Owner\Recent\InstallIQ.lnk	--a---- 488 bytes	[21:20 17/12/2012]	[15:59 19/12/2012] FA47147BF3CA8E7A8CFDCB049144DE45
C:\Documents and Settings\Owner\Recent\InstallIQ_2.lnk	--a---- 498 bytes	[15:55 19/12/2012]	[15:59 19/12/2012] A600C09064976E5B86BB01C8BC420AA7
C:\Documents and Settings\Owner\Recent\InstallIQ_3.lnk	--a---- 498 bytes	[16:01 19/12/2012]	[16:04 19/12/2012] 6A3994FD1C71C5529D457FC7471B640F

========== folderfind ==========

Searching for "InstallIQ"
No folders found.

========== regfind ==========

Searching for "freeze.com"
No data found.

Searching for "InstallIQ"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"b"="C:\Documents and Settings\Owner\Desktop\InstallIQ_3.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"c"="C:\Documents and Settings\Owner\Desktop\InstallIQ.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"d"="C:\Documents and Settings\Owner\Desktop\InstallIQ_2.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\InstallIQ]
[HKEY_LOCAL_MACHINE\SOFTWARE\W3i\InstallIQ]
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"b"="C:\Documents and Settings\Owner\Desktop\InstallIQ_3.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"c"="C:\Documents and Settings\Owner\Desktop\InstallIQ.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"d"="C:\Documents and Settings\Owner\Desktop\InstallIQ_2.gif"

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a Fixjlski.zip file to this post to remove a couple of those registry entries. Please save it to your desktop. Unzip it and double-click th Fixjlski.reg file and allow it to merge into the registry. Then reboot the machine and let me know what the new problem are you're experiencing.


----------



## jlski (Dec 2, 2002)

Rebooting was pretty fast but finalizing was extremely slow. Initializing programs form desktop icons extremely slow. Initializing web browser/Google from desk top icons as well as within the browser itself are extremely slow. Would you care for a cup of coffee?


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again and post the new log.


----------



## jlski (Dec 2, 2002)

OTL logfile created on: 12/20/2012 8:36:37 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.59 Mb Total Physical Memory | 270.02 Mb Available Physical Memory | 30.22% Memory free
2.11 Gb Paging File | 0.90 Gb Available in Paging File | 42.40% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.37 Gb Total Space | 103.65 Gb Free Space | 69.39% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 1.39 Gb Free Space | 34.71% Space Free | Partition Type: FAT32
Drive J: | 7.45 Gb Total Space | 2.55 Gb Free Space | 34.24% Space Free | Partition Type: FAT32

Computer Name: JERRYSCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/19 08:18:55 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\program files\real\realplayer\update\realsched.exe
PRC - [2012/12/19 08:03:44 | 001,868,432 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2012/12/16 05:53:23 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/12/06 15:17:52 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
PRC - [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/11/29 20:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/12/09 19:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/19 08:03:44 | 001,868,432 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
MOD - [2012/12/16 05:53:23 | 000,274,704 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll
MOD - [2012/12/04 19:15:15 | 012,456,040 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 19:15:15 | 000,460,904 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012/12/04 19:15:14 | 004,008,040 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 19:14:21 | 000,157,304 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 19:14:20 | 000,275,576 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 19:14:19 | 002,168,952 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/11/29 20:36:08 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll
MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/11/14 18:41:18 | 004,537,856 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libglesv2.dll
MOD - [2012/11/14 18:41:18 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libegl.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\System32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\System32\devenum.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/19 08:03:44 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/12/16 05:53:23 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/12/12 20:12:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/12/16 05:53:23 | 000,132,296 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard)
DRV - [2012/12/16 05:53:23 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2012/12/16 05:53:23 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2006/04/06 00:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/01/18 04:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 07:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 18:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/16 18:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/16 18:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{090F55E8-FB85-465B-9F91-F3B22DC17939}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_en
IE - HKCU\..\SearchScopes\{161CE5A3-5CAB-48A3-8538-EE949896E6FA}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{4EE32D15-65AB-409B-AAEC-26208C52A67C}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{A1BA6E36-5D80-49D3-B80B-DD84E69A85B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121250,6900,0,5,0
IE - HKCU\..\SearchScopes\{CDD4F616-9BF2-4E6D-8460-73D49EF70E41}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=91AD6A88-13B1-4453-B562-E522C9210DD3&apn_sauid=C27CB996-DAFE-4308-9AC7-808CEE93C0F8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/19 08:19:56 | 000,000,000 | ---D | M]

[2011/11/03 04:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npwbe.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: Aviary for Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkinocibdedleighgndmbfpbialnblep\1.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.4.1.22_0\
CHR - Extension: Freecell Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cabpjbpfakfhcfidnjahmdophhihafkh\1.0.0.1_0\
CHR - Extension: Thesaurus.com = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci\1.5.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Read Later Fast = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.4_0\
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: TweetDeck = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.3.0_0\
CHR - Extension: Pixlr Editor = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: World of Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: The Weather Channel for Chrome = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Glitterboo = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikkpgihagilojnkmkkfcbhlainmnkicp\1.1.4_0\
CHR - Extension: WordPress.com = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd\1.1_0\
CHR - Extension: Aviary Photo Editor for Facebook = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnhpjhojpnckkehlebbkpoammaemnnno\0.0.3_0\
CHR - Extension: YouTube Video Deck = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpoakikepagdiphlmfaeifpojdmbnegj\0.7.8_0\
CHR - Extension: Mahjong Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: Mahjong = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nnmegcjbmjoiljlhacoemajmckpljckl\13.2334.9140_0\
CHR - Extension: TV = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojodjefldcdcglpfbkklajdjaodibgcg\2.4_0\
CHR - Extension: FBQuickly = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\phehnhfkojbodpjkfdbegcfhncgbdjem\1.2.8_0\
CHR - Extension: Weather Underground = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/15 20:22:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\System32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ContactKeeper Birthday reminder] C:\Program Files\ContactKeeper\ContactKeeper.exe (ContactKeeper)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: RoboForm Editor - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: secureserver.net ([email14] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354034315693 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 19:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/19 08:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012/12/19 08:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2012/12/19 08:19:19 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/12/19 08:18:59 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/12/19 08:18:59 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/12/19 08:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/12/19 08:18:57 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/12/18 17:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RK_Quarantine
[2012/12/17 15:52:14 | 001,650,880 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Owner\Desktop\7zip_installer_d1914226.exe
[2012/12/17 11:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\My Best Photos
[2012/12/16 19:07:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/16 07:23:04 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/12/16 05:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Comodo
[2012/12/16 05:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/12/16 05:53:26 | 000,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/12/16 05:53:26 | 000,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/12/16 05:53:26 | 000,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/12/16 05:53:26 | 000,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/12/15 21:13:16 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/12/15 20:28:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/12/14 20:25:25 | 000,000,000 | ---D | C] -- C:\puppy.exe17509p
[2012/12/14 18:45:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/12/14 12:36:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/13 10:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mileage Report 2013
[2012/12/12 18:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\backups
[2012/12/09 13:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fontconfig
[2012/12/09 13:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\gegl-0.2
[2012/12/09 12:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/12/08 18:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Post to Fb
[2012/12/07 21:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography Assignments
[2012/12/06 19:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Comodo Detected Viruses
[2012/12/03 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
[2012/12/02 15:24:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/11/30 21:08:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/30 21:06:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/30 21:06:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/30 21:06:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/30 20:57:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/30 20:57:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/30 07:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinZip
[2012/11/29 15:59:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/11/29 15:58:57 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/29 05:52:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/11/28 20:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2012/11/28 14:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/11/28 11:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip
[2012/11/28 11:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/11/28 11:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/11/28 04:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography
[2012/11/27 20:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Angler
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Night In The Opera
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Night In The Opera
[2012/11/27 20:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/11/27 20:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2012/11/27 10:32:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2012/11/27 10:32:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/11/25 10:43:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/11/25 10:43:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2012/11/25 08:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\My Photos
[2012/11/24 08:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Post Photos
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/20 20:31:23 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
[2012/12/20 20:12:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/20 20:12:37 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/20 20:12:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/20 20:12:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/20 20:12:00 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/12/20 20:11:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/20 20:07:16 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006UA.job
[2012/12/20 20:05:39 | 000,000,210 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fixjlski.zip
[2012/12/20 19:59:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/20 19:22:49 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2012/12/20 19:11:19 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/20 18:56:04 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/12/20 14:07:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006Core.job
[2012/12/19 20:32:48 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/19 08:20:06 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/12/19 08:19:19 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/12/19 08:18:59 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/12/19 08:18:59 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/12/19 08:18:57 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/12/18 20:27:07 | 000,756,224 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2012/12/18 13:11:32 | 000,547,175 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2012/12/18 01:08:36 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2012/12/18 00:49:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/17 20:01:34 | 000,049,894 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fireonthewater.jpg
[2012/12/17 16:40:36 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/17 15:52:15 | 001,650,880 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Owner\Desktop\7zip_installer_d1914226.exe
[2012/12/17 11:25:44 | 000,013,581 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\night.jpg
[2012/12/17 11:25:07 | 000,012,125 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fire.jpg
[2012/12/16 19:29:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/12/16 19:29:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/12/16 07:39:08 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/12/16 07:39:08 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2012/12/16 07:20:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/16 07:18:18 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/16 06:58:13 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/12/16 05:55:51 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/12/16 05:53:23 | 000,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/12/16 05:53:23 | 000,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/12/16 05:53:23 | 000,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/12/16 05:53:23 | 000,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/12/16 00:17:59 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/12/15 21:40:01 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/12/15 20:22:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/14 17:58:19 | 000,001,482 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/14 16:29:38 | 000,006,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Forecast.url
[2012/12/14 16:28:09 | 000,008,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX - Weather Radar.url
[2012/12/13 22:07:04 | 000,015,122 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/12/13 18:42:13 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX Forecast.url
[2012/12/13 12:17:09 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2012/12/13 12:17:09 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/12 21:45:19 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal.url
[2012/12/12 20:12:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/12 20:12:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/12 03:44:51 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/09 16:04:00 | 000,000,153 | ---- | M] () -- C:\WINDOWS\cavscan.INI
[2012/12/09 15:28:59 | 000,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/08 08:19:35 | 000,034,105 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_0285_2.jpg
[2012/12/07 23:16:41 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Inwardly Without Identity - Mooji - Global One TV Multimedia for Mystics.url
[2012/12/07 23:15:09 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photography assignments for beginners - Google Search.url
[2012/12/07 23:15:01 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Weekly Photography Assignments.url
[2012/12/07 23:14:42 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fun With Photography - Water Balloons.url
[2012/12/06 23:29:06 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/06 20:01:55 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/12/02 07:18:01 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 21:02:02 | 000,005,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 08:53:27 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/28 20:15:44 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 11:57:22 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 11:19:19 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/28 10:46:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/28 08:40:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/28 05:39:58 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/28 05:16:11 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Home.url
[2012/11/28 04:15:37 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tower Laboratories Pauling Therapy Store Home Page.url
[2012/11/27 20:36:16 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/25 10:23:02 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:55 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:47 | 001,133,113 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/20 20:05:36 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fixjlski.zip
[2012/12/20 19:22:47 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2012/12/19 08:28:07 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/19 08:28:05 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/19 08:20:06 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/12/18 20:26:34 | 000,756,224 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2012/12/18 13:11:30 | 000,547,175 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2012/12/18 01:08:36 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/12/17 20:01:34 | 000,049,894 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fireonthewater.jpg
[2012/12/17 11:25:44 | 000,013,581 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\night.jpg
[2012/12/17 11:25:02 | 000,012,125 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fire.jpg
[2012/12/17 07:44:10 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/16 05:55:51 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/12/15 21:39:22 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/12/15 21:39:22 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/12/15 21:38:57 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/12/15 21:38:57 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media Player.lnk
[2012/12/15 21:38:57 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2012/12/15 20:57:51 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/12/15 20:01:38 | 000,060,416 | ---- | C] () -- C:\WINDOWS\NIRCMD.exe
[2012/12/14 17:58:19 | 000,001,482 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/12 03:24:51 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/12/09 15:28:59 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/08 08:19:35 | 000,034,105 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_0285_2.jpg
[2012/12/07 23:16:39 | 000,002,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Inwardly Without Identity - Mooji - Global One TV Multimedia for Mystics.url
[2012/12/07 23:15:09 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photography assignments for beginners - Google Search.url
[2012/12/07 23:15:01 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Weekly Photography Assignments.url
[2012/12/07 23:14:42 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fun With Photography - Water Balloons.url
[2012/12/06 21:50:24 | 000,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2012/12/06 20:01:55 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/12/02 16:35:13 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal.url
[2012/12/02 07:18:01 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 08:53:35 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/01 08:53:26 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 08:53:20 | 000,005,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/30 21:09:03 | 000,000,202 | ---- | C] () -- C:\Boot.bak
[2012/11/30 21:09:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/30 21:06:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/30 21:06:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/30 21:06:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/30 21:06:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/30 21:06:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/28 20:15:44 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 20:14:53 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2012/11/28 11:57:22 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 10:41:02 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/27 20:36:16 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/25 10:23:01 | 000,001,025 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:54 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:41 | 001,133,113 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[2012/03/15 20:38:13 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/02/14 22:09:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/28 15:17:55 | 000,001,582 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/10/15 19:07:59 | 002,463,996 | ---- | C] () -- C:\Documents and Settings\Owner\canaon basic.pdf
[2011/10/15 19:07:58 | 003,295,971 | ---- | C] () -- C:\Documents and Settings\Owner\Canon Manual.pdf
[2011/09/23 10:53:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/10 05:55:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2011/08/27 15:52:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\settings.dat
[2011/08/18 22:50:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/18 22:50:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/07 19:43:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/12/31 12:32:22 | 000,109,921 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/12/31 12:32:21 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/12/31 12:01:00 | 000,086,410 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/12/31 11:56:29 | 000,109,947 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2010/12/31 11:56:29 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2010/11/08 09:40:18 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/30 19:01:55 | 000,015,122 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/06 05:56:01 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Owner\AddressBook
[2010/05/20 15:32:08 | 000,005,790 | R--- | C] () -- C:\Program Files\EULA.nor
[2010/04/14 06:20:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2009/01/09 18:07:22 | 000,007,547 | R--- | C] () -- C:\Program Files\EULA.ger
[2009/01/09 18:07:22 | 000,006,808 | R--- | C] () -- C:\Program Files\EULA.itn
[2009/01/09 18:07:22 | 000,006,748 | R--- | C] () -- C:\Program Files\EULA.rus
[2009/01/09 18:07:22 | 000,006,668 | R--- | C] () -- C:\Program Files\EULA.pol
[2009/01/09 18:07:22 | 000,006,300 | R--- | C] () -- C:\Program Files\EULA.spa
[2009/01/09 18:07:22 | 000,006,120 | R--- | C] () -- C:\Program Files\EULA.dut
[2009/01/09 18:07:22 | 000,005,968 | R--- | C] () -- C:\Program Files\EULA.frn
[2009/01/09 18:07:22 | 000,005,461 | R--- | C] () -- C:\Program Files\EULA.swe
[2009/01/09 18:07:22 | 000,005,452 | R--- | C] () -- C:\Program Files\EULA.brz
[2009/01/09 18:07:22 | 000,005,304 | R--- | C] () -- C:\Program Files\EULA.cze
[2009/01/09 18:07:22 | 000,005,237 | R--- | C] () -- C:\Program Files\EULA.jpn
[2009/01/09 18:07:22 | 000,004,849 | R--- | C] () -- C:\Program Files\EULA.eng
[2009/01/09 18:07:22 | 000,004,711 | R--- | C] () -- C:\Program Files\EULA.kor
[2009/01/09 18:07:22 | 000,003,380 | R--- | C] () -- C:\Program Files\EULA.cht
[2009/01/09 18:07:22 | 000,003,345 | R--- | C] () -- C:\Program Files\EULA.chs

========== ZeroAccess Check ==========

[2005/01/09 19:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


----------



## jlski (Dec 2, 2002)

I was thinking about uninstalling IE. Would that cause you any problems?


----------



## Cookiegal (Aug 27, 2003)

You shouldn't be able to uninstall IE and it's not advised to even try to do that.

Sorry, it's still hit and miss here. Power was out for over an hour earlier but we're back on now. I just don't know for how long. We're having a severe winter storm here.

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
[2012/12/17 15:52:14 | 001,650,880 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Owner\Desktop\7zip_installer_d1914226.exe
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## jlski (Dec 2, 2002)

OTL logfile created on: 12/21/2012 1:14:26 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.59 Mb Total Physical Memory | 455.61 Mb Available Physical Memory | 50.99% Memory free
2.11 Gb Paging File | 1.78 Gb Available in Paging File | 84.16% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.37 Gb Total Space | 103.75 Gb Free Space | 69.46% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 1.39 Gb Free Space | 34.71% Space Free | Partition Type: FAT32
Drive J: | 7.45 Gb Total Space | 2.55 Gb Free Space | 34.24% Space Free | Partition Type: FAT32

Computer Name: JERRYSCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/21 06:11:04 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/19 08:18:58 | 000,500,888 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2012/12/19 08:18:55 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/19 08:03:44 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
PRC - [2012/12/16 05:53:23 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/11/30 15:30:34 | 000,187,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/23 19:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 19:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/19 08:03:44 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/19 08:03:44 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/12/16 05:53:23 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/12/12 20:12:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/12/16 05:53:23 | 000,132,296 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2012/12/16 05:53:23 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/12/16 05:53:23 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2006/04/06 00:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/01/18 04:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 07:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 18:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/16 18:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/16 18:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.roboform.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{090F55E8-FB85-465B-9F91-F3B22DC17939}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_en
IE - HKCU\..\SearchScopes\{161CE5A3-5CAB-48A3-8538-EE949896E6FA}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{4EE32D15-65AB-409B-AAEC-26208C52A67C}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{A1BA6E36-5D80-49D3-B80B-DD84E69A85B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121250,6900,0,5,0
IE - HKCU\..\SearchScopes\{CDD4F616-9BF2-4E6D-8460-73D49EF70E41}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=91AD6A88-13B1-4453-B562-E522C9210DD3&apn_sauid=C27CB996-DAFE-4308-9AC7-808CEE93C0F8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/19 08:19:56 | 000,000,000 | ---D | M]

[2011/11/03 04:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npwbe.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: Aviary for Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkinocibdedleighgndmbfpbialnblep\1.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.4.1.22_0\
CHR - Extension: Freecell Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cabpjbpfakfhcfidnjahmdophhihafkh\1.0.0.1_0\
CHR - Extension: Thesaurus.com = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci\1.5.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Read Later Fast = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.4_0\
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: TweetDeck = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.3.0_0\
CHR - Extension: Pixlr Editor = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: World of Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: The Weather Channel for Chrome = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Glitterboo = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikkpgihagilojnkmkkfcbhlainmnkicp\1.1.4_0\
CHR - Extension: WordPress.com = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd\1.1_0\
CHR - Extension: Aviary Photo Editor for Facebook = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnhpjhojpnckkehlebbkpoammaemnnno\0.0.3_0\
CHR - Extension: YouTube Video Deck = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpoakikepagdiphlmfaeifpojdmbnegj\0.7.8_0\
CHR - Extension: YouTube Video Deck = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpoakikepagdiphlmfaeifpojdmbnegj\0.8.0_0\
CHR - Extension: Mahjong Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: Mahjong = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nnmegcjbmjoiljlhacoemajmckpljckl\13.2334.9140_0\
CHR - Extension: TV = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojodjefldcdcglpfbkklajdjaodibgcg\2.4_0\
CHR - Extension: FBQuickly = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\phehnhfkojbodpjkfdbegcfhncgbdjem\1.2.8_0\
CHR - Extension: Weather Underground = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/15 20:22:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ContactKeeper Birthday reminder] C:\Program Files\ContactKeeper\ContactKeeper.exe (ContactKeeper)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: RoboForm Editor - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: secureserver.net ([email14] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354034315693 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 19:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/19 08:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012/12/19 08:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2012/12/19 08:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/12/19 08:18:57 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/12/17 11:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\My Best Photos
[2012/12/16 19:07:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/16 05:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Comodo
[2012/12/16 05:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/12/16 05:53:26 | 000,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/12/16 05:53:26 | 000,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/12/16 05:53:26 | 000,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/12/16 05:53:26 | 000,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/12/15 20:28:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/12/14 20:25:25 | 000,000,000 | ---D | C] -- C:\puppy.exe17509p
[2012/12/14 18:45:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/12/14 12:36:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/13 10:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mileage Report 2013
[2012/12/12 18:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\backups
[2012/12/09 13:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fontconfig
[2012/12/09 13:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\gegl-0.2
[2012/12/09 12:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/12/08 18:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Post to Fb
[2012/12/07 21:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography Assignments
[2012/12/06 19:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Comodo Detected Viruses
[2012/12/03 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
[2012/12/02 15:24:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/11/30 21:08:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/30 21:06:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/30 21:06:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/30 21:06:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/30 20:57:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/30 20:57:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/30 07:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinZip
[2012/11/29 15:59:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/11/29 15:58:57 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/29 05:52:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/11/28 20:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2012/11/28 14:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/11/28 11:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip
[2012/11/28 11:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/11/28 11:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/11/28 04:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Photography
[2012/11/27 20:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Angler
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Night In The Opera
[2012/11/27 20:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Night In The Opera
[2012/11/27 20:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/11/27 20:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2012/11/25 08:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\My Photos
[2012/11/24 08:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Post Photos
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/21 13:16:15 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
[2012/12/21 13:14:34 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/21 13:14:33 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/21 13:14:32 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/21 13:13:53 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/21 13:13:46 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/12/21 13:13:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/21 13:11:10 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/21 13:07:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006UA.job
[2012/12/21 12:59:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/21 10:56:03 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/12/20 14:07:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2752115482-2144442535-3955104311-1006Core.job
[2012/12/19 20:32:48 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/19 08:20:06 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/12/19 08:18:57 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/12/18 01:08:36 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2012/12/18 00:49:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/17 20:01:34 | 000,049,894 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fireonthewater.jpg
[2012/12/17 16:40:36 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/17 11:25:44 | 000,013,581 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\night.jpg
[2012/12/17 11:25:07 | 000,012,125 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fire.jpg
[2012/12/16 19:29:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/12/16 19:29:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/12/16 07:39:08 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/12/16 07:39:08 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2012/12/16 07:20:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/16 07:18:18 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/16 06:58:13 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/12/16 05:55:51 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/12/16 05:53:23 | 000,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2012/12/16 05:53:23 | 000,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2012/12/16 05:53:23 | 000,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2012/12/16 05:53:23 | 000,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2012/12/16 00:17:59 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/12/15 21:40:01 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/12/15 20:22:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/14 17:58:19 | 000,001,482 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/14 16:29:38 | 000,006,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Forecast.url
[2012/12/14 16:28:09 | 000,008,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX - Weather Radar.url
[2012/12/13 22:07:04 | 000,015,122 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/12/13 18:42:13 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KBTX Forecast.url
[2012/12/13 12:17:09 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2012/12/13 12:17:09 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/12 21:45:19 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal.url
[2012/12/12 03:44:51 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/09 16:04:00 | 000,000,153 | ---- | M] () -- C:\WINDOWS\cavscan.INI
[2012/12/09 15:28:59 | 000,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/08 08:19:35 | 000,034,105 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMG_0285_2.jpg
[2012/12/07 23:16:41 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Inwardly Without Identity - Mooji - Global One TV Multimedia for Mystics.url
[2012/12/07 23:15:09 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\photography assignments for beginners - Google Search.url
[2012/12/07 23:15:01 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Weekly Photography Assignments.url
[2012/12/07 23:14:42 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fun With Photography - Water Balloons.url
[2012/12/06 23:29:06 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/06 20:01:55 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/12/02 07:18:01 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 21:02:02 | 000,005,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 08:53:27 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/28 20:15:44 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 11:57:22 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 11:19:19 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/28 10:46:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/28 08:40:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/28 05:39:58 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/28 05:16:11 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Home.url
[2012/11/28 04:15:37 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tower Laboratories Pauling Therapy Store Home Page.url
[2012/11/27 20:36:16 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/25 10:23:02 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:55 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:47 | 001,133,113 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/19 08:28:07 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/19 08:28:05 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/19 08:20:06 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/12/18 01:08:36 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/12/17 20:01:34 | 000,049,894 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fireonthewater.jpg
[2012/12/17 11:25:44 | 000,013,581 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\night.jpg
[2012/12/17 11:25:02 | 000,012,125 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fire.jpg
[2012/12/17 07:44:10 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/16 05:55:51 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/12/15 21:39:22 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/12/15 21:39:22 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/12/15 21:38:57 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/12/15 21:38:57 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media Player.lnk
[2012/12/15 21:38:57 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2012/12/15 20:57:51 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/12/15 20:01:38 | 000,060,416 | ---- | C] () -- C:\WINDOWS\NIRCMD.exe
[2012/12/14 17:58:19 | 000,001,482 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/12 03:24:51 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/12/09 15:28:59 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/08 08:19:35 | 000,034,105 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMG_0285_2.jpg
[2012/12/07 23:16:39 | 000,002,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Inwardly Without Identity - Mooji - Global One TV Multimedia for Mystics.url
[2012/12/07 23:15:09 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\photography assignments for beginners - Google Search.url
[2012/12/07 23:15:01 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Weekly Photography Assignments.url
[2012/12/07 23:14:42 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fun With Photography - Water Balloons.url
[2012/12/06 21:50:24 | 000,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2012/12/06 20:01:55 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/12/02 16:35:13 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malware-Virus Removal.url
[2012/12/02 07:18:01 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Merck Veterinary Manual.url
[2012/12/01 23:23:03 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Canon PowerShot S2 IS Review Digital Camera Resource Page.url
[2012/12/01 08:53:35 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The 15 Most Popular Photography Tutorials from the 2nd Half of 2012.url
[2012/12/01 08:53:26 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Best of dPS Have You Read these 15 Popular Photography Tutorials Yet.url
[2012/12/01 08:53:20 | 000,005,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\17 Beautiful Images with Shallow Depth of Field.url
[2012/12/01 06:16:17 | 000,001,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Transfer Prints To Wood.url
[2012/11/30 21:09:03 | 000,000,202 | ---- | C] () -- C:\Boot.bak
[2012/11/30 21:09:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/30 21:06:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/30 21:06:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/30 21:06:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/30 21:06:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/30 21:06:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/28 20:15:44 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2012/11/28 20:15:44 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2012/11/28 20:14:53 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2012/11/28 11:57:22 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/11/28 10:41:02 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Recovery (Repair) Environment (WinRE).url
[2012/11/27 20:36:16 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Night In The Opera.lnk
[2012/11/25 10:23:01 | 000,001,025 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Downton Abbey Revisited.url
[2012/11/21 20:18:54 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PBS Public Broadcasting Service.url
[2012/11/21 19:09:41 | 001,133,113 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Chicago-Plan.pdf
[2012/03/15 20:38:13 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/02/14 22:09:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/28 15:17:55 | 000,001,582 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/10/15 19:07:59 | 002,463,996 | ---- | C] () -- C:\Documents and Settings\Owner\canaon basic.pdf
[2011/10/15 19:07:58 | 003,295,971 | ---- | C] () -- C:\Documents and Settings\Owner\Canon Manual.pdf
[2011/09/23 10:53:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/10 05:55:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2011/08/27 15:52:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\settings.dat
[2011/08/18 22:50:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/18 22:50:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/07 19:43:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/12/31 12:32:22 | 000,109,921 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/12/31 12:32:21 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/12/31 12:01:00 | 000,086,410 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/12/31 11:56:29 | 000,109,947 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2010/12/31 11:56:29 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2010/11/08 09:40:18 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/30 19:01:55 | 000,015,122 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/06 05:56:01 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Owner\AddressBook
[2010/05/20 15:32:08 | 000,005,790 | R--- | C] () -- C:\Program Files\EULA.nor
[2010/04/14 06:20:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2009/01/09 18:07:22 | 000,007,547 | R--- | C] () -- C:\Program Files\EULA.ger
[2009/01/09 18:07:22 | 000,006,808 | R--- | C] () -- C:\Program Files\EULA.itn
[2009/01/09 18:07:22 | 000,006,748 | R--- | C] () -- C:\Program Files\EULA.rus
[2009/01/09 18:07:22 | 000,006,668 | R--- | C] () -- C:\Program Files\EULA.pol
[2009/01/09 18:07:22 | 000,006,300 | R--- | C] () -- C:\Program Files\EULA.spa
[2009/01/09 18:07:22 | 000,006,120 | R--- | C] () -- C:\Program Files\EULA.dut
[2009/01/09 18:07:22 | 000,005,968 | R--- | C] () -- C:\Program Files\EULA.frn
[2009/01/09 18:07:22 | 000,005,461 | R--- | C] () -- C:\Program Files\EULA.swe
[2009/01/09 18:07:22 | 000,005,452 | R--- | C] () -- C:\Program Files\EULA.brz
[2009/01/09 18:07:22 | 000,005,304 | R--- | C] () -- C:\Program Files\EULA.cze
[2009/01/09 18:07:22 | 000,005,237 | R--- | C] () -- C:\Program Files\EULA.jpn
[2009/01/09 18:07:22 | 000,004,849 | R--- | C] () -- C:\Program Files\EULA.eng
[2009/01/09 18:07:22 | 000,004,711 | R--- | C] () -- C:\Program Files\EULA.kor
[2009/01/09 18:07:22 | 000,003,380 | R--- | C] () -- C:\Program Files\EULA.cht
[2009/01/09 18:07:22 | 000,003,345 | R--- | C] () -- C:\Program Files\EULA.chs

========== ZeroAccess Check ==========

[2005/01/09 19:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/28 20:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/11/03 14:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/12/06 20:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/10/20 11:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/11/28 11:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/31 22:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/20 21:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlawarEntertainment
[2012/08/23 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amaranth Games
[2012/01/23 23:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2012/08/24 20:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amulet_of_time
[2012/11/27 20:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Angler
[2012/01/17 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ASCON
[2012/03/17 22:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Awem
[2012/07/12 10:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bluefive software
[2012/03/20 18:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.smallblueprinter.gardenPlanner3
[2012/03/15 20:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Daedalic Entertainment
[2012/08/31 20:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DragonsEye Studios
[2011/11/28 14:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2012/03/14 20:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EnchantedCavern
[2012/03/21 18:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gogii
[2011/04/28 07:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GoodSync
[2010/12/31 11:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2012/03/16 20:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\md studio
[2011/04/27 12:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2012/10/14 20:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlataGames
[2011/11/19 20:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2012/01/17 18:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PTC
[2011/11/07 20:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Recordpad
[2012/09/03 08:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RoboForm
[2012/10/20 08:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2012/01/17 11:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2010/10/30 19:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2012/08/24 21:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\The Drama Queen Murder
[2012/11/01 05:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent
[2012/11/30 07:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinZip

========== Purity Check ==========

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Have you seen any improvement since the last action?


----------



## jlski (Dec 2, 2002)

I'm so sorry to say cookiegal, after downloading
, with the virus warnings it all went down hill again. Everything is extremely sluggish again.


----------



## Cookiegal (Aug 27, 2003)

Please remove the version of ComboFix that you have by dragging it to the Recycle Bin and grab the latest version, disable security programs. run a new scan and post the new log.

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## jlski (Dec 2, 2002)

I'm ready to pull my hair out.  
i've followed your instructions and get the same results. Please see attachment.


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## jlski (Dec 2, 2002)

16:40:14.0393 1056 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:40:15.0158 1056 ============================================================
16:40:15.0158 1056 Current date / time: 2012/11/30 16:40:15.0158
16:40:15.0158 1056 SystemInfo:
16:40:15.0158 1056 
16:40:15.0158 1056 OS Version: 5.1.2600 ServicePack: 3.0
16:40:15.0158 1056 Product type: Workstation
16:40:15.0158 1056 ComputerName: JERRYSCOMP
16:40:15.0158 1056 UserName: Owner
16:40:15.0158 1056 Windows directory: C:\WINDOWS
16:40:15.0158 1056 System windows directory: C:\WINDOWS
16:40:15.0158 1056 Processor architecture: Intel x86
16:40:15.0158 1056 Number of processors: 1
16:40:15.0158 1056 Page size: 0x1000
16:40:15.0158 1056 Boot type: Normal boot
16:40:15.0158 1056 ============================================================
16:40:16.0768 1056 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:40:16.0862 1056 ============================================================
16:40:16.0862 1056 \Device\Harddisk0\DR0:
16:40:16.0893 1056 MBR partitions:
16:40:16.0893 1056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x80344B, BlocksNum 0x12ABD66B
16:40:16.0893 1056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x80340C
16:40:16.0893 1056 ============================================================
16:40:16.0940 1056 C: <-> \Device\Harddisk0\DR0\Partition1
16:40:16.0940 1056 D: <-> \Device\Harddisk0\DR0\Partition2
16:40:16.0940 1056 ============================================================
16:40:16.0940 1056 Initialize success
16:40:16.0940 1056 ============================================================
16:40:19.0080 2148 ============================================================
16:40:19.0080 2148 Scan started
16:40:19.0080 2148 Mode: Manual; 
16:40:19.0080 2148 ============================================================
16:40:20.0908 2148 ================ Scan system memory ========================
16:40:20.0924 2148  System memory - ok
16:40:20.0924 2148 ================ Scan services =============================
16:40:21.0065 2148 Abiosdsk - ok
16:40:21.0112 2148 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:40:21.0112 2148 abp480n5 - ok
16:40:21.0158 2148 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:40:21.0158 2148 ACPI - ok
16:40:21.0190 2148 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:40:21.0190 2148 ACPIEC - ok
16:40:21.0471 2148 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:40:21.0471 2148 AdobeFlashPlayerUpdateSvc - ok
16:40:21.0502 2148 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:40:21.0502 2148 adpu160m - ok
16:40:21.0549 2148 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:40:21.0565 2148 aec - ok
16:40:21.0612 2148 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:40:21.0612 2148 AFD - ok
16:40:21.0643 2148 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:40:21.0643 2148 agp440 - ok
16:40:21.0658 2148 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:40:21.0674 2148 agpCPQ - ok
16:40:21.0690 2148 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:40:21.0690 2148 Aha154x - ok
16:40:21.0705 2148 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:40:21.0705 2148 aic78u2 - ok
16:40:21.0721 2148 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:40:21.0737 2148 aic78xx - ok
16:40:21.0783 2148 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:40:21.0799 2148 Alerter - ok
16:40:21.0830 2148 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:40:21.0830 2148 ALG - ok
16:40:21.0846 2148 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
16:40:21.0862 2148 AliIde - ok
16:40:21.0877 2148 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:40:21.0877 2148 alim1541 - ok
16:40:21.0908 2148 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:40:21.0908 2148 amdagp - ok
16:40:21.0940 2148 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
16:40:21.0940 2148 amsint - ok
16:40:21.0987 2148 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:40:21.0987 2148 AppMgmt - ok
16:40:22.0018 2148 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
16:40:22.0018 2148 asc - ok
16:40:22.0033 2148 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:40:22.0049 2148 asc3350p - ok
16:40:22.0065 2148 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:40:22.0065 2148 asc3550 - ok
16:40:22.0190 2148 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:40:22.0221 2148 aspnet_state - ok
16:40:22.0252 2148 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:40:22.0268 2148 AsyncMac - ok
16:40:22.0283 2148 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:40:22.0283 2148 atapi - ok
16:40:22.0299 2148 Atdisk - ok
16:40:22.0362 2148 [ 1D4EDB435C59BA0193683739A95E59A6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:40:22.0471 2148 Ati HotKey Poller - ok
16:40:22.0518 2148 [ 2DA0A78E4BB2EB8722FF696E580A0DB9 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
16:40:22.0643 2148 ATI Smart - ok
16:40:22.0768 2148 [ 1CABA9EA8ADC5E9A5EBA3882F6A90F9B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:40:22.0940 2148 ati2mtag - ok
16:40:22.0971 2148 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:40:22.0971 2148 Atmarpc - ok
16:40:23.0018 2148 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:40:23.0018 2148 AudioSrv - ok
16:40:23.0065 2148 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:40:23.0065 2148 audstub - ok
16:40:23.0127 2148 [ B9391A83F075351C923C3A37C53AF396 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:40:23.0143 2148 b57w2k - ok
16:40:23.0158 2148 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:40:23.0174 2148 Beep - ok
16:40:23.0221 2148 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:40:23.0268 2148 BITS - ok
16:40:23.0315 2148 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:40:23.0393 2148 Browser - ok
16:40:23.0596 2148 [ 83DE1ABA61074DA70F5011D28610B18D ] Browser Manager C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
16:40:23.0627 2148 Browser Manager - ok
16:40:23.0674 2148 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:40:23.0690 2148 cbidf - ok
16:40:23.0705 2148 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:40:23.0705 2148 cbidf2k - ok
16:40:23.0721 2148 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:40:23.0721 2148 cd20xrnt - ok
16:40:23.0752 2148 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:40:23.0768 2148 Cdaudio - ok
16:40:23.0783 2148 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:40:23.0799 2148 Cdfs - ok
16:40:23.0830 2148 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:40:23.0830 2148 Cdrom - ok
16:40:23.0846 2148 Changer - ok
16:40:23.0893 2148 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:40:23.0893 2148 CiSvc - ok
16:40:23.0924 2148 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:40:23.0940 2148 ClipSrv - ok
16:40:24.0018 2148 [ 56139566E462C1FB1775E140D4EE6B22 ] CLPSLS C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
16:40:24.0018 2148 CLPSLS - ok
16:40:24.0065 2148 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:40:24.0158 2148 clr_optimization_v2.0.50727_32 - ok
16:40:24.0268 2148 [ 2A2D72271844C52F004901A60312B96A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
16:40:24.0315 2148 cmdAgent - ok
16:40:24.0362 2148 [ 26F9E72754B2DBC53977E92B647A6ABA ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
16:40:24.0455 2148 cmderd - ok
16:40:24.0471 2148 [ 9181CC4D007ADBE21DB9A11BFECAFEF5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
16:40:24.0596 2148 cmdGuard - ok
16:40:24.0643 2148 [ C5A9FB50E8CA7FD99F256255FEE71580 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
16:40:24.0721 2148 cmdHlp - ok
16:40:24.0768 2148 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:40:24.0768 2148 CmdIde - ok
16:40:24.0783 2148 COMSysApp - ok
16:40:24.0815 2148 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:40:24.0815 2148 Cpqarray - ok
16:40:24.0862 2148 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
16:40:24.0955 2148 cpudrv - ok
16:40:25.0002 2148 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:40:25.0002 2148 CryptSvc - ok
16:40:25.0033 2148 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:40:25.0033 2148 dac2w2k - ok
16:40:25.0049 2148 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:40:25.0049 2148 dac960nt - ok
16:40:25.0112 2148 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:40:25.0112 2148 DcomLaunch - ok
16:40:25.0158 2148 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:40:25.0158 2148 Dhcp - ok
16:40:25.0190 2148 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:40:25.0205 2148 Disk - ok
16:40:25.0221 2148 dmadmin - ok
16:40:25.0283 2148 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:40:25.0299 2148 dmboot - ok
16:40:25.0346 2148 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:40:25.0346 2148 dmio - ok
16:40:25.0377 2148 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:40:25.0377 2148 dmload - ok
16:40:25.0408 2148 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:40:25.0408 2148 dmserver - ok
16:40:25.0440 2148 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:40:25.0440 2148 DMusic - ok
16:40:25.0487 2148 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:40:25.0487 2148 Dnscache - ok
16:40:25.0549 2148 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:40:25.0565 2148 Dot3svc - ok
16:40:25.0596 2148 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:40:25.0596 2148 dpti2o - ok
16:40:25.0752 2148 [ 7D78A1AE39A95A22A8184907898EE019 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
16:40:25.0924 2148 DragonUpdater - ok
16:40:25.0971 2148 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:40:25.0971 2148 drmkaud - ok
16:40:26.0033 2148 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:40:26.0033 2148 EapHost - ok
16:40:26.0096 2148 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
16:40:26.0112 2148 ehRecvr - ok
16:40:26.0158 2148 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
16:40:26.0190 2148 ehSched - ok
16:40:26.0237 2148 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:40:26.0237 2148 ERSvc - ok
16:40:26.0283 2148 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:40:26.0283 2148 Eventlog - ok
16:40:26.0346 2148 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:40:26.0362 2148 EventSystem - ok
16:40:26.0393 2148 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:40:26.0393 2148 Fastfat - ok
16:40:26.0440 2148 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:40:26.0455 2148 FastUserSwitchingCompatibility - ok
16:40:26.0487 2148 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:40:26.0487 2148 Fdc - ok
16:40:26.0580 2148 [ 5FF231E6C44DE1546F79CE44E21B1BBA ] File Backup C:\Program Files\Workspace\offSyncService.exe
16:40:26.0737 2148 File Backup - ok
16:40:26.0768 2148 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:40:26.0783 2148 Fips - ok
16:40:26.0815 2148 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:40:26.0815 2148 Flpydisk - ok
16:40:26.0862 2148 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:40:26.0862 2148 FltMgr - ok
16:40:26.0924 2148 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:40:26.0940 2148 FontCache3.0.0.0 - ok
16:40:26.0971 2148 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:40:26.0971 2148 Fs_Rec - ok
16:40:27.0018 2148 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:40:27.0018 2148 Ftdisk - ok
16:40:27.0033 2148 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:40:27.0049 2148 Gpc - ok
16:40:27.0174 2148 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:40:27.0174 2148 gupdate - ok
16:40:27.0252 2148 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:40:27.0252 2148 gupdatem - ok
16:40:27.0268 2148 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:40:27.0283 2148 HDAudBus - ok
16:40:27.0377 2148 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:40:27.0377 2148 helpsvc - ok
16:40:27.0408 2148 HidServ - ok
16:40:27.0455 2148 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:40:27.0455 2148 HidUsb - ok
16:40:27.0502 2148 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:40:27.0502 2148 hkmsvc - ok
16:40:27.0549 2148 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
16:40:27.0565 2148 hpn - ok
16:40:27.0596 2148 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:40:27.0612 2148 HPZid412 - ok
16:40:27.0643 2148 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:40:27.0643 2148 HPZipr12 - ok
16:40:27.0690 2148 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:40:27.0690 2148 HPZius12 - ok
16:40:27.0737 2148 [ C02DC9D4358E43D088F2061C2B2BF30E ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:40:27.0862 2148 HSFHWBS2 - ok
16:40:27.0924 2148 [ CBF6831420A97E8FBB91E5F52B707EF7 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:40:28.0065 2148 HSF_DPV - ok
16:40:28.0112 2148 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:40:28.0127 2148 HTTP - ok
16:40:28.0174 2148 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:40:28.0174 2148 HTTPFilter - ok
16:40:28.0205 2148 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:40:28.0205 2148 i2omgmt - ok
16:40:28.0237 2148 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:40:28.0237 2148 i2omp - ok
16:40:28.0268 2148 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:40:28.0268 2148 i8042prt - ok
16:40:28.0330 2148 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
16:40:28.0362 2148 iaStor - ok
16:40:28.0440 2148 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:40:28.0471 2148 idsvc - ok
16:40:28.0518 2148 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:40:28.0518 2148 Imapi - ok
16:40:28.0565 2148 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:40:28.0580 2148 ImapiService - ok
16:40:28.0612 2148 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:40:28.0627 2148 ini910u - ok
16:40:28.0674 2148 [ E1DF634BEC066B3D4FFE437BCB78C282 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
16:40:28.0768 2148 Inspect - ok
16:40:28.0955 2148 [ 2389F12F0ED506176B7C29C8144CEA09 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:40:29.0205 2148 IntcAzAudAddService - ok
16:40:29.0237 2148 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:40:29.0237 2148 IntelIde - ok
16:40:29.0283 2148 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:40:29.0283 2148 intelppm - ok
16:40:29.0330 2148 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:40:29.0330 2148 Ip6Fw - ok
16:40:29.0377 2148 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:40:29.0377 2148 IpFilterDriver - ok
16:40:29.0408 2148 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:40:29.0408 2148 IpInIp - ok
16:40:29.0440 2148 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:40:29.0440 2148 IpNat - ok
16:40:29.0471 2148 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:40:29.0471 2148 IPSec - ok
16:40:29.0502 2148 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:40:29.0502 2148 IRENUM - ok
16:40:29.0565 2148 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:40:29.0565 2148 isapnp - ok
16:40:29.0690 2148 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:40:29.0690 2148 JavaQuickStarterService - ok
16:40:29.0737 2148 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:40:29.0752 2148 Kbdclass - ok
16:40:29.0799 2148 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:40:29.0799 2148 kmixer - ok
16:40:29.0830 2148 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:40:29.0830 2148 KSecDD - ok
16:40:29.0877 2148 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:40:30.0002 2148 lanmanserver - ok
16:40:30.0049 2148 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:40:30.0049 2148 lanmanworkstation - ok
16:40:30.0080 2148 Lavasoft Kernexplorer - ok
16:40:30.0096 2148 lbrtfdc - ok
16:40:30.0158 2148 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:40:30.0158 2148 LmHosts - ok
16:40:30.0237 2148 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
16:40:30.0377 2148 MatSvc - ok
16:40:30.0440 2148 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
16:40:30.0440 2148 McrdSvc - ok
16:40:30.0471 2148 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:40:30.0471 2148 mdmxsdk - ok
16:40:30.0518 2148 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:40:30.0518 2148 Messenger - ok
16:40:30.0580 2148 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
16:40:30.0580 2148 MHN - ok
16:40:30.0627 2148 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:40:30.0627 2148 MHNDRV - ok
16:40:30.0690 2148 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:40:30.0690 2148 mnmdd - ok
16:40:30.0737 2148 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:40:30.0737 2148 mnmsrvc - ok
16:40:30.0783 2148 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:40:30.0799 2148 Modem - ok
16:40:30.0815 2148 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:40:30.0815 2148 Mouclass - ok
16:40:30.0846 2148 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:40:30.0846 2148 mouhid - ok
16:40:30.0908 2148 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:40:30.0908 2148 MountMgr - ok
16:40:30.0924 2148 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:40:30.0924 2148 mraid35x - ok
16:40:30.0955 2148 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:40:30.0955 2148 MRxDAV - ok
16:40:31.0002 2148 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:40:31.0018 2148 MRxSmb - ok
16:40:31.0049 2148 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:40:31.0049 2148 MSDTC - ok
16:40:31.0080 2148 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:40:31.0080 2148 Msfs - ok
16:40:31.0096 2148 MSIServer - ok
16:40:31.0143 2148 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:40:31.0143 2148 MSKSSRV - ok
16:40:31.0174 2148 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:40:31.0174 2148 MSPCLOCK - ok
16:40:31.0205 2148 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:40:31.0205 2148 MSPQM - ok
16:40:31.0237 2148 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:40:31.0237 2148 mssmbios - ok
16:40:31.0268 2148 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:40:31.0362 2148 Mup - ok
16:40:31.0408 2148 [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic C:\WINDOWS\system32\DRIVERS\mxnic.sys
16:40:31.0408 2148 mxnic - ok
16:40:31.0471 2148 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:40:31.0487 2148 napagent - ok
16:40:31.0518 2148 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:40:31.0518 2148 NDIS - ok
16:40:31.0580 2148 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:40:31.0580 2148 NdisTapi - ok
16:40:31.0627 2148 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:40:31.0627 2148 Ndisuio - ok
16:40:31.0690 2148 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:40:31.0690 2148 NdisWan - ok
16:40:31.0737 2148 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:40:31.0815 2148 NDProxy - ok
16:40:31.0862 2148 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:40:31.0862 2148 NetBIOS - ok
16:40:31.0893 2148 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:40:31.0893 2148 NetBT - ok
16:40:31.0940 2148 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:40:31.0940 2148 NetDDE - ok
16:40:31.0955 2148 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:40:31.0971 2148 NetDDEdsdm - ok
16:40:32.0018 2148 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:40:32.0018 2148 Netlogon - ok
16:40:32.0049 2148 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:40:32.0065 2148 Netman - ok
16:40:32.0112 2148 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:40:32.0112 2148 NetTcpPortSharing - ok
16:40:32.0174 2148 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:40:32.0190 2148 Nla - ok
16:40:32.0237 2148 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:40:32.0237 2148 Npfs - ok
16:40:32.0268 2148 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:40:32.0283 2148 Ntfs - ok
16:40:32.0299 2148 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:40:32.0315 2148 NtLmSsp - ok
16:40:32.0362 2148 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:40:32.0377 2148 NtmsSvc - ok
16:40:32.0424 2148 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:40:32.0424 2148 Null - ok
16:40:32.0518 2148 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:40:32.0565 2148 nv - ok
16:40:32.0612 2148 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:40:32.0627 2148 NwlnkFlt - ok
16:40:32.0690 2148 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:40:32.0690 2148 NwlnkFwd - ok
16:40:32.0721 2148 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
16:40:32.0721 2148 P3 - ok
16:40:32.0768 2148 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:40:32.0783 2148 Parport - ok
16:40:32.0815 2148 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:40:32.0830 2148 PartMgr - ok
16:40:32.0877 2148 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:40:32.0877 2148 ParVdm - ok
16:40:32.0908 2148 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:40:32.0908 2148 PCI - ok
16:40:32.0924 2148 PCIDump - ok
16:40:32.0940 2148 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:40:32.0940 2148 PCIIde - ok
16:40:32.0987 2148 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:40:32.0987 2148 Pcmcia - ok
16:40:33.0002 2148 PDCOMP - ok
16:40:33.0018 2148 PDFRAME - ok
16:40:33.0049 2148 PDRELI - ok
16:40:33.0065 2148 PDRFRAME - ok
16:40:33.0096 2148 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
16:40:33.0096 2148 perc2 - ok
16:40:33.0112 2148 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:40:33.0112 2148 perc2hib - ok
16:40:33.0190 2148 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:40:33.0205 2148 PlugPlay - ok
16:40:33.0252 2148 [ A38B3CE68E7F126190CDE4AA3FDF050F ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
16:40:33.0252 2148 Pml Driver HPZ12 - ok
16:40:33.0283 2148 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:40:33.0283 2148 PolicyAgent - ok
16:40:33.0315 2148 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:40:33.0330 2148 PptpMiniport - ok
16:40:33.0408 2148 [ 33D7285F12D934268A34206DFC4AD1B3 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
16:40:33.0502 2148 PrismXL - ok
16:40:33.0533 2148 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:40:33.0533 2148 ProtectedStorage - ok
16:40:33.0565 2148 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:40:33.0565 2148 PSched - ok
16:40:33.0612 2148 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:40:33.0612 2148 Ptilink - ok
16:40:33.0658 2148 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:40:33.0658 2148 ql1080 - ok
16:40:33.0674 2148 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:40:33.0674 2148 Ql10wnt - ok
16:40:33.0705 2148 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:40:33.0705 2148 ql12160 - ok
16:40:33.0721 2148 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:40:33.0721 2148 ql1240 - ok
16:40:33.0752 2148 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:40:33.0752 2148 ql1280 - ok
16:40:33.0799 2148 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:40:33.0799 2148 RasAcd - ok
16:40:33.0846 2148 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:40:33.0846 2148 RasAuto - ok
16:40:33.0877 2148 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:40:33.0877 2148 Rasl2tp - ok
16:40:33.0940 2148 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:40:33.0940 2148 RasMan - ok
16:40:33.0971 2148 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:40:33.0971 2148 RasPppoe - ok
16:40:33.0987 2148 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:40:33.0987 2148 Raspti - ok
16:40:34.0018 2148 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:40:34.0033 2148 Rdbss - ok
16:40:34.0049 2148 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:40:34.0049 2148 RDPCDD - ok
16:40:34.0127 2148 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:40:34.0127 2148 rdpdr - ok
16:40:34.0190 2148 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:40:34.0283 2148 RDPWD - ok
16:40:34.0330 2148 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:40:34.0330 2148 RDSessMgr - ok
16:40:34.0362 2148 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:40:34.0362 2148 redbook - ok
16:40:34.0424 2148 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:40:34.0424 2148 RemoteAccess - ok
16:40:34.0471 2148 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:40:34.0487 2148 RemoteRegistry - ok
16:40:34.0518 2148 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:40:34.0518 2148 RpcLocator - ok
16:40:34.0565 2148 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:40:34.0565 2148 RpcSs - ok
16:40:34.0612 2148 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:40:34.0612 2148 RSVP - ok
16:40:34.0658 2148 [ 7988BFE882BCD94199225B5C3482F1BD ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:40:34.0658 2148 RTL8023xp - ok
16:40:34.0721 2148 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:40:34.0737 2148 rtl8139 - ok
16:40:34.0783 2148 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:40:34.0783 2148 SamSs - ok
16:40:34.0846 2148 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:40:34.0862 2148 SASDIFSV - ok
16:40:34.0877 2148 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:40:34.0893 2148 SASKUTIL - ok
16:40:34.0940 2148 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:40:34.0940 2148 SCardSvr - ok
16:40:35.0002 2148 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:40:35.0002 2148 Schedule - ok
16:40:35.0065 2148 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:40:35.0065 2148 Secdrv - ok
16:40:35.0112 2148 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:40:35.0127 2148 seclogon - ok
16:40:35.0143 2148 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:40:35.0158 2148 SENS - ok
16:40:35.0190 2148 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:40:35.0190 2148 Serenum - ok
16:40:35.0221 2148 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:40:35.0221 2148 Serial - ok
16:40:35.0283 2148 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:40:35.0283 2148 Sfloppy - ok
16:40:35.0330 2148 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:40:35.0346 2148 SharedAccess - ok
16:40:35.0393 2148 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:40:35.0393 2148 ShellHWDetection - ok
16:40:35.0408 2148 Simbad - ok
16:40:35.0440 2148 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:40:35.0440 2148 sisagp - ok
16:40:35.0502 2148 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:40:35.0502 2148 SkypeUpdate - ok
16:40:35.0533 2148 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:40:35.0533 2148 Sparrow - ok
16:40:35.0580 2148 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:40:35.0580 2148 splitter - ok
16:40:35.0627 2148 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:40:35.0705 2148 Spooler - ok
16:40:35.0752 2148 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:40:35.0752 2148 sr - ok
16:40:35.0799 2148 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:40:35.0815 2148 srservice - ok
16:40:35.0862 2148 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:40:35.0893 2148 Srv - ok
16:40:35.0908 2148 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:40:35.0908 2148 SSDPSRV - ok
16:40:35.0971 2148 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:40:35.0987 2148 stisvc - ok
16:40:36.0018 2148 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:40:36.0018 2148 swenum - ok
16:40:36.0033 2148 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:40:36.0049 2148 swmidi - ok
16:40:36.0065 2148 SwPrv - ok
16:40:36.0127 2148 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
16:40:36.0127 2148 symc810 - ok
16:40:36.0158 2148 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:40:36.0158 2148 symc8xx - ok
16:40:36.0174 2148 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:40:36.0174 2148 sym_hi - ok
16:40:36.0205 2148 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:40:36.0205 2148 sym_u3 - ok
16:40:36.0237 2148 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:40:36.0252 2148 sysaudio - ok
16:40:36.0299 2148 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:40:36.0299 2148 SysmonLog - ok
16:40:36.0330 2148 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:40:36.0346 2148 TapiSrv - ok
16:40:36.0408 2148 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:40:36.0424 2148 Tcpip - ok
16:40:36.0487 2148 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:40:36.0487 2148 TDPIPE - ok
16:40:36.0518 2148 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:40:36.0518 2148 TDTCP - ok
16:40:36.0549 2148 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:40:36.0549 2148 TermDD - ok
16:40:36.0596 2148 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:40:36.0612 2148 TermService - ok
16:40:36.0643 2148 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:40:36.0658 2148 Themes - ok
16:40:36.0705 2148 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:40:36.0705 2148 TlntSvr - ok
16:40:36.0768 2148 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
16:40:36.0783 2148 TosIde - ok
16:40:36.0830 2148 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:40:36.0830 2148 TrkWks - ok
16:40:36.0877 2148 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:40:36.0877 2148 Udfs - ok
16:40:36.0908 2148 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
16:40:36.0908 2148 ultra - ok
16:40:36.0971 2148 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:40:36.0987 2148 Update - ok
16:40:37.0033 2148 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:40:37.0049 2148 upnphost - ok
16:40:37.0096 2148 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:40:37.0096 2148 UPS - ok
16:40:37.0158 2148 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:40:37.0158 2148 usbaudio - ok
16:40:37.0205 2148 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:40:37.0205 2148 usbccgp - ok
16:40:37.0252 2148 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:40:37.0252 2148 usbehci - ok
16:40:37.0283 2148 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:40:37.0283 2148 usbhub - ok
16:40:37.0330 2148 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:40:37.0346 2148 usbohci - ok
16:40:37.0362 2148 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:40:37.0362 2148 usbprint - ok
16:40:37.0408 2148 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:40:37.0408 2148 usbscan - ok
16:40:37.0440 2148 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:40:37.0440 2148 usbstor - ok
16:40:37.0487 2148 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:40:37.0487 2148 usbuhci - ok
16:40:37.0502 2148 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:40:37.0502 2148 VgaSave - ok
16:40:37.0565 2148 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:40:37.0565 2148 viaagp - ok
16:40:37.0580 2148 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:40:37.0580 2148 ViaIde - ok
16:40:37.0612 2148 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:40:37.0612 2148 VolSnap - ok
16:40:37.0705 2148 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:40:37.0721 2148 VSS - ok
16:40:37.0768 2148 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:40:37.0768 2148 W32Time - ok
16:40:37.0799 2148 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:40:37.0799 2148 Wanarp - ok
16:40:37.0846 2148 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:40:37.0846 2148 wanatw - ok
16:40:37.0877 2148 WDICA - ok
16:40:37.0924 2148 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:40:37.0924 2148 wdmaud - ok
16:40:37.0955 2148 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:40:37.0955 2148 WebClient - ok
16:40:38.0002 2148 [ 59D043485A6EDA2ED2685C81489AE5BD ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:40:38.0143 2148 winachsf - ok
16:40:38.0237 2148 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:40:38.0237 2148 winmgmt - ok
16:40:38.0330 2148 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:40:38.0330 2148 WmdmPmSN - ok
16:40:38.0393 2148 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:40:38.0393 2148 Wmi - ok
16:40:38.0440 2148 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:40:38.0440 2148 WmiApSrv - ok
16:40:38.0549 2148 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:40:38.0565 2148 WMPNetworkSvc - ok
16:40:38.0627 2148 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:40:38.0643 2148 wscsvc - ok
16:40:38.0705 2148 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:40:38.0705 2148 wuauserv - ok
16:40:38.0768 2148 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:40:38.0768 2148 WudfPf - ok
16:40:38.0815 2148 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:40:38.0815 2148 WudfRd - ok
16:40:38.0846 2148 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:40:38.0846 2148 WudfSvc - ok
16:40:38.0924 2148 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:40:38.0940 2148 WZCSVC - ok
16:40:38.0987 2148 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:40:38.0987 2148 xmlprov - ok
16:40:39.0018 2148 ================ Scan global ===============================
16:40:39.0065 2148 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:40:39.0143 2148 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:40:39.0174 2148 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:40:39.0205 2148 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:40:39.0205 2148 [Global] - ok
16:40:39.0221 2148 ================ Scan MBR ==================================
16:40:39.0237 2148 [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
16:40:39.0424 2148 \Device\Harddisk0\DR0 - ok
16:40:39.0424 2148 ================ Scan VBR ==================================
16:40:39.0440 2148 [ 2CD4C026DE5D94093D8775AB054A6F64 ] \Device\Harddisk0\DR0\Partition1
16:40:39.0440 2148 \Device\Harddisk0\DR0\Partition1 - ok
16:40:39.0440 2148 [ 7D165E2C4BBAE7A5A21B8D651EDB0D45 ] \Device\Harddisk0\DR0\Partition2
16:40:39.0440 2148 \Device\Harddisk0\DR0\Partition2 - ok
16:40:39.0455 2148 ============================================================
16:40:39.0455 2148 Scan finished
16:40:39.0455 2148 ============================================================
16:40:39.0471 1508 Detected object count: 0
16:40:39.0471 1508 Actual detected object count: 0
16:42:22.0705 3428 Deinitialize success


----------



## Cookiegal (Aug 27, 2003)

Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## jlski (Dec 2, 2002)

RogueKiller V8.4.1 [Dec 24 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 12/24/2012 12:05:36

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDT722516DLAT80 +++++
--- User ---
[MBR] d90e6805366b0e7fa8701a4ee1fe39c5
[BSP] dfad42d9922357038cb44612ca38bbe6 : Legit2 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 8401995 | Size: 152954 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 4102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
--- User ---
[MBR] 11740649cbee101426f8a272d3669f07
[BSP] 7208b105e661849d4a48c279d3177d8d : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 137 | Size: 1875 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12242012_02d1205.txt >>
RKreport[1]_S_12242012_02d1205.txt


----------



## Cookiegal (Aug 27, 2003)

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## jlski (Dec 2, 2002)

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-27 20:52:57
-----------------------------
20:52:57.265 OS Version: Windows 5.1.2600 Service Pack 3
20:52:57.265 Number of processors: 1 586 0x604
20:52:57.265 ComputerName: JERRYSCOMP UserName: Owner
20:53:14.234 Initialize success
20:54:15.359 AVAST engine download error: 0
20:55:43.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
20:55:43.187 Disk 0 Vendor: HDT722516DLAT80 V43OA96A Size: 157066MB BusType: 3
20:55:43.281 Disk 0 MBR read successfully
20:55:43.281 Disk 0 MBR scan
20:55:43.281 Disk 0 unknown MBR code
20:55:43.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152954 MB offset 8401995
20:55:43.375 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4102 MB offset 63
20:55:43.437 Disk 0 scanning sectors +321653430
20:55:43.609 Disk 0 scanning C:\WINDOWS\system32\drivers
20:56:44.453 Service scanning
20:57:43.578 Modules scanning
20:58:58.468 Disk 0 trace - called modules:
20:58:58.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
20:58:58.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85564ab8]
20:58:58.500 3 CLASSPNP.SYS[f7682fd7] -> nt!IofCallDriver -> \Device\00000087[0x855822f0]
20:58:58.500 5 ACPI.sys[f7499620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-16[0x855d0940]
20:58:58.500 Scan finished successfully
21:06:53.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
21:06:53.484 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

That looks fine. Can you tell me what the symptoms are please?


----------



## jlski (Dec 2, 2002)

Google was really operating badly and a lot of shock wave crash, slowness and hanging up. As it turns out that was a problem with Google having it's own shockwave built in and trying to run from the one on my OS. I disabled shockwave within Google now everything seems to be fine.


----------



## Cookiegal (Aug 27, 2003)

OK, great. 

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging into to sites that you use on your computer as a precaution.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Please open OTS again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## jlski (Dec 2, 2002)

I didn't think google would ever come up and System Restore won't display/come up.


----------



## jlski (Dec 2, 2002)

I tried to Create a Restore Point in safemode but it did not give that option. After rebooting the second time I was able to create a restore point.


----------



## Cookiegal (Aug 27, 2003)

When you say "Google" do you mean the search engine's web page or the browser "Chrome"?

Is everything OK now?


----------



## jlski (Dec 2, 2002)

Google Chrome still sluggish. Other than that everything seems to be OK.


----------



## Cookiegal (Aug 27, 2003)

I would try uninstalling Chrome and reinstalling it.


----------



## jlski (Dec 2, 2002)

I did try that and apparently disabling Shockwave worked for a bit but now is crashing all the time. Once again it seems something else is controlling my browsers. Very slow again hanging up...you name it.


----------



## Cookiegal (Aug 27, 2003)

Are all browsers affected or just Chrome?


----------



## jlski (Dec 2, 2002)

Sorry cookiegal. After re installing google chrome I forgot to disable google chromes internal shockwave. All is well now.


----------



## Cookiegal (Aug 27, 2003)

I've seen others having problems with pepperflash. Best to go with Adobe.


----------



## jlski (Dec 2, 2002)

I have always used adobe and never had a problem until google. It's a give and take world. You want me to leave the ticket open for a few days to get a better idea as to how things are over all?


----------



## Cookiegal (Aug 27, 2003)

Sure. Please post back here if you have any further problems over the next few days.


----------



## jlski (Dec 2, 2002)

Thank you cookiegal. That will give you a break from us.  Have a happy New Year.


----------



## Cookiegal (Aug 27, 2003)

Awwww come one. We were just getting started.  

Happy New Year to you too.


----------



## jlski (Dec 2, 2002)

Hi cookiiegal. Hope your holidays were the best ever.

I have to report back unfortunately. Google Chrome is extremely slow to initialize and if left idle for a period of time , it does not want to respond for several seconds. Also if closing down a page it just sets there for several seconds. When accessing links (programs or internet) from my desktop they way way to slow to initialize.


----------



## Cookiegal (Aug 27, 2003)

Try running Chrome in incognito mode which disables add-ons and plug-ins to see if one of those may be causing the problem. To do that, use Ctrl+Shift+N on your keyboard to open a new window in incognito mode. Close all other Chrome windows and use only this one to access things and let me know if there's any difference.


----------



## jlski (Dec 2, 2002)

Hello cookiegal, sorry but I have been away. Using incognito did not help. Also I was downloading a photo editing program and without my ok it installed a program called Strongvault. I tried uninstalling it with the Add/Remove programs which did not work. So, I went into the program folder to delete the files and folder. However, there were two files it would not allow access. Now no matter what I do are what icon I click on Strongvault tries to reinstall itself. It also changed my home page and search engine preference with no way to revert back.


----------



## Cookiegal (Aug 27, 2003)

You shouldn't be downloading or installing anything other than what you're instructed to do during this process as it will make things more difficult.

Run OTL again please and post the log.


----------



## jlski (Dec 2, 2002)

I will certainly not do that again till we are finished. 

OTL logfile created on: 1/22/2013 8:00:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop\Computer Cleanup
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.59 Mb Total Physical Memory | 165.67 Mb Available Physical Memory | 18.54% Memory free
2.11 Gb Paging File | 1.31 Gb Available in Paging File | 61.88% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.37 Gb Total Space | 108.75 Gb Free Space | 72.81% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 1.39 Gb Free Space | 34.71% Space Free | Partition Type: FAT32
Drive F: | 1.83 Gb Total Space | 1.79 Gb Free Space | 97.72% Space Free | Partition Type: FAT
Drive J: | 7.45 Gb Total Space | 2.60 Gb Free Space | 34.93% Space Free | Partition Type: FAT32

Computer Name: JERRYSCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/16 10:31:31 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/01/16 08:19:16 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
PRC - [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/12/21 06:11:04 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/16 05:53:23 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Computer Cleanup\OTL.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/14 00:04:22 | 000,568,832 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2012/09/14 17:54:12 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 19:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/16 08:19:16 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
MOD - [2013/01/09 07:34:05 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/07 18:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/07 18:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013/01/07 18:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/07 18:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012/12/16 05:53:23 | 000,274,704 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll
MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/11/14 18:41:18 | 004,537,856 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll
MOD - [2012/11/14 18:41:18 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll
MOD - [2012/11/14 00:04:22 | 000,568,832 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/01/18 06:58:29 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/16 08:19:16 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/12/16 05:53:23 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/14 00:04:22 | 000,568,832 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/21 17:53:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/12/16 05:53:23 | 000,132,296 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2012/12/16 05:53:23 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/12/16 05:53:23 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2006/04/06 00:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/01/18 04:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 07:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 18:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/16 18:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/16 18:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.roboform.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{090F55E8-FB85-465B-9F91-F3B22DC17939}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_en
IE - HKCU\..\SearchScopes\{161CE5A3-5CAB-48A3-8538-EE949896E6FA}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{4EE32D15-65AB-409B-AAEC-26208C52A67C}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{A1BA6E36-5D80-49D3-B80B-DD84E69A85B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121250,6900,0,5,0
IE - HKCU\..\SearchScopes\{CDD4F616-9BF2-4E6D-8460-73D49EF70E41}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=91AD6A88-13B1-4453-B562-E522C9210DD3&apn_sauid=C27CB996-DAFE-4308-9AC7-808CEE93C0F8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/19 08:19:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/19 08:19:56 | 000,000,000 | ---D | M]

[2011/11/03 04:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npwbe.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Aviary for Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkinocibdedleighgndmbfpbialnblep\1.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.4.1.26_0\
CHR - Extension: Freecell Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cabpjbpfakfhcfidnjahmdophhihafkh\1.0.0.1_0\
CHR - Extension: Thesaurus.com = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci\1.5.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Read Later Fast = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.5_0\
CHR - Extension: Search All = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk\2.1.3_1\
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: TweetDeck = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.3.3_0\
CHR - Extension: Pixlr Editor = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: World of Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: The Weather Channel for Chrome = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Glitterboo = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikkpgihagilojnkmkkfcbhlainmnkicp\1.1.4_0\
CHR - Extension: WordPress.com = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd\1.1_0\
CHR - Extension: Aviary Photo Editor for Facebook = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnhpjhojpnckkehlebbkpoammaemnnno\0.0.3_0\
CHR - Extension: YouTube Video Deck = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpoakikepagdiphlmfaeifpojdmbnegj\0.8.2_0\
CHR - Extension: Mahjong Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: Mahjong = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nnmegcjbmjoiljlhacoemajmckpljckl\13.2334.9140_0\
CHR - Extension: TV = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojodjefldcdcglpfbkklajdjaodibgcg\2.4_0\
CHR - Extension: FBQuickly = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\phehnhfkojbodpjkfdbegcfhncgbdjem\1.2.8_0\
CHR - Extension: Weather Underground = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/15 20:22:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SMessaging] C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ContactKeeper Birthday reminder] C:\Program Files\ContactKeeper\ContactKeeper.exe (ContactKeeper)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: RoboForm Editor - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: secureserver.net ([email14] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354034315693 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 19:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/21 20:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group
[2013/01/21 20:46:56 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013/01/21 20:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2013/01/21 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/21 20:36:12 | 000,000,000 | ---D | C] -- C:\MATS
[2013/01/21 17:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logs
[2013/01/21 17:52:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/01/21 17:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
[2013/01/21 17:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
[2013/01/21 17:09:26 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/01/21 16:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup
[2013/01/21 16:13:52 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/01/21 16:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2013/01/21 15:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/01/21 15:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Collage FX Studio
[2013/01/18 06:58:29 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/18 06:58:28 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/16 10:35:55 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/01/16 10:35:35 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/01/16 10:35:35 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/01/16 10:31:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/01/09 04:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2013/01/05 17:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Scans
[2012/12/29 20:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/12/29 20:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/12/29 13:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/12/27 09:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2012/12/23 19:16:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/12/23 19:14:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/23 19:11:01 | 000,000,000 | ---D | C] -- C:\puppy979p
[2012/12/23 19:07:34 | 000,000,000 | ---D | C] -- C:\puppy12914p
[2012/12/23 18:55:58 | 000,000,000 | ---D | C] -- C:\puppy
[2012/12/23 18:53:53 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/22 08:00:01 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
[2013/01/22 07:59:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/22 07:12:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/22 06:56:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/01/22 00:49:04 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2013/01/22 00:49:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2013/01/22 00:49:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2013/01/21 21:21:30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2013/01/21 21:20:44 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/01/21 21:20:42 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 21:20:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/21 20:47:03 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/01/21 20:05:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/21 17:53:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/01/21 17:49:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 17:09:32 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013/01/21 17:09:26 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/01/18 06:58:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/18 06:58:28 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/17 09:59:51 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2013/01/16 11:11:43 | 000,086,987 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Smokehouse Tags.gif
[2013/01/16 10:38:51 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/01/16 10:35:55 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/01/16 10:35:35 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/01/16 10:35:35 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/01/16 10:31:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/01/14 00:38:35 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 00:38:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2013/01/10 23:44:33 | 006,285,218 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\toppt_NOW_Paradigm_documents_recd_130108_1458.zip
[2013/01/10 19:27:13 | 003,619,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/01/10 09:50:31 | 000,015,214 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2013/01/09 06:44:54 | 000,493,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 06:44:54 | 000,089,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/09 03:12:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/06 22:39:23 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PhoPort.LNK
[2013/01/05 22:05:51 | 010,171,133 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Contributor Success Guide.pdf
[2013/01/05 21:29:19 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Megapixel Calculator - digital camera resolution web.forret.com.url
[2012/12/29 08:48:46 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Removable Disk (J).lnk
[2012/12/29 08:09:17 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to DCIM.lnk
[2012/12/28 19:38:19 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/28 00:05:17 | 000,083,172 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\z_DISCLOSURE_ANNOUNCEMENT_NO_1_PT1776.pdf
[2012/12/27 19:12:45 | 000,288,364 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Quick_Start_Photo_Guide.pdf
[2012/12/27 16:45:51 | 000,962,530 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\22PowerfulToolsToTransformYourFear_New.pdf
[2012/12/24 21:34:59 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shockwave Games.lnk
[2012/12/24 21:34:59 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sparkle.lnk
[2012/12/23 19:11:02 | 000,000,335 | ---- | M] () -- C:\Start_.cmd
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/21 20:47:03 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/01/21 20:05:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/21 17:09:32 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013/01/18 06:58:58 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/16 11:11:43 | 000,086,987 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Smokehouse Tags.gif
[2013/01/16 10:38:51 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/01/10 23:44:19 | 006,285,218 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\toppt_NOW_Paradigm_documents_recd_130108_1458.zip
[2013/01/09 03:09:21 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/01/06 22:39:23 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PhoPort.LNK
[2013/01/05 22:05:38 | 010,171,133 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Contributor Success Guide.pdf
[2013/01/05 21:29:19 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Megapixel Calculator - digital camera resolution web.forret.com.url
[2013/01/05 16:48:39 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/29 13:45:09 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/29 13:45:09 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2012/12/29 08:48:46 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Removable Disk (J).lnk
[2012/12/29 08:09:17 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to DCIM.lnk
[2012/12/28 00:05:15 | 000,083,172 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\z_DISCLOSURE_ANNOUNCEMENT_NO_1_PT1776.pdf
[2012/12/27 19:12:44 | 000,288,364 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Quick_Start_Photo_Guide.pdf
[2012/12/27 16:45:33 | 000,962,530 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\22PowerfulToolsToTransformYourFear_New.pdf
[2012/12/24 21:34:59 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shockwave Games.lnk
[2012/12/24 21:34:59 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sparkle.lnk
[2012/12/23 19:20:05 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2012/12/23 18:55:58 | 000,000,335 | ---- | C] () -- C:\Start_.cmd
[2012/12/14 17:58:19 | 000,001,482 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/09 15:28:59 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/06 21:50:24 | 000,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2012/03/15 20:38:13 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/02/14 22:09:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/28 15:17:55 | 000,001,582 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/10/15 19:07:59 | 002,463,996 | ---- | C] () -- C:\Documents and Settings\Owner\canaon basic.pdf
[2011/10/15 19:07:58 | 003,295,971 | ---- | C] () -- C:\Documents and Settings\Owner\Canon Manual.pdf
[2011/09/23 10:53:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/10 05:55:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2011/08/27 15:52:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\settings.dat
[2011/08/18 22:50:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/18 22:50:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/07 19:43:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/11/08 09:40:18 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/30 19:01:55 | 000,015,214 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/06 05:56:01 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Owner\AddressBook
[2010/05/20 15:32:08 | 000,005,790 | R--- | C] () -- C:\Program Files\EULA.nor
[2010/04/14 06:20:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2009/01/09 18:07:22 | 000,007,547 | R--- | C] () -- C:\Program Files\EULA.ger
[2009/01/09 18:07:22 | 000,006,808 | R--- | C] () -- C:\Program Files\EULA.itn
[2009/01/09 18:07:22 | 000,006,748 | R--- | C] () -- C:\Program Files\EULA.rus
[2009/01/09 18:07:22 | 000,006,668 | R--- | C] () -- C:\Program Files\EULA.pol
[2009/01/09 18:07:22 | 000,006,300 | R--- | C] () -- C:\Program Files\EULA.spa
[2009/01/09 18:07:22 | 000,006,120 | R--- | C] () -- C:\Program Files\EULA.dut
[2009/01/09 18:07:22 | 000,005,968 | R--- | C] () -- C:\Program Files\EULA.frn
[2009/01/09 18:07:22 | 000,005,461 | R--- | C] () -- C:\Program Files\EULA.swe
[2009/01/09 18:07:22 | 000,005,452 | R--- | C] () -- C:\Program Files\EULA.brz
[2009/01/09 18:07:22 | 000,005,304 | R--- | C] () -- C:\Program Files\EULA.cze
[2009/01/09 18:07:22 | 000,005,237 | R--- | C] () -- C:\Program Files\EULA.jpn
[2009/01/09 18:07:22 | 000,004,849 | R--- | C] () -- C:\Program Files\EULA.eng
[2009/01/09 18:07:22 | 000,004,711 | R--- | C] () -- C:\Program Files\EULA.kor
[2009/01/09 18:07:22 | 000,003,380 | R--- | C] () -- C:\Program Files\EULA.cht
[2009/01/09 18:07:22 | 000,003,345 | R--- | C] () -- C:\Program Files\EULA.chs

========== ZeroAccess Check ==========

[2005/01/09 19:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F193BFCF

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
PRC - [2012/11/14 00:04:22 | 000,568,832 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
MOD - [2012/11/14 00:04:22 | 000,568,832 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
SRV - [2012/11/14 00:04:22 | 000,568,832 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
IE - HKCU\..\SearchScopes\{4EE32D15-65AB-409B-AAEC-26208C52A67C}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{CDD4F616-9BF2-4E6D-8460-73D49EF70E41}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn _dtid=OSJ000&apn_uid=91AD6A88-13B1-4453-B562-E522C9210DD3&apn_sauid=C27CB996-DAFE-4308-9AC7-808CEE93C0F8
O4 - HKLM..\Run: [SMessaging] C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe File not found
[2013/01/21 17:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
[2013/01/21 16:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup
[2013/01/21 16:13:52 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/01/21 16:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2013/01/21 15:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## jlski (Dec 2, 2002)

OTL logfile created on: 1/23/2013 2:46:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.59 Mb Total Physical Memory | 493.54 Mb Available Physical Memory | 55.23% Memory free
2.11 Gb Paging File | 1.77 Gb Available in Paging File | 83.94% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.37 Gb Total Space | 108.39 Gb Free Space | 72.56% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 1.39 Gb Free Space | 34.71% Space Free | Partition Type: FAT32
Drive F: | 1.83 Gb Total Space | 1.79 Gb Free Space | 97.72% Space Free | Partition Type: FAT
Drive J: | 7.45 Gb Total Space | 2.60 Gb Free Space | 34.93% Space Free | Partition Type: FAT32

Computer Name: JERRYSCOMP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/16 10:31:31 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/01/16 08:19:16 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
PRC - [2012/12/21 06:11:04 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/16 05:53:23 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/12/16 05:53:22 | 002,334,992 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
PRC - [2012/12/16 05:53:22 | 001,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/12/02 15:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/14 17:54:12 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 19:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/16 08:19:16 | 001,868,432 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/01/18 06:58:29 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/16 08:19:16 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/12/16 05:53:23 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/17 09:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/10/20 10:09:31 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/21 17:53:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/12/16 05:53:23 | 000,132,296 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2012/12/16 05:53:23 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/12/16 05:53:23 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2006/04/06 00:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/01/18 04:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 07:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 18:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/16 18:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/16 18:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.roboform.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{090F55E8-FB85-465B-9F91-F3B22DC17939}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_en
IE - HKCU\..\SearchScopes\{161CE5A3-5CAB-48A3-8538-EE949896E6FA}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{A1BA6E36-5D80-49D3-B80B-DD84E69A85B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121250,6900,0,5,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Owner\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/19 08:19:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/19 08:19:56 | 000,000,000 | ---D | M]

[2011/11/03 04:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npwbe.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Aviary for Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkinocibdedleighgndmbfpbialnblep\1.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.4.1.26_0\
CHR - Extension: Freecell Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cabpjbpfakfhcfidnjahmdophhihafkh\1.0.0.1_0\
CHR - Extension: Thesaurus.com = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci\1.5.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Read Later Fast = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.5_0\
CHR - Extension: Search All = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk\2.1.3_1\
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: TweetDeck = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.3.3_0\
CHR - Extension: Pixlr Editor = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: World of Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: The Weather Channel for Chrome = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Glitterboo = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikkpgihagilojnkmkkfcbhlainmnkicp\1.1.4_0\
CHR - Extension: WordPress.com = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd\1.1_0\
CHR - Extension: Aviary Photo Editor for Facebook = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnhpjhojpnckkehlebbkpoammaemnnno\0.0.3_0\
CHR - Extension: YouTube Video Deck = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpoakikepagdiphlmfaeifpojdmbnegj\0.8.2_0\
CHR - Extension: Mahjong Solitaire = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: Mahjong = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nnmegcjbmjoiljlhacoemajmckpljckl\13.2334.9140_0\
CHR - Extension: TV = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojodjefldcdcglpfbkklajdjaodibgcg\2.4_0\
CHR - Extension: FBQuickly = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\phehnhfkojbodpjkfdbegcfhncgbdjem\1.2.8_0\
CHR - Extension: Weather Underground = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/15 20:22:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ContactKeeper Birthday reminder] C:\Program Files\ContactKeeper\ContactKeeper.exe (ContactKeeper)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: RoboForm Editor - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: secureserver.net ([email14] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354034315693 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 19:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/23 14:31:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/21 20:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group
[2013/01/21 20:46:56 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013/01/21 20:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2013/01/21 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/21 20:36:12 | 000,000,000 | ---D | C] -- C:\MATS
[2013/01/21 17:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logs
[2013/01/21 17:52:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/01/21 17:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
[2013/01/21 17:09:26 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/01/21 15:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Collage FX Studio
[2013/01/16 10:31:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/01/09 04:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2013/01/05 17:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Scans
[2012/12/29 20:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/12/29 20:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/12/29 13:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/12/27 09:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk

========== Files - Modified Within 30 Days ==========

[2013/01/23 14:45:01 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
[2013/01/23 14:36:59 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2013/01/23 14:36:53 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2013/01/23 14:36:51 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2013/01/23 14:36:29 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/23 14:36:20 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/01/23 14:36:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/23 14:12:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/23 13:59:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/23 10:56:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/01/23 08:30:52 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2013/01/22 00:49:04 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
[2013/01/21 20:47:03 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/01/21 20:05:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/21 17:53:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/01/21 17:49:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 17:09:32 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013/01/21 17:09:26 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/01/16 11:11:43 | 000,086,987 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Smokehouse Tags.gif
[2013/01/16 10:38:51 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/01/16 10:31:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/01/14 00:38:35 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 00:38:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2013/01/10 23:44:33 | 006,285,218 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\toppt_NOW_Paradigm_documents_recd_130108_1458.zip
[2013/01/10 09:50:31 | 000,015,214 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2013/01/09 06:44:54 | 000,493,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 06:44:54 | 000,089,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/09 03:12:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/06 22:39:23 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PhoPort.LNK
[2013/01/05 22:05:51 | 010,171,133 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Contributor Success Guide.pdf
[2013/01/05 21:29:19 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Megapixel Calculator - digital camera resolution web.forret.com.url
[2012/12/29 08:48:46 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Removable Disk (J).lnk
[2012/12/29 08:09:17 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to DCIM.lnk
[2012/12/28 19:38:19 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/28 00:05:17 | 000,083,172 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\z_DISCLOSURE_ANNOUNCEMENT_NO_1_PT1776.pdf
[2012/12/27 19:12:45 | 000,288,364 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Quick_Start_Photo_Guide.pdf
[2012/12/27 16:45:51 | 000,962,530 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\22PowerfulToolsToTransformYourFear_New.pdf
[2012/12/24 21:34:59 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shockwave Games.lnk
[2012/12/24 21:34:59 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sparkle.lnk

========== Files Created - No Company Name ==========

[2013/01/21 20:47:03 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/01/21 20:05:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/21 17:09:32 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013/01/18 06:58:58 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/16 11:11:43 | 000,086,987 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Smokehouse Tags.gif
[2013/01/16 10:38:51 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/01/10 23:44:19 | 006,285,218 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\toppt_NOW_Paradigm_documents_recd_130108_1458.zip
[2013/01/09 03:09:21 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/01/06 22:39:23 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PhoPort.LNK
[2013/01/05 22:05:38 | 010,171,133 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Contributor Success Guide.pdf
[2013/01/05 21:29:19 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Megapixel Calculator - digital camera resolution web.forret.com.url
[2013/01/05 16:48:39 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ContactKeeper.mdb
[2012/12/29 13:45:09 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/29 13:45:09 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2012/12/29 08:48:46 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Removable Disk (J).lnk
[2012/12/29 08:09:17 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to DCIM.lnk
[2012/12/28 00:05:15 | 000,083,172 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\z_DISCLOSURE_ANNOUNCEMENT_NO_1_PT1776.pdf
[2012/12/27 19:12:44 | 000,288,364 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Quick_Start_Photo_Guide.pdf
[2012/12/27 16:45:33 | 000,962,530 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\22PowerfulToolsToTransformYourFear_New.pdf
[2012/12/24 21:34:59 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shockwave Games.lnk
[2012/12/24 21:34:59 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sparkle.lnk
[2012/12/14 17:58:19 | 000,001,482 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2012/12/09 15:28:59 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2012/12/06 21:50:24 | 000,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2012/03/15 20:38:13 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/02/14 22:09:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/28 15:17:55 | 000,001,582 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/10/15 19:07:59 | 002,463,996 | ---- | C] () -- C:\Documents and Settings\Owner\canaon basic.pdf
[2011/10/15 19:07:58 | 003,295,971 | ---- | C] () -- C:\Documents and Settings\Owner\Canon Manual.pdf
[2011/09/23 10:53:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/10 05:55:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2011/08/27 15:52:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\settings.dat
[2011/08/18 22:50:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/18 22:50:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/07 19:43:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/11/08 09:40:18 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/30 19:01:55 | 000,015,214 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/06 05:56:01 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Owner\AddressBook
[2010/05/20 15:32:08 | 000,005,790 | R--- | C] () -- C:\Program Files\EULA.nor
[2010/04/14 06:20:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2009/01/09 18:07:22 | 000,007,547 | R--- | C] () -- C:\Program Files\EULA.ger
[2009/01/09 18:07:22 | 000,006,808 | R--- | C] () -- C:\Program Files\EULA.itn
[2009/01/09 18:07:22 | 000,006,748 | R--- | C] () -- C:\Program Files\EULA.rus
[2009/01/09 18:07:22 | 000,006,668 | R--- | C] () -- C:\Program Files\EULA.pol
[2009/01/09 18:07:22 | 000,006,300 | R--- | C] () -- C:\Program Files\EULA.spa
[2009/01/09 18:07:22 | 000,006,120 | R--- | C] () -- C:\Program Files\EULA.dut
[2009/01/09 18:07:22 | 000,005,968 | R--- | C] () -- C:\Program Files\EULA.frn
[2009/01/09 18:07:22 | 000,005,461 | R--- | C] () -- C:\Program Files\EULA.swe
[2009/01/09 18:07:22 | 000,005,452 | R--- | C] () -- C:\Program Files\EULA.brz
[2009/01/09 18:07:22 | 000,005,304 | R--- | C] () -- C:\Program Files\EULA.cze
[2009/01/09 18:07:22 | 000,005,237 | R--- | C] () -- C:\Program Files\EULA.jpn
[2009/01/09 18:07:22 | 000,004,849 | R--- | C] () -- C:\Program Files\EULA.eng
[2009/01/09 18:07:22 | 000,004,711 | R--- | C] () -- C:\Program Files\EULA.kor
[2009/01/09 18:07:22 | 000,003,380 | R--- | C] () -- C:\Program Files\EULA.cht
[2009/01/09 18:07:22 | 000,003,345 | R--- | C] () -- C:\Program Files\EULA.chs

========== ZeroAccess Check ==========

[2005/01/09 19:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/28 20:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/12/27 09:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/11/03 14:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2013/01/21 21:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2011/12/06 20:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/10/20 11:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2013/01/12 22:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/28 11:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/31 22:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/20 21:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlawarEntertainment
[2012/08/23 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amaranth Games
[2012/01/23 23:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2012/08/24 20:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amulet_of_time
[2012/11/27 20:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Angler
[2012/01/17 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ASCON
[2012/03/17 22:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Awem
[2012/07/12 10:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bluefive software
[2012/03/20 18:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.smallblueprinter.gardenPlanner3
[2012/03/15 20:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Daedalic Entertainment
[2012/08/31 20:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DragonsEye Studios
[2011/11/28 14:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2012/03/14 20:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EnchantedCavern
[2012/03/21 18:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gogii
[2011/04/28 07:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GoodSync
[2013/01/05 17:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2012/03/16 20:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\md studio
[2011/04/27 12:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2012/10/14 20:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlataGames
[2011/11/19 20:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2012/01/17 18:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PTC
[2011/11/07 20:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Recordpad
[2012/09/03 08:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RoboForm
[2012/10/20 08:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2012/01/17 11:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2010/10/30 19:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2012/08/24 21:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\The Drama Queen Murder
[2012/11/01 05:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent
[2012/11/30 07:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinZip

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F193BFCF

< End of report >


----------



## Cookiegal (Aug 27, 2003)

How are things now?


----------



## jlski (Dec 2, 2002)

If I right click on a desktop icon, a little window pops up for just a few seconds that looks like a program install notice. Is there no way to kill the files that won't allow me access?


----------



## Cookiegal (Aug 27, 2003)

Please remind me which files you're referring to?

Also, can you please post a screenshot of the pop up you're getting? I have an idea that it might be a software registration reminder prompt.


----------



## jlski (Dec 2, 2002)

It was two files that were in the Strong Vault On Line Back Up file folder (that installed itself) where it was listed in my "Programs" folder. I'm running a search again to see where they are because now, I have not been able to find it.

As far as the pop up it is associated with Strong Vault On Line Back Up. It started popping up when I tried to stop the installation. So I went to "Programs" folder and found the folder for Strong Vault On Line Back Up. I started deleting files and folders and every time I would right click a file or folder the same windows installation notice would pop up. Now no matter what I left or right click on the program still tries to install Strong Vault On Line Back Up.

I can't give a screen shot because it is up for only a couple of seconds.


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*strongvault*
:folderfind
*strongvault*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## jlski (Dec 2, 2002)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:53 on 24/01/2013 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*strongvault*"
C:\Documents and Settings\Owner\Local Settings\temp\pkg_152f16eb0\disclosure.iq.strongvault_r1_v3\bg_strongvault.jpg	--a---- 9587 bytes	[21:48 21/01/2013]	[21:48 21/01/2013] 225DFA47BD3FCC7A5955C7A55C01268E

========== folderfind ==========

Searching for "*strongvault*"
C:\Documents and Settings\Owner\Local Settings\temp\pkg_152f16eb0\disclosure.iq.strongvault_r1_v3	d------	[21:48 21/01/2013]

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

*Click here* to download ATF Cleaner by Atribune and save it to your desktop.
Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
*If you use Firefox:*
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


*If you use Opera:*
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*
[*]NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


Click *Exit* on the Main menu to close the program.

What are the names of the files and the full path to their location?


----------



## jlski (Dec 2, 2002)

Sorry cookiegal, I think I clicked the wrong exit as it didn't give any report. I clicked the bottom exit button. I didn't see nor know you were talking about the link "MAIM" at the top left. I just saw main at the top of the window next to ATF.


----------



## Cookiegal (Aug 27, 2003)

Let's use this program instead of ATF.

Please download *TFC* by OldTimer to your desktop.

Double-click *TFC.exe* to run it. (If you are running Vista then right-click on the file and select *Run As Administrator*).
*Note: It will close all programs when you run it so make sure you have saved everything you may have been working on before you begin.*
Click the *Start* button to begin the process. It should only take a short time so let it run uninterrupted until it's finished. 
When it's finished it should reboot your machine. If it doesn't then please reboot manually to be sure everything is cleared.

You can just drag ATF to the Recycle Bin.


----------



## jlski (Dec 2, 2002)

Finished that little chore. that little booger is still popping up. It even pops up 5-6 times very quickly upon rebooting.


----------



## Cookiegal (Aug 27, 2003)

Cookiegal said:


> What are the names of the files and the full path to their location?


You didn't answer this question.


----------



## jlski (Dec 2, 2002)

I have to ask which files?


----------



## Cookiegal (Aug 27, 2003)

You said there were files that relate to this Strongvault thing that you couldn't delete.


----------



## jlski (Dec 2, 2002)

I've tried posting an answer but keep getting the following.

Your submission could not be processed because the token has expired.

Please push the back button and reload the previous window.


----------



## jlski (Dec 2, 2002)

I couldn't find the files as they have disappeared. The Windows Prepare to install notice keeps popping up when right clicking on icons , desktop or others. When rebooting, it will pop up 4-6 times consecutively really fast.


----------



## Cookiegal (Aug 27, 2003)

When it pops up please grab a screenshot and post it here.


----------



## jlski (Dec 2, 2002)

I can't cookiegal. It pops up for just a second the disappears. It has to be some kind of residual thing from Strong Vault. It started popping up when I tried to delete the files and folder associated with Strong vault. I did a file search and found nothing else related to the words Strong Vault. However, if I'm not wrong it would have been possiblre for them to have stored on my hard drive with some other name?


----------



## Cookiegal (Aug 27, 2003)

It only take a second to hit the Print Screen button. Can you not do that as soon as you see the pop up?


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## jlski (Dec 2, 2002)

It will take me awhile to do that because I have several in both "Application" and "System". However, I will get them done as fast as I can tomorrow (Sunday) and get them posted here.

Thank you cookiegal


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------



## jlski (Dec 2, 2002)

Hi cookiegal. I just looked at the "Event Viewer - Applicaton List". Holy cow, there are hundreds of red "X"s. Do you want them all?

In the "Event Viewer - System List" the are some but none in comparison. I wait your reply.


----------



## Cookiegal (Aug 27, 2003)

There's no need to post duplicates so any that have the same event ID number and source can be skipped. Just post one of each please.


----------



## jlski (Dec 2, 2002)

Mighty Fine.


----------



## jlski (Dec 2, 2002)

Application Log

Event Type:	Error
Event Source:	Userenv
Event Category:	None
Event ID:	1041
Date: 1/27/2013
Time: 7:46:53 PM
User: NT AUTHORITY\SYSTEM
Computer:	JERRYSCOMP
Description:
Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	MatSvc
Event Category:	None
Event ID:	4
Date: 1/27/2013
Time: 7:01:03 PM
User: N/A
Computer:	JERRYSCOMP
Description:
The MATS service encountered a failure when uploading data. hr=0xC004F018

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	MatSvc
Event Category:	None
Event ID:	3
Date: 1/27/2013
Time: 7:01:03 PM
User: N/A
Computer:	JERRYSCOMP
Description:
The MATS service encountered a web service failure. hr=0xC004F018

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	NativeWrapper
Event Category:	None
Event ID:	5000
Date: 1/27/2013
Time: 3:01:21 AM
User: N/A
Computer:	JERRYSCOMP
Description:
The description for Event ID ( 5000 ) in Source ( NativeWrapper ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: visualstudio7x80update, msiexec.exe, 1.0.1716.5060, kb2742597, 1033, 643, f, install, x86, 5.1.2600.2.3.0.256, 0.
Data:
0000: 76 00 69 00 73 00 75 00 v.i.s.u.
0008: 61 00 6c 00 73 00 74 00 a.l.s.t.
0010: 75 00 64 00 69 00 6f 00 u.d.i.o.
0018: 37 00 78 00 38 00 30 00 7.x.8.0.
0020: 75 00 70 00 64 00 61 00 u.p.d.a.
0028: 74 00 65 00 2c 00 20 00 t.e.,. .
0030: 6d 00 73 00 69 00 65 00 m.s.i.e.
0038: 78 00 65 00 63 00 2e 00 x.e.c...
0040: 65 00 78 00 65 00 2c 00 e.x.e.,.
0048: 20 00 31 00 2e 00 30 00 .1...0.
0050: 2e 00 31 00 37 00 31 00 ..1.7.1.
0058: 36 00 2e 00 35 00 30 00 6...5.0.
0060: 36 00 30 00 2c 00 20 00 6.0.,. .
0068: 6b 00 62 00 32 00 37 00 k.b.2.7.
0070: 34 00 32 00 35 00 39 00 4.2.5.9.
0078: 37 00 2c 00 20 00 31 00 7.,. .1.
0080: 30 00 33 00 33 00 2c 00 0.3.3.,.
0088: 20 00 36 00 34 00 33 00 .6.4.3.
0090: 2c 00 20 00 66 00 2c 00 ,. .f.,.
0098: 20 00 69 00 6e 00 73 00 .i.n.s.
00a0: 74 00 61 00 6c 00 6c 00 t.a.l.l.
00a8: 2c 00 20 00 78 00 38 00 ,. .x.8.
00b0: 36 00 2c 00 20 00 35 00 6.,. .5.
00b8: 2e 00 31 00 2e 00 32 00 ..1...2.
00c0: 36 00 30 00 30 00 2e 00 6.0.0...
00c8: 32 00 2e 00 33 00 2e 00 2...3...
00d0: 30 00 2e 00 32 00 35 00 0...2.5.
00d8: 36 00 20 00 30 00 0d 00 6. .0...
00e0: 0a 00 ..

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	1023
Date: 1/27/2013
Time: 3:01:18 AM
User: NT AUTHORITY\SYSTEM
Computer:	JERRYSCOMP
Description:
Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 43 42 32 46 37 45 44 {CB2F7ED
0008: 44 2d 39 44 31 46 2d 34 D-9D1F-4
0010: 33 43 31 2d 39 30 46 43 3C1-90FC
0018: 2d 34 46 35 32 45 41 45 -4F52EAE
0020: 31 37 32 41 31 7d 20 7b 172A1} {
0028: 36 43 32 39 38 38 38 34 6C298884
0030: 2d 39 31 46 44 2d 34 30 -91FD-40
0038: 38 43 2d 39 44 39 30 2d 8C-9D90-
0040: 35 41 35 39 44 32 43 32 5A59D2C2
0048: 39 46 44 31 7d 20 31 36 9FD1} 16
0050: 30 33 03

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	11706
Date: 1/27/2013
Time: 3:01:14 AM
User: NT AUTHORITY\SYSTEM
Computer:	JERRYSCOMP
Description:
Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 43 42 32 46 37 45 44 {CB2F7ED
0008: 44 2d 39 44 31 46 2d 34 D-9D1F-4
0010: 33 43 31 2d 39 30 46 43 3C1-90FC
0018: 2d 34 46 35 32 45 41 45 -4F52EAE
0020: 31 37 32 41 31 7d 172A1}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	1023
Date: 1/26/2013
Time: 3:01:13 AM
User: NT AUTHORITY\SYSTEM
Computer:	JERRYSCOMP
Description:
Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 43 42 32 46 37 45 44 {CB2F7ED
0008: 44 2d 39 44 31 46 2d 34 D-9D1F-4
0010: 33 43 31 2d 39 30 46 43 3C1-90FC
0018: 2d 34 46 35 32 45 41 45 -4F52EAE
0020: 31 37 32 41 31 7d 20 7b 172A1} {
0028: 36 43 32 39 38 38 38 34 6C298884
0030: 2d 39 31 46 44 2d 34 30 -91FD-40
0038: 38 43 2d 39 44 39 30 2d 8C-9D90-
0040: 35 41 35 39 44 32 43 32 5A59D2C2
0048: 39 46 44 31 7d 20 31 36 9FD1} 16
0050: 30 33 03

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	11706
Date: 1/26/2013
Time: 3:01:09 AM
User: NT AUTHORITY\SYSTEM
Computer:	JERRYSCOMP
Description:
Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 43 42 32 46 37 45 44 {CB2F7ED
0008: 44 2d 39 44 31 46 2d 34 D-9D1F-4
0010: 33 43 31 2d 39 30 46 43 3C1-90FC
0018: 2d 34 46 35 32 45 41 45 -4F52EAE
0020: 31 37 32 41 31 7d 172A1}

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 1/21/2013
Time: 7:54:05 PM
User: N/A
Computer:	JERRYSCOMP
Description:
Hanging application mbam.exe, version 1.70.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 6d 62 61 6d 2e 65 mbam.e
0018: 78 65 20 31 2e 37 30 2e xe 1.70.
0020: 30 2e 39 20 69 6e 20 68 0.9 in h
0028: 75 6e 67 61 70 70 20 30 ungapp 0
0030: 2e 30 2e 30 2e 30 20 61 .0.0.0 a
0038: 74 20 6f 66 66 73 65 74 t offset
0040: 20 30 30 30 30 30 30 30 0000000
0048: 30 0 
____________________________________________________

System Log

Event Type:	Error
Event Source:	Windows Update Agent
Event Category:	Installation 
Event ID:	20
Date: 1/27/2013
Time: 3:01:51 AM
User: N/A
Computer:	JERRYSCOMP
Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 38 sult=0x8
0010: 30 30 37 30 36 34 33 20 0070643 
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 38 30 39 31 34 46 ={80914F
0028: 34 38 2d 46 45 38 30 2d 48-FE80-
0030: 34 37 39 43 2d 38 36 44 479C-86D
0038: 42 2d 44 42 41 38 39 33 B-DBA893
0040: 45 46 39 33 39 37 7d 20 EF9397} 
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 32 Number=2
0058: 30 31 20 00 01 .

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7034
Date: 1/24/2013
Time: 8:39:17 PM
User: N/A
Computer:	JERRYSCOMP
Description:
The RealNetworks Downloader Resolver Service service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7006
Date: 1/24/2013
Time: 10:28:34 AM
User: N/A
Computer:	JERRYSCOMP
Description:
The ScRegSetValueExW call failed for Type with the following error: 
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10016
Date: 1/24/2013
Time: 10:22:44 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer:	JERRYSCOMP
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 1/21/2013
Time: 8:07:58 PM
User: NT AUTHORITY\SYSTEM
Computer:	JERRYSCOMP
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 1/21/2013
Time: 7:58:27 PM
User: N/A
Computer:	JERRYSCOMP
Description:
The following boot-start or system-start driver(s) failed to load: 
cmdGuard
Fips
intelppm

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10016
Date: 1/17/2013
Time: 7:05:00 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer:	JERRYSCOMP
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7034
Date: 1/13/2013
Time: 1:17:36 AM
User: N/A
Computer:	JERRYSCOMP
Description:
The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

OK, the first one is causing by an improper installation of IE8. We can fix that but why did you uninstall IE8 and go back to IE7?

Go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------



## jlski (Dec 2, 2002)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\
6c,00,00,00
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\
00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,31,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,31,00,34,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@="802.3 Group Policy"
"DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\
00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\
2e,00,64,00,6c,00,6c,00,00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
00,73,00,63,00,75,00,69,00,2e,00,64,00,6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a Fixjlski2.zip file to this post. Save it to your desktop. Unzip it (extract the file) and double-click the Fixjlski2.reg file and allow it to merge into the registry. This will fix the first error you posted which results from a failure to uninstall two keys in the registry for IE8 (probably beta).

Then reboot the machine.


----------



## Cookiegal (Aug 27, 2003)

Did you try uninstalling Strongvault through the Control Panel?

If so, try this MS Fixit tool to uninstall remants of Strongvault.

http://support.microsoft.com/mats/program_install_and_uninstall

Delete anything that relates to Strongvault or Stronghold.


----------



## jlski (Dec 2, 2002)

Ok, this one is a done deal.


----------



## Cookiegal (Aug 27, 2003)

Which one?


----------



## jlski (Dec 2, 2002)

Strong Vault never showed up in the Add & Remove Programs. That why I tried to delete it's files and folder.

I will try this MS Fixit tool no.


----------



## Cookiegal (Aug 27, 2003)

OK. :up:


----------



## jlski (Dec 2, 2002)

Wouldn't you know it. HAHA!!! See attachment.


----------



## Cookiegal (Aug 27, 2003)

I would try Revo Unistaller. See if it will uninstall with that.

http://www.revouninstaller.com/


----------



## jlski (Dec 2, 2002)

Strong Vault doesn't show up with Revo either.


----------



## Cookiegal (Aug 27, 2003)

Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## jlski (Dec 2, 2002)

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 01/29/2013 19:10:12
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## jlski (Dec 2, 2002)

OTS Log


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: SearchURL\\"provider" -> gogl
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\] > -> HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> [Button: Messenger]
YN -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> [Menu: Windows Messenger]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\] > -> HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{45DB34C3-955C-11D3-ABEF-444553540000}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.]
[Files/Folders - Modified Within 30 Days]
NY ->  13 C:\Documents and Settings\Owner\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\temp\*.tmp
[Files - No Company Name]
NY ->  .ini -> C:\WINDOWS\System32\.ini
[Alternate Data Streams]
NY -> @Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F193BFCF
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## jlski (Dec 2, 2002)

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\\provider deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry value HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry value HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{45DB34C3-955C-11D3-ABEF-444553540000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45DB34C3-955C-11D3-ABEF-444553540000}\ not found.
Registry value HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry value HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Owner\Local Settings\temp\41EF5EA2.TMP deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\DIO106.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\DIO2189.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\DIO3.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\DIO5.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\DIO7.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\DIOA.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\MAR1.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\MAR2.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\MAR3.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\MAR4.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\STS5.tmp deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\STS8.tmp deleted successfully.
[Files - No Company Name]
C:\WINDOWS\System32\.ini moved successfully.
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F193BFCF deleted successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 2663331 bytes
->Temporary Internet Files folder emptied: 2238977 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 372276780 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3846973 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 396 bytes

Total Files Cleaned = 364.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 01302013_193658

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000a71 not found!

Registry entries deleted on Reboot...


----------



## Cookiegal (Aug 27, 2003)

Are you still getting the Strongvault thing?


----------



## jlski (Dec 2, 2002)

Yes. It still pops up very quickly 3-4 times. Strong Vault must be a nasty one. It's a shame people have to deal with things they didn't initiate or choose to download.


----------



## Cookiegal (Aug 27, 2003)

I need you to capture a screenshot of it please.


----------



## jlski (Dec 2, 2002)

I wish I could cookiegal. But it is only there a few seconds. It won't stay long enough to allow me to get a screenshot. 

I need to download a video driver update. Would that not be a good idea at this point?


----------



## Cookiegal (Aug 27, 2003)

jlski said:


> I wish I could cookiegal. But it is only there a few seconds. It won't stay long enough to allow me to get a screenshot.


A few seconds is long enough. All you have to do is push the print screen key on the keyboard to capture it and then paste that into Paint and save it.


> I need to download a video driver update. Would that not be a good idea at this point?


Maybe not. Is the updated intended to fix a bug or problem with the video card?


----------



## jlski (Dec 2, 2002)

Yes, It is supposed to update it so real player and media player will function properly. Trying to catch the "FLASH". It's just too fast. But will keep trying.


----------



## Cookiegal (Aug 27, 2003)

OK then go ahead and download and install the driver.

When does this "flash" occur again? Is it only during the boot up process?


----------



## jlski (Dec 2, 2002)

During the boot up process and any icon I click right on. I will try catching it upon re-booting.


----------



## Cookiegal (Aug 27, 2003)

When you tried to run Microsoft's FixIt earlier were you using the Internet Explorer browser? 

Please try it again even if you were. There may have been a problem with the server at the time.


----------



## jlski (Dec 2, 2002)

I forgot I had MS FixIt on my desktop. I ran it and it showed Strong Vault but was unable to uninstall it. See attachment.


----------



## jlski (Dec 2, 2002)

Good morning cookiegal. 

Upon rebooting the popup stays longer, however, pressing the "Print Screen" key did not do anything.

But I did see it long enough to see what it says.

It is an official looking windows installation notice. On the notice it say, Windows Installer-
Preparing to Install. That's it.

I have also added 3 attachments which I realized are issues that started after the Strong Vault invasion.

Hopefully these attachments will be clues for you.


----------



## Cookiegal (Aug 27, 2003)

The messages are related to a failed Microsoft .NET Framework update and have nothing to do with StrongVault. It's possible the one on boot up is related to this issue as well.

It looks like the MS Fixit tool says it succeeded. If you run it again, does StrongVault still appear in the list?


----------



## jlski (Dec 2, 2002)

MS FixIt didn't won't to work. However, Strong Vault is showing up again in "Add & Remove" programs as well as CCleaner again.


----------



## Cookiegal (Aug 27, 2003)

Let's try uninstalling it again through Add or Remove Programs.


----------



## jlski (Dec 2, 2002)

I guess there is not enough files left after my deletion for it to uninstall.


----------



## Cookiegal (Aug 27, 2003)

Does it still appear in the list?


----------



## jlski (Dec 2, 2002)

Yes. Still showing in CCleaner and Add & Remove Programs.


----------



## Cookiegal (Aug 27, 2003)

Try Revo again. Last time it didn't show up there so maybe this time it will.


----------



## jlski (Dec 2, 2002)

It wasn't there cookiegal. However, I did a file search again and this showed up.

C:\MATS\{5E33D30D-D896-4D92-B033-5F45819B2937}\FileBackup\C\Documents and Settings\Owner\Local Settings\Application Data


----------



## Cookiegal (Aug 27, 2003)

I believe the MATS folder is just a place where the MS FixIt copies backups of the file(s).

I think we've already used SystemLook so you don't have to download it again if you still have it:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*strong*
:folderfind
*strong*
:regfind
strong
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## jlski (Dec 2, 2002)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:09 on 02/02/2013 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*strong*"
C:\Documents and Settings\Owner\Desktop\Strong Vault_1.gif	--a---- 84114 bytes	[23:18 01/02/2013]	[23:18 01/02/2013] 28264C4189424FFBA2BC7A559803E3B1
C:\Documents and Settings\Owner\Desktop\Strong Vault_2.gif	--a---- 34953 bytes	[23:21 01/02/2013]	[23:21 01/02/2013] 87F0C16CD4F99621C7B3253B50701179
C:\Documents and Settings\Owner\Desktop\Strong Vault_3.gif	--a---- 40335 bytes	[20:58 02/02/2013]	[20:58 02/02/2013] 1A53F1B6D9392586C7CBD0A477C8FBF9
C:\Documents and Settings\Owner\My Documents\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\I Want to Join Health Program - Deborah M Armstrong.eml	--a---- 3864 bytes	[23:12 17/10/2009]	[23:12 17/10/2009] FA3DA5AB942AEDAA1449D3D868C9BDEF
C:\Documents and Settings\Owner\My Documents\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\ICC Order Confirmation - Deborah M Armstrong.eml	--a---- 19078 bytes	[16:28 18/10/2009]	[16:28 18/10/2009] 5AC9056FAA64637554BC380662256374
C:\Documents and Settings\Owner\My Documents\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\Please Register Me for KFG - Deborah M_ Armstrong.eml	--a---- 3685 bytes	[21:54 18/10/2009]	[21:54 18/10/2009] A9B91167109E3005D5FC4121AAFBCE66
C:\Documents and Settings\Owner\My Documents\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\Welcome New ICC Member - Deborah M Armstrong.eml	--a---- 24687 bytes	[16:28 18/10/2009]	[16:28 18/10/2009] 5D50379E54550B795F50FB39E4263901
C:\Documents and Settings\Owner\Recent\Strong Vault.lnk	--a---- 507 bytes	[23:18 01/02/2013]	[23:18 01/02/2013] A9BDE74CA8EDD8F42B122ACBB9139DC8
C:\Documents and Settings\Owner\Recent\Strong Vault_1.lnk	--a---- 513 bytes	[23:24 01/02/2013]	[23:24 01/02/2013] 026CB9741B44EED172280858D8DDF149
C:\Documents and Settings\Owner\Recent\Strong Vault_2.lnk	--a---- 513 bytes	[23:21 01/02/2013]	[23:24 01/02/2013] 77B0DED177B0EA8448F6B418E135F9A9
C:\Documents and Settings\Owner\Recent\Strong Vault_3.lnk	--a---- 513 bytes	[20:58 02/02/2013]	[21:04 02/02/2013] 2D6A2ABB8320D9C3B7BA834711358ED6
C:\My Flash Drive\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\I Want to Join Health Program - Deborah M Armstrong.eml	--a---- 3864 bytes	[13:54 12/09/2010]	[23:12 17/10/2009] FA3DA5AB942AEDAA1449D3D868C9BDEF
C:\My Flash Drive\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\ICC Order Confirmation - Deborah M Armstrong.eml	--a---- 19078 bytes	[13:54 12/09/2010]	[16:29 18/10/2009] 5AC9056FAA64637554BC380662256374
C:\My Flash Drive\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\Please Register Me for KFG - Deborah M_ Armstrong.eml	--a---- 3685 bytes	[13:54 12/09/2010]	[21:54 18/10/2009] A9B91167109E3005D5FC4121AAFBCE66
C:\My Flash Drive\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\Welcome New ICC Member - Deborah M Armstrong.eml	--a---- 24687 bytes	[13:54 12/09/2010]	[16:28 18/10/2009] 5D50379E54550B795F50FB39E4263901

========== folderfind ==========

Searching for "*strong*"
C:\Documents and Settings\Owner\My Documents\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG	d------	[21:45 17/10/2009]
C:\MATS\{5E33D30D-D896-4D92-B033-5F45819B2937}\FileBackup\C\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup	d------	[05:39 01/02/2013]
C:\My Flash Drive\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG	d------	[13:54 12/09/2010]

========== regfind ==========

Searching for "strong"
[HKEY_CURRENT_USER\Software\Macromedia\FlashPlayerUpdate]
"description"="<XML><update version="11,5,502,110"><description>mshtml:

An update to your Adobe Flash Player is available

*New Features:*


Enhanced debugging capabilities
Security enhancements
Reduced memory usage
</description></update>message "New Features:

Enhanced debugging capabilities
Security enhancements
Reduced memory usage
";size 740 440;autoUpdateMode 2;</meta></XML>"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Strong Vault"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"006"="strongvault"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\Owner\Desktop\Strong Vault_3.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"d"="C:\Documents and Settings\Owner\Desktop\Strong Vault_3.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"g"="C:\Documents and Settings\Owner\Desktop\Strong Vault.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"h"="C:\Documents and Settings\Owner\Desktop\Strong Vault_2.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"j"="C:\Documents and Settings\Owner\Desktop\Strong Vault_1.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\strongesthosting.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000050B-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000050B-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000514-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000514-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000535-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000535-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000560-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000560-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000602-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000602-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000609-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000609-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000615-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000615-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000618-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000618-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000061B-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000061B-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000061E-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000061E-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000621-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000621-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231D1CF6-C578-411D-9B9B-48264355805D}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26E85C60-8A6C-4A8B-9997-C7A9B220D7C3}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\vsscopy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D171AB1-5132-43C5-9591-96F98911791E}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D171AB1-5132-43C5-9591-96F98911791E}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F64966B-C771-4128-B3AF-F9EF9C575322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\vsscopy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656C6-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AsynchWSCall.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656DA-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\BackupEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656DB-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\BackupEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656E3-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxLocalBackup.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656E3-0515-11E0-B88E-001D60AF2322}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\AXLOCA~1.OCX, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656E6-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxLocalBackup.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656E8-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxLocalBackup.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedZip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedZip.dll, 104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705B3-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705B3-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705CB-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Scheduler.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705CB-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Scheduler.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705D6-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705D6-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705DA-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705DA-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EA-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EA-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EC-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EC-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EE-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EE-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F0-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F0-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F3-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F3-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F5-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F5-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F7-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F7-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F9-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F9-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57170605-0509-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxUtilities.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57170608-0509-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupVista.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57170608-0509-11E0-B88E-001D60AF2322}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\VSBACK~1.DLL, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5717060C-0509-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\CtxMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ADE76BA-7AF7-44BF-B0C5-A946534F1EBA}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ARProgBar.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ADE76BA-7AF7-44BF-B0C5-A946534F1EBA}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\ARPROG~1.OCX, 30000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC04D5B-19A8-45EE-BCB0-6FE0067F9468}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC04D5B-19A8-45EE-BCB0-6FE0067F9468}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedCry.dll, 109"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90FDB7BD-EB76-4AC9-8385-D1EE80BBCDCD}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A02A65C1-50E4-4E5D-B9D0-625D5DEBC671}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0A61B00-96A6-457F-AA5E-AFA5167852E5}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0A61B00-96A6-457F-AA5E-AFA5167852E5}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedCry.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBA63CAC-9913-4A13-9212-E97BB70C05C9}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3271080-C57A-4520-8066-337AD212D7E0}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55F0A34-4286-4094-905E-75CBD8BF0776}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\sosbutton.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55F0A34-4286-4094-905E-75CBD8BF0776}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\SOSBUT~1.OCX, 30000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8C78E98-0116-4491-9272-C7F8B0A02E0D}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Radialpoint.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8C78E98-0116-4491-9272-C7F8B0A02E0D}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Radialpoint.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3E95E1D-D003-42A0-91FD-465DC624BC7A}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D865F1E7-BAC6-4ECA-B37B-0A5DDFF2D031}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D865F1E7-BAC6-4ECA-B37B-0A5DDFF2D031}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedCry.dll, 111"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedZip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedZip.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E994B1F9-F7D0-11D6-A2A1-0010DC1D796E}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SMButton.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E994B1F9-F7D0-11D6-A2A1-0010DC1D796E}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\SMButton.ocx, 30000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|AxInterop.LocalBackupLib.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|ClientApi.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Common.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Integration.Ace.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Integration.Radialpoint.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Integration.Scheduler.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Integration.UploadAgent.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Integration.ZipLib.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.ADODB.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.ADOX.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.LocalBackupLib.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.Shell32.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.VSBackupVista.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.VSS.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.VSS2003.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.XceedEncryptionLib.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SMessaging.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SOS.Contracts.BackupServer.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SOS.Contracts.Infiniscale.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SOS.Contracts.Shared.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SOSLibrary.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SOSLiveProtect.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SStorage.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|VSBackupNet.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Xceed.Compression.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Xceed.Compression.Formats.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|XFileNet.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D03D33E5698D29D40B33F55418B99273]
"ProductName"="Strongvault Online Backup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A75C1FD-06B0-3CBB-B467-2545D4D6C865}]
@="_StrongName"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{579E93BC-FFAB-3B8D-9181-CE9C22B51915}]
@="_StrongNameMembershipCondition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F1562FB-0160-3655-BAEA-B15BEF609161}]
@="_StrongNameIdentityPermission"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF53D21A-D6AF-3406-B399-7DF9D2AAD48A}]
@="_StrongNamePublicKeyBlob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C9A740F4-26E9-39A8-8885-8CA26BD79B21}]
@="_StrongNameIdentityPermissionAttribute"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC4963CB-E52B-32D8-A418-D058FA51A1FA}]
@="_StrongNameKeyPair"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051B-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051C-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051D-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051E-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051F-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000520-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000521-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000523-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000524-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000525-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000526-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000527-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000528-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000529-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052A-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052B-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052C-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052E-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052F-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000530-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000531-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000532-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000533-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000540-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000541-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000542-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000543-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000544-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000545-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000546-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000547-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000548-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000549-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000054A-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000054B-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000552-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000553-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000554-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000570-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000571-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000573-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000574-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000576-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000577-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057A-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057B-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057C-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057D-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057E-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2AC1B0DF-D478-3140-999B-BEB56A4AA112}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{43EA8D11-CE4A-355B-83DB-A414D5D3A431}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{49735749-147A-300B-8986-004FC837C083}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{4CDEE1C3-5A1B-350E-A3F9-F9F7F7C95CAC}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{63033C5B-3DD7-3B07-ADF8-15EEE68AA14F}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{793FC64C-92D4-36C2-8D76-29ADE5ACC998}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{7E632ADF-9D4A-374C-AD52-25A9213987EE}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{7F564B7C-5B6C-3AB9-B8FD-109554AE454B}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{898CF1A5-06A2-30B5-8088-F9E7A66A4143}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9080C45E-594C-3768-A294-C1B261ECD5F9}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9558E2B7-51E3-315A-A409-2F1E30A23EFA}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9B09BB39-AEDE-3F55-AAF4-804064565E97}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A56187C5-D690-4037-AE32-A00EDC376AC3}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A700FB12-17FC-3877-A874-00C31AFED422}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A9BA0EB6-3DA2-3A7A-B296-7FF4F611FD80}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BFBCF6E9-EE8C-366E-8DD2-34AFB7637D06}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{C0CAD8CE-F322-3633-865B-FE9CF09B81BA}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{D3BDD942-66D3-3156-B238-DE8B9720F37F}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{D95DA0A3-AB54-356D-9050-B986DBD6A11A}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{DD4CB1CF-E6F7-3A03-A77E-ED44939DD4CF}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{DFF05178-341C-396F-A898-50DDBC699024}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{E221116A-32CE-36C4-990E-4E731DF815F5}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{E8F7B742-5831-3A24-8C7F-30A77C99DA9B}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{F757B661-E287-3E2F-AF82-74FD2DF87F46}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FFC6D718-C67D-34B7-A64F-5B2235F83C11}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOS Online Backup\shell\open\command]
@=""C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SStorage.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656C7-0515-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\ASYNCH~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656C7-0515-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656CB-0515-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\BACKUP~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656CB-0515-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656DD-0515-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\AXLOCA~1.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{492E7335-C8AC-4F5F-B307-B8176C3954BE}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\vsscopy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{492E7335-C8AC-4F5F-B307-B8176C3954BE}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{55A560A7-E3F9-4790-8D22-F3A97009AC8F}\1.1\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{55A560A7-E3F9-4790-8D22-F3A97009AC8F}\1.1\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705B0-0509-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\CLIENT~1.TLB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705B0-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705C9-0509-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\INTEGR~2.TLB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705C9-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705CF-0509-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\INTEGR~1.TLB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705CF-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{57170602-0509-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\AXUTIL~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{57170602-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{57170609-0509-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\VSBACK~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{57170609-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9760A2BE-C7C2-4690-AAC8-E64EFEDF1BB5}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\INTEGR~3.TLB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9760A2BE-C7C2-4690-AAC8-E64EFEDF1BB5}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF0830DA-D0C3-4FBE-814C-56444666D9F0}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XFileNet.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF0830DA-D0C3-4FBE-814C-56444666D9F0}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D8F0BDA9-3F22-4FA0-B695-8DEC09CAD0EB}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\SOSBUT~1.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D8F0BDA9-3F22-4FA0-B695-8DEC09CAD0EB}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}\5.2\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedZip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}\5.2\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E994B1F7-F7D0-11D6-A2A1-0010DC1D796E}\13.1\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\SMButton.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E994B1F7-F7D0-11D6-A2A1-0010DC1D796E}\13.1\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE757A1F-B0AC-40BC-9E72-B8651740F53E}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\ARPROG~1.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE757A1F-B0AC-40BC-9E72-B8651740F53E}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001]
"Name"="Microsoft Strong Cryptographic Provider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\{5E33D30D-D896-4D92-B033-5F45819B2937}\2013.01.21.20.36.00]
"ProductName"="Strongvault Online Backup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\{5E33D30D-D896-4D92-B033-5F45819B2937}\2013.01.31.23.38.52]
"ProductName"="Strongvault Online Backup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0028319EE76A0AF4C895AC3DB9D25549]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SOSLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E5B905281870146993174B9F1C0E8A]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\db_tbl_Protect.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0218C651CB3C15341B72CEAFE6AB3761]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Desktop.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0468DC7D996F00549825517A8F78244B]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\v2_template.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0641ADDED2946D846B0C3857B4AF8FFF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsparamlist1.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06665F8EC2D4B1D438E36E291B211956]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\090A98670355481408E66189F6AA2732]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.VSBackupVista.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A535FA4A9C336A48960C0313F6AD3AE]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\upgrade-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C4156C4D87FB854B8E37962DEE95688]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\8bit_blue.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CECF012AE967AC47A7FFA0E5C44B333]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Xceed.Compression.Formats.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1001AD44426ACC542AFB2876876A3ED7]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_preview.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\102F409877D607A43A2F1BF966DFDE57]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\setup-localbackup-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10C07AF04C6F8184080B7B633417C8DD]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuDelete.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\148B938D6DC2A67459198944B88130C1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\EULA.rtf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15FE9B6CD77C6D3488CC963B6DD7D14E]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_info.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17315D5ECED7AAD44A86A597D94E1CB2]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\Logo.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21E90E23F195ADF48B42D68192E621ED]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Radialpoint.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21F4A9464956A014F97ACF50D8355EA1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2246B085131840A44B6308FA0573F475]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MessageScreen.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\242AA9674C4E4304FAECB0352F27810B]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\setup-onlinebackup-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\24E89F9CAC84D6244B0F720153962A30]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuRecover.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28CE223564BE5C34F9D1A3FD20D01066]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\BackupEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\293EA2DC2CF4E0F4DBA6B16618CA6615]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SosLocalBackup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B678BBDB32EC5742907925AF5A7AC7F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.VSS2003.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C7618CF788277D448016A23C666F2F1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\setup-onlinebackup-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D0A8FD0AC70B814DB761F54DE38083D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\sos.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\318B61513185E17498F62B14A790C240]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsprotect.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\328443C8E47646B479AAFA9B84D6943D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsrecoverdown.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\363262BE17F423741BB38A14DD4BAB48]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_custom.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38036F69D72A1214F8ED971AC60342CB]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\localbackup.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\380F0BF2F6E2BDF40B528B928F504E5F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\db\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C41C42044C51E44185B43E0A718941C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\DownCache\dl\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DF7B35D5584D7949905339A21B8FC8E]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Radialpoint.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EF9B1589B6EF8E4BA08BB13C63500A3]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\totalbackground.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4031852D179623F4FB937F07DC20C9B1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\run-now-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\40CE21DBC9DC57D4F98338935DA0EF3C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\run-now-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\410388B196127524DBD3163CE50F430F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\AgentHeader.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\441899766119C2645AFD9F90FF80E369]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SStorage.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\465234DC5BF81F149B119AF2134073BE]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Temporary\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\483D46D3935A0C64197E853E6E17F9C4]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\xd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49240D2EE02622D49BE004B08046E562]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ARProgBar.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\498BD2DDAC9607C4797C72D8CD63800D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\ClassicViewLogo.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49C6232655479F24AB8ABA72F27134BA]
"00000000000000000000000000000000"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\dbConfig.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49C6232655479F24AB8ABA72F27134BA]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\dbConfig.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D9DD7321CF52D47AD6054819E1472D]
"00000000000000000000000000000000"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D9DD7321CF52D47AD6054819E1472D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CC2E209154DCD040976E3EBFB90C52C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4E55748781E6E5A48831CFCDD2628D1F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\outline.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50B8B9751A3D24143BF3E9668E0FA0FF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\backup-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53CB75FA3F52C9F4DAFAC795E5B453C2]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\support-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\557793B82AB843340A6FA69A4308B9E5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\client.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\58984B9D72ED1BD4893538C370A3BD1B]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_images.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A509BF2C4C4A6846A04E509399D0150]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\backup-active.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B16DABAD56F3BD4F87C6D021465E99D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\functions.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B924E6473F66894AB1099CD2A044410]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\Background.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DE7E011F7226B34B9EE3792F8F9243A]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\support-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5F98CB1D1ACB7114BBF07A2E313D80EB]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\sosbutton.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5FA272C8FBA9B6B48A321452A1F97624]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\BackupEngine.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\616A294BAE84BF74C9C9818DE3D5F5E1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ACEV2.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61DC3683EBF13B34DB862B2339A8106D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\WaitAjaxBig.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62F9C82BBDCB1484389523826BBB40BF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\packages\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65B266172E550014A8F106C1878133EE]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxUtilities.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66922D3619BB88D45B125A85528DBA19]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-online-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\677220DB1D15CDE478DC959CF1FDE777]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Ace.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E2B24F7D62AF04491FE0F98A0C81D4]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuBackupNow.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D2A9CE3E36560459A57DCE4C8F5F17]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsrecovervb.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1418605CC9C8246BC1186D849A71CC]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SOSLiveProtect.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6CC703ED9FEC95E43A00C4F155C30AEB]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_music.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB1632185D628A48A6329BAF490AA40]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-local-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\708A6D6F1EBA257408C30A744A06FA61]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71638FAB16EEF754BAE098FA529C35C6]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74E0564F1CEA23043AA74AAF78016FFA]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\ctxmenu.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76312A2D6F1681C43B100591A075747E]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.XceedEncryptionLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CA9F0C06312DB241A012B4830ED5144]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\utilities.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\80398612329817D4E926401A89824510]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.VSS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\821E5286D5295D34F8982C81F3EEB50D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.LocalBackupLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83BACE7F4F93E8D4395F344684D348CF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SOS.Contracts.Infiniscale.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84428D2071153314EB2AFBB3906584E5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedZip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86216DA7B22ADDC4490B47737AD74B8F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuWizard.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8811D6203BC0F9E4B8DC5C59FBFCFE7C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\support-active.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88563142E6B594B41A81E1B0BB1C09B9]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\setup-localbackup-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88D6F49B3F8F5844193AA1ABBC964165]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\898EB4761011B4349B9FD1B768A3A886]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\WaitAjaxSmall.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A89F1027B6713A4E856D7DBB5FA670D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\CtxMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BA539EE965498543875FE011698A3EF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BAA3713129C7704C8ED7B6C9658D78E]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.ZipLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C2D1D48E4A9D124F93FC0AB7AD265C5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\cache\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CEB25BFE4940E04ABA83475C015C5E7]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Scheduler.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DE114B99A6D67842B7367E0FD51E73C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_video.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8E9BCA1B31270384BB901FE0E57BCB29]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\LaunchForm_Background.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F52846157750B04F87CEEED251745D4]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\EncryptedFiles\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F590C29BAA0D654C98E760D6B3DA42C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsparamlist3.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9138D9016F6015940A30A26419399201]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\93B515D0FBA3D614FB67F8EEA49B6446]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\BackgroundHomePage.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\944BA28930B5C7A45810F332157AE0BE]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\DownCache\unzip\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94716F3F836159448B79C0B40268B643]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\localbackup_gray.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95332A6AF155337469C882993066014D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SOS.Contracts.BackupServer.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9615AFBF9B96CA047A7A3858E37CF063]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuUpgrade.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\998EC66B235957C43944C8FB40A02F39]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9B33D711569473C40A2036E0A4ACAB9D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Xceed.Compression.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9B45FC13851C35042AF9766B9F21EFAD]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_custom2.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3C1CB00F0B512347A60A6FD24EEA878]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuRefresh.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A623B48DA4032B24ABB31F45D2292A1C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\DownCache\decrypt\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8FCB0053C7064F4AB8C7A80D2F28154]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\db_tbl_tempProtect.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACAC3F703F1EC6748BAD475D047DB4C0]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SOS.Contracts.Shared.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B0E154ED0499EA148A4F90EC94B52CB2]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsparamlist2.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B249DCE7CC2CD964B813A1FD911A908B]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B398FC96CFF302A4B8AAEF77A24E2F33]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Recover\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5CBA1F09447E2E4FAD21D28C8C0C50A]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxInterop.LocalBackupLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7B22A4337BF50343AB26C05518073EC]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuAbout.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAB9786E3F0769341885A739A428A373]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\localbackup_failed.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE5AA3BC761F64468006D8DDE1965CB]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\UpgradeAccountMessageBoxBackgroundImage.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C28DD4A9570C608479062073D4FA78AF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\package_meta_data.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C356FD6256CA7294A96F7E46958141E6]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxLocalBackup.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C452DC4EDF8EBC547BF0085DC6CF4CB5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\auth.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A33BC42BDC2AB4291B2F1E86034EA0]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-local-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6809809B0BC9BE4EB68213ED7C702EF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Refresh.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C68F601A135CF48418D686C565CA9665]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\8bit_gray.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9683EB4435FDF54DA4911E34D290E9D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA99CCB56BA67FF41BB7ECA255494820]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\bulkWebMethods.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE47919E90E61044CB4294842B8E10FF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFC9D8F0DFACA334486EEB85E1D35267]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\WaitBoxBackground.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D17BC7A3737826C40BA093168E38DEB6]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\vsscopy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2F707824F434D94C9FA92350FC74600]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsconfig.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6160243B9809BD44A88E24E24A04916]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\sosuploadagent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8F5D4109F2353C4387CA2E8CD5D7BC1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\LocalBackupBackground.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8F84F1A86EE36B4D8489F9F5D1572D1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-online-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9D88B2FDF8E95641BB5F9053B951FC6]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AsynchWSCall.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF0FF137C5A5B3543A319CB90DA7520F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFA101FF5559F8E4584D71934D0FF897]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.Shell32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFB5E4346B4C76F49A38A7F4FDE8B0D5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\DownCache\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E15CBA898165F774595C7F31A2C40DE9]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SOSico.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E64F9CE3097E6F0479E012F5FA05BB2F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsstrrecovervb.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E7107FDBA074ABF4EB3C5407BD23D29C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupVista.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E89DF9419F114C24F8C4DEE39331D459]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_documents.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8C1C9B7A1FE1334FAFC09D5FB010024]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-active.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E92A3D73518CF4A43B66D5811213B1BF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsparamlist4.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E9CCFFA6134683945896AF9E06F01EF5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EB871C5B10F65A745A595FCE2B3E93E6]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ECC63B060B57435469EF4BCDB96D5CCB]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsprocess2.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F09425F4D39A06C4681B504C27E824E7]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\ProtectService.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F09787E26D6C1C04AB4D9007F0F248F5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Scheduler.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1EB06EAA759CE5418DF72D8D97514F0]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\liveprotect.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F309E50BF9323B440BC54AA3939C8F70]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsprocess1.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F32B784171C4E9E42B767BA5CC803143]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SMButton.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6705417727A9C0428625D40ACFD8757]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Common.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6DA45439AEB3CC4FB2038F0391FC34A]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\backupReportEmailTemplate.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8CCA72247E66A24AB50E5FB6DA0D0E0]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FAFD02A83605DE141816B39C9F6B565C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\backup-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE0B970C692C2E642BC297AAAA08AB9E]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\upgrade-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireStrongKey]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireStrongKey]
"DisplayName"="Domain member: Require strong (Windows 2000 or later) session key"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Firewall\Policy\6]
"Filename"="C:\Program Files\Strongvault Online Backup\BackupLauncher.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Firewall\Policy\6]
"DeviceName"="C:\Program Files\Strongvault Online Backup\BackupLauncher.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Firewall\Policy\7]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Firewall\Policy\7]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\11]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\11]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\12]
"Filename"="C:\Program Files\Strongvault Online Backup\BackupLauncher.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\12]
"DeviceName"="C:\Program Files\Strongvault Online Backup\BackupLauncher.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\56\Rules\14\Allowed\6]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\56\Rules\14\Allowed\6]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\57\Rules\14\Allowed\6]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\57\Rules\14\Allowed\6]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\58\Rules\14\Allowed\6]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\58\Rules\14\Allowed\6]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\59\Rules\14\Allowed\6]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\59\Rules\14\Allowed\6]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\60\Rules\14\Allowed\6]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\60\Rules\14\Allowed\6]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Macromedia\FlashPlayerUpdate]
"description"="<XML><update version="11,5,502,110"><description>mshtml:

An update to your Adobe Flash Player is available

*New Features:*


Enhanced debugging capabilities
Security enhancements
Reduced memory usage
</description></update>message "New Features:

Enhanced debugging capabilities
Security enhancements
Reduced memory usage
";size 740 440;autoUpdateMode 2;</meta></XML>"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Strong Vault"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"006"="strongvault"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\Owner\Desktop\Strong Vault_3.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"d"="C:\Documents and Settings\Owner\Desktop\Strong Vault_3.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"g"="C:\Documents and Settings\Owner\Desktop\Strong Vault.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"h"="C:\Documents and Settings\Owner\Desktop\Strong Vault_2.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"j"="C:\Documents and Settings\Owner\Desktop\Strong Vault_1.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\strongesthosting.com]

-= EOF =-


----------



## jlski (Dec 2, 2002)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:09 on 02/02/2013 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*strong*"
C:\Documents and Settings\Owner\Desktop\Strong Vault_1.gif	--a---- 84114 bytes	[23:18 01/02/2013]	[23:18 01/02/2013] 28264C4189424FFBA2BC7A559803E3B1
C:\Documents and Settings\Owner\Desktop\Strong Vault_2.gif	--a---- 34953 bytes	[23:21 01/02/2013]	[23:21 01/02/2013] 87F0C16CD4F99621C7B3253B50701179
C:\Documents and Settings\Owner\Desktop\Strong Vault_3.gif	--a---- 40335 bytes	[20:58 02/02/2013]	[20:58 02/02/2013] 1A53F1B6D9392586C7CBD0A477C8FBF9
C:\Documents and Settings\Owner\My Documents\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\I Want to Join Health Program - Deborah M Armstrong.eml	--a---- 3864 bytes	[23:12 17/10/2009]	[23:12 17/10/2009] FA3DA5AB942AEDAA1449D3D868C9BDEF
C:\Documents and Settings\Owner\My Documents\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\ICC Order Confirmation - Deborah M Armstrong.eml	--a---- 19078 bytes	[16:28 18/10/2009]	[16:28 18/10/2009] 5AC9056FAA64637554BC380662256374
C:\Documents and Settings\Owner\My Documents\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\Please Register Me for KFG - Deborah M_ Armstrong.eml	--a---- 3685 bytes	[21:54 18/10/2009]	[21:54 18/10/2009] A9B91167109E3005D5FC4121AAFBCE66
C:\Documents and Settings\Owner\My Documents\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\Welcome New ICC Member - Deborah M Armstrong.eml	--a---- 24687 bytes	[16:28 18/10/2009]	[16:28 18/10/2009] 5D50379E54550B795F50FB39E4263901
C:\Documents and Settings\Owner\Recent\Strong Vault.lnk	--a---- 507 bytes	[23:18 01/02/2013]	[23:18 01/02/2013] A9BDE74CA8EDD8F42B122ACBB9139DC8
C:\Documents and Settings\Owner\Recent\Strong Vault_1.lnk	--a---- 513 bytes	[23:24 01/02/2013]	[23:24 01/02/2013] 026CB9741B44EED172280858D8DDF149
C:\Documents and Settings\Owner\Recent\Strong Vault_2.lnk	--a---- 513 bytes	[23:21 01/02/2013]	[23:24 01/02/2013] 77B0DED177B0EA8448F6B418E135F9A9
C:\Documents and Settings\Owner\Recent\Strong Vault_3.lnk	--a---- 513 bytes	[20:58 02/02/2013]	[21:04 02/02/2013] 2D6A2ABB8320D9C3B7BA834711358ED6
C:\My Flash Drive\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\I Want to Join Health Program - Deborah M Armstrong.eml	--a---- 3864 bytes	[13:54 12/09/2010]	[23:12 17/10/2009] FA3DA5AB942AEDAA1449D3D868C9BDEF
C:\My Flash Drive\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\ICC Order Confirmation - Deborah M Armstrong.eml	--a---- 19078 bytes	[13:54 12/09/2010]	[16:29 18/10/2009] 5AC9056FAA64637554BC380662256374
C:\My Flash Drive\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\Please Register Me for KFG - Deborah M_ Armstrong.eml	--a---- 3685 bytes	[13:54 12/09/2010]	[21:54 18/10/2009] A9B91167109E3005D5FC4121AAFBCE66
C:\My Flash Drive\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG\Welcome New ICC Member - Deborah M Armstrong.eml	--a---- 24687 bytes	[13:54 12/09/2010]	[16:28 18/10/2009] 5D50379E54550B795F50FB39E4263901

========== folderfind ==========

Searching for "*strong*"
C:\Documents and Settings\Owner\My Documents\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG	d------	[21:45 17/10/2009]
C:\MATS\{5E33D30D-D896-4D92-B033-5F45819B2937}\FileBackup\C\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup	d------	[05:39 01/02/2013]
C:\My Flash Drive\ICC_KFG Members\1_Place Memberships\1_Registered Members\Armstrong Deborah M_REG	d------	[13:54 12/09/2010]

========== regfind ==========

Searching for "strong"
[HKEY_CURRENT_USER\Software\Macromedia\FlashPlayerUpdate]
"description"="<XML><update version="11,5,502,110"><description>mshtml:

An update to your Adobe Flash Player is available

*New Features:*


Enhanced debugging capabilities
Security enhancements
Reduced memory usage
</description></update>message "New Features:

Enhanced debugging capabilities
Security enhancements
Reduced memory usage
";size 740 440;autoUpdateMode 2;</meta></XML>"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Strong Vault"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"006"="strongvault"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\Owner\Desktop\Strong Vault_3.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"d"="C:\Documents and Settings\Owner\Desktop\Strong Vault_3.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"g"="C:\Documents and Settings\Owner\Desktop\Strong Vault.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"h"="C:\Documents and Settings\Owner\Desktop\Strong Vault_2.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"j"="C:\Documents and Settings\Owner\Desktop\Strong Vault_1.gif"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\strongesthosting.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000050B-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000050B-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000514-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000514-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000535-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000535-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000560-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000560-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000602-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000602-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000609-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000609-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000615-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000615-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000618-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000618-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000061B-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000061B-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000061E-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000061E-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000621-0000-0010-8000-00AA006D2EA4}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000621-0000-0010-8000-00AA006D2EA4}\InprocServer32\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231D1CF6-C578-411D-9B9B-48264355805D}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26E85C60-8A6C-4A8B-9997-C7A9B220D7C3}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\vsscopy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D171AB1-5132-43C5-9591-96F98911791E}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D171AB1-5132-43C5-9591-96F98911791E}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F64966B-C771-4128-B3AF-F9EF9C575322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\vsscopy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656C6-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AsynchWSCall.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656DA-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\BackupEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656DB-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\BackupEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656E3-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxLocalBackup.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656E3-0515-11E0-B88E-001D60AF2322}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\AXLOCA~1.OCX, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656E6-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxLocalBackup.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C656E8-0515-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxLocalBackup.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedZip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedZip.dll, 104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705B3-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705B3-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705CB-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Scheduler.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705CB-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Scheduler.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705D6-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705D6-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705DA-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705DA-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EA-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EA-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EC-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EC-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EE-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705EE-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F0-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F0-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F3-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F3-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F5-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F5-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F7-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F7-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F9-0509-11E0-B88E-001D60AF2322}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571705F9-0509-11E0-B88E-001D60AF2322}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57170605-0509-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxUtilities.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57170608-0509-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupVista.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57170608-0509-11E0-B88E-001D60AF2322}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\VSBACK~1.DLL, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5717060C-0509-11E0-B88E-001D60AF2322}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\CtxMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ADE76BA-7AF7-44BF-B0C5-A946534F1EBA}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ARProgBar.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ADE76BA-7AF7-44BF-B0C5-A946534F1EBA}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\ARPROG~1.OCX, 30000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC04D5B-19A8-45EE-BCB0-6FE0067F9468}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC04D5B-19A8-45EE-BCB0-6FE0067F9468}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedCry.dll, 109"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90FDB7BD-EB76-4AC9-8385-D1EE80BBCDCD}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A02A65C1-50E4-4E5D-B9D0-625D5DEBC671}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0A61B00-96A6-457F-AA5E-AFA5167852E5}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0A61B00-96A6-457F-AA5E-AFA5167852E5}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedCry.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBA63CAC-9913-4A13-9212-E97BB70C05C9}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3271080-C57A-4520-8066-337AD212D7E0}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55F0A34-4286-4094-905E-75CBD8BF0776}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\sosbutton.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55F0A34-4286-4094-905E-75CBD8BF0776}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\SOSBUT~1.OCX, 30000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8C78E98-0116-4491-9272-C7F8B0A02E0D}\InprocServer32]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Radialpoint.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8C78E98-0116-4491-9272-C7F8B0A02E0D}\InprocServer32\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Radialpoint.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3E95E1D-D003-42A0-91FD-465DC624BC7A}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D865F1E7-BAC6-4ECA-B37B-0A5DDFF2D031}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D865F1E7-BAC6-4ECA-B37B-0A5DDFF2D031}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedCry.dll, 111"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedZip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedZip.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E994B1F9-F7D0-11D6-A2A1-0010DC1D796E}\InprocServer32]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SMButton.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E994B1F9-F7D0-11D6-A2A1-0010DC1D796E}\ToolboxBitmap32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\SMButton.ocx, 30000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|AxInterop.LocalBackupLib.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|ClientApi.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Common.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Integration.Ace.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Integration.Radialpoint.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Integration.Scheduler.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Integration.UploadAgent.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Integration.ZipLib.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.ADODB.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.ADOX.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.LocalBackupLib.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.Shell32.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.VSBackupVista.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.VSS.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.VSS2003.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Interop.XceedEncryptionLib.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SMessaging.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SOS.Contracts.BackupServer.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SOS.Contracts.Infiniscale.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SOS.Contracts.Shared.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SOSLibrary.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SOSLiveProtect.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|SStorage.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|VSBackupNet.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Xceed.Compression.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|Xceed.Compression.Formats.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|Owner|Local Settings|Application Data|Strongvault Online Backup|XFileNet.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D03D33E5698D29D40B33F55418B99273]
"ProductName"="Strongvault Online Backup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A75C1FD-06B0-3CBB-B467-2545D4D6C865}]
@="_StrongName"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{579E93BC-FFAB-3B8D-9181-CE9C22B51915}]
@="_StrongNameMembershipCondition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F1562FB-0160-3655-BAEA-B15BEF609161}]
@="_StrongNameIdentityPermission"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF53D21A-D6AF-3406-B399-7DF9D2AAD48A}]
@="_StrongNamePublicKeyBlob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C9A740F4-26E9-39A8-8885-8CA26BD79B21}]
@="_StrongNameIdentityPermissionAttribute"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC4963CB-E52B-32D8-A418-D058FA51A1FA}]
@="_StrongNameKeyPair"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051B-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051C-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051D-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051E-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000051F-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000520-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000521-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000523-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000524-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000525-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000526-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000527-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000528-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000529-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052A-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052B-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052C-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052E-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000052F-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000530-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000531-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000532-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000533-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000540-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000541-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000542-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000543-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000544-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000545-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000546-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000547-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000548-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000549-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000054A-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000054B-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000552-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000553-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000554-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000570-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000571-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000573-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000574-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000576-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00000577-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057A-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057B-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057C-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057D-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0000057E-0000-0010-8000-00AA006D2EA4}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2AC1B0DF-D478-3140-999B-BEB56A4AA112}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{43EA8D11-CE4A-355B-83DB-A414D5D3A431}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{49735749-147A-300B-8986-004FC837C083}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{4CDEE1C3-5A1B-350E-A3F9-F9F7F7C95CAC}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{63033C5B-3DD7-3B07-ADF8-15EEE68AA14F}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{793FC64C-92D4-36C2-8D76-29ADE5ACC998}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{7E632ADF-9D4A-374C-AD52-25A9213987EE}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{7F564B7C-5B6C-3AB9-B8FD-109554AE454B}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{898CF1A5-06A2-30B5-8088-F9E7A66A4143}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9080C45E-594C-3768-A294-C1B261ECD5F9}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9558E2B7-51E3-315A-A409-2F1E30A23EFA}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9B09BB39-AEDE-3F55-AAF4-804064565E97}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A56187C5-D690-4037-AE32-A00EDC376AC3}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A700FB12-17FC-3877-A874-00C31AFED422}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{A9BA0EB6-3DA2-3A7A-B296-7FF4F611FD80}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BFBCF6E9-EE8C-366E-8DD2-34AFB7637D06}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{C0CAD8CE-F322-3633-865B-FE9CF09B81BA}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{D3BDD942-66D3-3156-B238-DE8B9720F37F}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{D95DA0A3-AB54-356D-9050-B986DBD6A11A}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{DD4CB1CF-E6F7-3A03-A77E-ED44939DD4CF}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{DFF05178-341C-396F-A898-50DDBC699024}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{E221116A-32CE-36C4-990E-4E731DF815F5}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADOX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{E8F7B742-5831-3A24-8C7F-30A77C99DA9B}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{F757B661-E287-3E2F-AF82-74FD2DF87F46}\5.0.2.34]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FFC6D718-C67D-34B7-A64F-5B2235F83C11}\2.8.0.0]
"CodeBase"="file:///C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOS Online Backup\shell\open\command]
@=""C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SStorage.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656C7-0515-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\ASYNCH~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656C7-0515-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656CB-0515-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\BACKUP~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656CB-0515-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44C656DD-0515-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\AXLOCA~1.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{492E7335-C8AC-4F5F-B307-B8176C3954BE}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\vsscopy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{492E7335-C8AC-4F5F-B307-B8176C3954BE}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{55A560A7-E3F9-4790-8D22-F3A97009AC8F}\1.1\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{55A560A7-E3F9-4790-8D22-F3A97009AC8F}\1.1\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705B0-0509-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\CLIENT~1.TLB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705B0-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705C9-0509-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\INTEGR~2.TLB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705C9-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705CF-0509-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\INTEGR~1.TLB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{571705CF-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{57170602-0509-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\AXUTIL~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{57170602-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{57170609-0509-11E0-B88E-001D60AF2322}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\VSBACK~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{57170609-0509-11E0-B88E-001D60AF2322}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9760A2BE-C7C2-4690-AAC8-E64EFEDF1BB5}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\INTEGR~3.TLB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9760A2BE-C7C2-4690-AAC8-E64EFEDF1BB5}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF0830DA-D0C3-4FBE-814C-56444666D9F0}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XFileNet.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF0830DA-D0C3-4FBE-814C-56444666D9F0}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D8F0BDA9-3F22-4FA0-B695-8DEC09CAD0EB}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\SOSBUT~1.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D8F0BDA9-3F22-4FA0-B695-8DEC09CAD0EB}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}\5.2\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\XceedZip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}\5.2\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E994B1F7-F7D0-11D6-A2A1-0010DC1D796E}\13.1\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\SMButton.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E994B1F7-F7D0-11D6-A2A1-0010DC1D796E}\13.1\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE757A1F-B0AC-40BC-9E72-B8651740F53E}\1.0\0\win32]
@="C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\STRONG~2\ARPROG~1.OCX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE757A1F-B0AC-40BC-9E72-B8651740F53E}\1.0\HELPDIR]
@="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001]
"Name"="Microsoft Strong Cryptographic Provider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\{5E33D30D-D896-4D92-B033-5F45819B2937}\2013.01.21.20.36.00]
"ProductName"="Strongvault Online Backup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\{5E33D30D-D896-4D92-B033-5F45819B2937}\2013.01.31.23.38.52]
"ProductName"="Strongvault Online Backup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0028319EE76A0AF4C895AC3DB9D25549]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SOSLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E5B905281870146993174B9F1C0E8A]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\db_tbl_Protect.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0218C651CB3C15341B72CEAFE6AB3761]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Desktop.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0468DC7D996F00549825517A8F78244B]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\v2_template.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0641ADDED2946D846B0C3857B4AF8FFF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsparamlist1.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06665F8EC2D4B1D438E36E291B211956]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\090A98670355481408E66189F6AA2732]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.VSBackupVista.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A535FA4A9C336A48960C0313F6AD3AE]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\upgrade-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C4156C4D87FB854B8E37962DEE95688]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\8bit_blue.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CECF012AE967AC47A7FFA0E5C44B333]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Xceed.Compression.Formats.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1001AD44426ACC542AFB2876876A3ED7]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_preview.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\102F409877D607A43A2F1BF966DFDE57]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\setup-localbackup-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10C07AF04C6F8184080B7B633417C8DD]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuDelete.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\148B938D6DC2A67459198944B88130C1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\EULA.rtf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15FE9B6CD77C6D3488CC963B6DD7D14E]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_info.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17315D5ECED7AAD44A86A597D94E1CB2]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\Logo.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21E90E23F195ADF48B42D68192E621ED]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Radialpoint.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21F4A9464956A014F97ACF50D8355EA1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2246B085131840A44B6308FA0573F475]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MessageScreen.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\242AA9674C4E4304FAECB0352F27810B]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\setup-onlinebackup-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\24E89F9CAC84D6244B0F720153962A30]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuRecover.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28CE223564BE5C34F9D1A3FD20D01066]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\BackupEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\293EA2DC2CF4E0F4DBA6B16618CA6615]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SosLocalBackup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B678BBDB32EC5742907925AF5A7AC7F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.VSS2003.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C7618CF788277D448016A23C666F2F1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\setup-onlinebackup-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D0A8FD0AC70B814DB761F54DE38083D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\sos.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\318B61513185E17498F62B14A790C240]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsprotect.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\328443C8E47646B479AAFA9B84D6943D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsrecoverdown.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\363262BE17F423741BB38A14DD4BAB48]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_custom.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38036F69D72A1214F8ED971AC60342CB]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\localbackup.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\380F0BF2F6E2BDF40B528B928F504E5F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\db\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C41C42044C51E44185B43E0A718941C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\DownCache\dl\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DF7B35D5584D7949905339A21B8FC8E]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Radialpoint.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EF9B1589B6EF8E4BA08BB13C63500A3]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\totalbackground.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4031852D179623F4FB937F07DC20C9B1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\run-now-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\40CE21DBC9DC57D4F98338935DA0EF3C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\run-now-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\410388B196127524DBD3163CE50F430F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\AgentHeader.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\441899766119C2645AFD9F90FF80E369]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SStorage.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\465234DC5BF81F149B119AF2134073BE]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Temporary\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\483D46D3935A0C64197E853E6E17F9C4]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\xd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49240D2EE02622D49BE004B08046E562]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ARProgBar.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\498BD2DDAC9607C4797C72D8CD63800D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\ClassicViewLogo.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49C6232655479F24AB8ABA72F27134BA]
"00000000000000000000000000000000"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\dbConfig.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49C6232655479F24AB8ABA72F27134BA]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\dbConfig.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D9DD7321CF52D47AD6054819E1472D]
"00000000000000000000000000000000"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D9DD7321CF52D47AD6054819E1472D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CC2E209154DCD040976E3EBFB90C52C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4E55748781E6E5A48831CFCDD2628D1F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\outline.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50B8B9751A3D24143BF3E9668E0FA0FF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\backup-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53CB75FA3F52C9F4DAFAC795E5B453C2]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\support-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\557793B82AB843340A6FA69A4308B9E5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\client.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\58984B9D72ED1BD4893538C370A3BD1B]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_images.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A509BF2C4C4A6846A04E509399D0150]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\backup-active.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B16DABAD56F3BD4F87C6D021465E99D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\functions.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B924E6473F66894AB1099CD2A044410]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\Background.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DE7E011F7226B34B9EE3792F8F9243A]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\support-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5F98CB1D1ACB7114BBF07A2E313D80EB]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\sosbutton.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5FA272C8FBA9B6B48A321452A1F97624]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\BackupEngine.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\616A294BAE84BF74C9C9818DE3D5F5E1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ACEV2.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61DC3683EBF13B34DB862B2339A8106D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\WaitAjaxBig.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62F9C82BBDCB1484389523826BBB40BF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\packages\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65B266172E550014A8F106C1878133EE]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxUtilities.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66922D3619BB88D45B125A85528DBA19]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-online-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\677220DB1D15CDE478DC959CF1FDE777]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Ace.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E2B24F7D62AF04491FE0F98A0C81D4]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuBackupNow.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D2A9CE3E36560459A57DCE4C8F5F17]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsrecovervb.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1418605CC9C8246BC1186D849A71CC]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SOSLiveProtect.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6CC703ED9FEC95E43A00C4F155C30AEB]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_music.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB1632185D628A48A6329BAF490AA40]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-local-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\708A6D6F1EBA257408C30A744A06FA61]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XFileNet.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71638FAB16EEF754BAE098FA529C35C6]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.ADODB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74E0564F1CEA23043AA74AAF78016FFA]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\ctxmenu.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76312A2D6F1681C43B100591A075747E]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.XceedEncryptionLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CA9F0C06312DB241A012B4830ED5144]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\utilities.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\80398612329817D4E926401A89824510]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.VSS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\821E5286D5295D34F8982C81F3EEB50D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.LocalBackupLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83BACE7F4F93E8D4395F344684D348CF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SOS.Contracts.Infiniscale.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84428D2071153314EB2AFBB3906584E5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedZip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86216DA7B22ADDC4490B47737AD74B8F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuWizard.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8811D6203BC0F9E4B8DC5C59FBFCFE7C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\support-active.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88563142E6B594B41A81E1B0BB1C09B9]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\setup-localbackup-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88D6F49B3F8F5844193AA1ABBC964165]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\898EB4761011B4349B9FD1B768A3A886]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\WaitAjaxSmall.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A89F1027B6713A4E856D7DBB5FA670D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\CtxMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BA539EE965498543875FE011698A3EF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\ClientApi.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BAA3713129C7704C8ED7B6C9658D78E]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.ZipLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C2D1D48E4A9D124F93FC0AB7AD265C5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\cache\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CEB25BFE4940E04ABA83475C015C5E7]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Scheduler.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DE114B99A6D67842B7367E0FD51E73C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_video.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8E9BCA1B31270384BB901FE0E57BCB29]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\LaunchForm_Background.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F52846157750B04F87CEEED251745D4]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\EncryptedFiles\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F590C29BAA0D654C98E760D6B3DA42C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsparamlist3.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9138D9016F6015940A30A26419399201]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\93B515D0FBA3D614FB67F8EEA49B6446]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\BackgroundHomePage.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\944BA28930B5C7A45810F332157AE0BE]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\DownCache\unzip\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94716F3F836159448B79C0B40268B643]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\localbackup_gray.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95332A6AF155337469C882993066014D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SOS.Contracts.BackupServer.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9615AFBF9B96CA047A7A3858E37CF063]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuUpgrade.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\998EC66B235957C43944C8FB40A02F39]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9B33D711569473C40A2036E0A4ACAB9D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Xceed.Compression.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9B45FC13851C35042AF9766B9F21EFAD]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_custom2.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3C1CB00F0B512347A60A6FD24EEA878]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuRefresh.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A623B48DA4032B24ABB31F45D2292A1C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\DownCache\decrypt\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8FCB0053C7064F4AB8C7A80D2F28154]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\db_tbl_tempProtect.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACAC3F703F1EC6748BAD475D047DB4C0]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SOS.Contracts.Shared.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B0E154ED0499EA148A4F90EC94B52CB2]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsparamlist2.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B249DCE7CC2CD964B813A1FD911A908B]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B398FC96CFF302A4B8AAEF77A24E2F33]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Recover\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5CBA1F09447E2E4FAD21D28C8C0C50A]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxInterop.LocalBackupLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7B22A4337BF50343AB26C05518073EC]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\MenuIcons\MenuAbout.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAB9786E3F0769341885A739A428A373]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\localbackup_failed.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE5AA3BC761F64468006D8DDE1965CB]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\UpgradeAccountMessageBoxBackgroundImage.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C28DD4A9570C608479062073D4FA78AF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\package_meta_data.mdb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C356FD6256CA7294A96F7E46958141E6]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AxLocalBackup.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C452DC4EDF8EBC547BF0085DC6CF4CB5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\auth.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A33BC42BDC2AB4291B2F1E86034EA0]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-local-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6809809B0BC9BE4EB68213ED7C702EF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Refresh.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C68F601A135CF48418D686C565CA9665]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\8bit_gray.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9683EB4435FDF54DA4911E34D290E9D]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.UploadAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA99CCB56BA67FF41BB7ECA255494820]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\bulkWebMethods.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE47919E90E61044CB4294842B8E10FF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFC9D8F0DFACA334486EEB85E1D35267]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\WaitBoxBackground.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D17BC7A3737826C40BA093168E38DEB6]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\vsscopy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2F707824F434D94C9FA92350FC74600]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsconfig.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6160243B9809BD44A88E24E24A04916]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\sosuploadagent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8F5D4109F2353C4387CA2E8CD5D7BC1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\LocalBackupBackground.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8F84F1A86EE36B4D8489F9F5D1572D1]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-online-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9D88B2FDF8E95641BB5F9053B951FC6]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\AsynchWSCall.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF0FF137C5A5B3543A319CB90DA7520F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFA101FF5559F8E4584D71934D0FF897]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Interop.Shell32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFB5E4346B4C76F49A38A7F4FDE8B0D5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\DownCache\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E15CBA898165F774595C7F31A2C40DE9]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SOSico.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E64F9CE3097E6F0479E012F5FA05BB2F]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsstrrecovervb.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E7107FDBA074ABF4EB3C5407BD23D29C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupVista.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E89DF9419F114C24F8C4DEE39331D459]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\SmartScanner\icon_documents.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8C1C9B7A1FE1334FAFC09D5FB010024]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-active.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E92A3D73518CF4A43B66D5811213B1BF]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsparamlist4.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E9CCFFA6134683945896AF9E06F01EF5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\VSBackupNet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EB871C5B10F65A745A595FCE2B3E93E6]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\restore-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ECC63B060B57435469EF4BCDB96D5CCB]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsprocess2.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F09425F4D39A06C4681B504C27E824E7]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\ProtectService.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F09787E26D6C1C04AB4D9007F0F248F5]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Integration.Scheduler.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1EB06EAA759CE5418DF72D8D97514F0]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\liveprotect.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F309E50BF9323B440BC54AA3939C8F70]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\wsdl\wsprocess1.wsdl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F32B784171C4E9E42B767BA5CC803143]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\SMButton.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6705417727A9C0428625D40ACFD8757]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\Common.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6DA45439AEB3CC4FB2038F0391FC34A]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\resources\backupReportEmailTemplate.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8CCA72247E66A24AB50E5FB6DA0D0E0]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FAFD02A83605DE141816B39C9F6B565C]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\backup-hot.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE0B970C692C2E642BC297AAAA08AB9E]
"D03D33E5698D29D40B33F55418B99273"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault Online Backup\images\Wizards\upgrade-normal.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireStrongKey]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireStrongKey]
"DisplayName"="Domain member: Require strong (Windows 2000 or later) session key"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Firewall\Policy\6]
"Filename"="C:\Program Files\Strongvault Online Backup\BackupLauncher.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Firewall\Policy\6]
"DeviceName"="C:\Program Files\Strongvault Online Backup\BackupLauncher.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Firewall\Policy\7]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Firewall\Policy\7]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\11]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\11]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\12]
"Filename"="C:\Program Files\Strongvault Online Backup\BackupLauncher.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\12]
"DeviceName"="C:\Program Files\Strongvault Online Backup\BackupLauncher.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\56\Rules\14\Allowed\6]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\56\Rules\14\Allowed\6]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\57\Rules\14\Allowed\6]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\57\Rules\14\Allowed\6]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\58\Rules\14\Allowed\6]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\58\Rules\14\Allowed\6]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\59\Rules\14\Allowed\6]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\59\Rules\14\Allowed\6]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\60\Rules\14\Allowed\6]
"Filename"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\60\Rules\14\Allowed\6]
"DeviceName"="C:\Documents and Settings\Owner\Local Settings\Application Data\Strongvault\StrongVaultApp.exe"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Macromedia\FlashPlayerUpdate]
"description"="<XML><update version="11,5,502,110"><description>mshtml:

An update to your Adobe Flash Player is available

*New Features:*


Enhanced debugging capabilities
Security enhancements
Reduced memory usage
</description></update>message "New Features:

Enhanced debugging capabilities
Security enhancements
Reduced memory usage
";size 740 440;autoUpdateMode 2;</meta></XML>"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="Strong Vault"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"006"="strongvault"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\Documents and Settings\Owner\Desktop\Strong Vault_3.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"d"="C:\Documents and Settings\Owner\Desktop\Strong Vault_3.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"g"="C:\Documents and Settings\Owner\Desktop\Strong Vault.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"h"="C:\Documents and Settings\Owner\Desktop\Strong Vault_2.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\gif]
"j"="C:\Documents and Settings\Owner\Desktop\Strong Vault_1.gif"
[HKEY_USERS\S-1-5-21-2752115482-2144442535-3955104311-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\strongesthosting.com]

-= EOF =-


----------



## jlski (Dec 2, 2002)

Hi cookiegal. I tried posting the log three times but it wouldn't take. I have attached the log.


----------



## jlski (Dec 2, 2002)

Cookiegal, are you ok?


----------



## Cookiegal (Aug 27, 2003)

Sorry, I don't remember being notified of your reply.

I'm having lunch soon so I will review this information a little later on and post further instructions.


----------



## jlski (Dec 2, 2002)

Thank you cookiegal. So happy you are ok. Believe it or not I was getting worried.


----------



## Cookiegal (Aug 27, 2003)

jlski said:


> Thank you cookiegal. So happy you are ok. Believe it or not I was getting worried.


Ah, I'm sorry to cause concern.


----------



## Cookiegal (Aug 27, 2003)

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## jlski (Dec 2, 2002)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Microsoft Windows XP x86
Ran by Owner on Sat 02/09/2013 at 13:37:30.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\defaulttab

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\kdidombaedgpfiiedeimiebkmbilgmlc

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/09/2013 at 13:55:24.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Cookiegal (Aug 27, 2003)

I'm surprised that didn't get it as I saw it did in another thread.

it looks like we're going to have to resort to their uninstaller. But please try MS Fixit again as outlined on their page and see if that works (perhaps the instructions are different) and if not go with their uninstaller:

http://strongvaultfree.com/pages/uninstall_help


----------



## jlski (Dec 2, 2002)

Fixit didn't work and strong vault does not have an uninstall program that I could find.


----------



## jlski (Dec 2, 2002)

I did a file search again. Will this snapshot help?


----------



## Cookiegal (Aug 27, 2003)

jlski said:


> Fixit didn't work and strong vault does not have an uninstall program that I could find.


The uninstaller was on the link I provided. Please scroll down below the FixIt instructions on that page.


----------



## jlski (Dec 2, 2002)

I tried to run their Strong Vault's uninstall program and got the following notice in attachment Strong Vault_6.gif.

Then I reinstalled Strong Vault, then tried to run the uninstall and got the same notice as above.

I no longer get the popup when right clicking on icons. I got rid of of several String Vault files with CCleaner - attachment Strong Vault_4

However, it still pops up when rebooting. I finally got a snapshot of the popup - attachment Strong Vault_7

After Reinstalling Strong Vault I ran CCleaner to uninstall, then rebooted and the pop up was back. The uninstall leaves remnants behind. That is where the pop up comes from. Could that be the file showing in attachment Strong Vault_5"?


----------



## Cookiegal (Aug 27, 2003)

The file you're referring to is only a backup that the MS uninstaller creates.

It looks like there may be a group policy in effect preventing the uninstaller from running. Do you remember setting any such policies? Is this computer is a work environment where the Administrator may have set policies?


----------



## jlski (Dec 2, 2002)

I have never set any such policies that I'm aware of and bought this computer brand new. I never have logged on as admin.


----------



## Cookiegal (Aug 27, 2003)

Try booting to safe mode and logging in as the Administrator and running the Strongvault uninstaller while still in safe mode. 

Let me know how that goes please.


----------



## jlski (Dec 2, 2002)

OK, thanks cookiegal I will and let you know as soon as I can.


----------



## Cookiegal (Aug 27, 2003)

OK. Thanks.


----------



## jlski (Dec 2, 2002)

Tried to uninstall in safe mode as admin. Got a pop up that say the uninstall program is not accessible in safe mode.


----------



## Cookiegal (Aug 27, 2003)

Sorry. I forgot about that. 

Are you sure your account has Administrator privileges?


----------



## jlski (Dec 2, 2002)

To be honest cookiegal, I don't know. Never have done anything in that area. If that is terming it properly.


----------



## jlski (Dec 2, 2002)

Anyone home?


----------



## Cookiegal (Aug 27, 2003)

There could be a problem with the Windows Installer. Let's check to see what version you have.

Go to *Start *- *Run *- type *cmd *and hit Enter to open a command prompt.

At the Command Prompt type *MSIExec *then press Enter. A dialog box should open up and at the top it will show the version of the Windows Installer. Please let me know what it says.


----------



## jlski (Dec 2, 2002)

Windows ® Installer. V 4.5.6001.22159. I get automatic updates all the time, however, they fail to install. The next time I get such notice I'll post a snap shot her. The pop up says preparing to install...but it does not give info to what it is trying to install.


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## jlski (Dec 2, 2002)

Application
______________________________________________

Event Type:	Error
Event Source:	NativeWrapper
Event Category:	None
Event ID:	5000
Date: 2/13/2013
Time: 11:53:22 PM
User: N/A
Computer:	JERRYSCOMP
Description:
The description for Event ID ( 5000 ) in Source ( NativeWrapper ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: visualstudio7x80update, msiexec.exe, 1.0.1716.5060, kb2742597, 1033, 643, f, install, x86, 5.1.2600.2.3.0.256, 0.
Data:
0000: 76 00 69 00 73 00 75 00 v.i.s.u.
0008: 61 00 6c 00 73 00 74 00 a.l.s.t.
0010: 75 00 64 00 69 00 6f 00 u.d.i.o.
0018: 37 00 78 00 38 00 30 00 7.x.8.0.
0020: 75 00 70 00 64 00 61 00 u.p.d.a.
0028: 74 00 65 00 2c 00 20 00 t.e.,. .
0030: 6d 00 73 00 69 00 65 00 m.s.i.e.
0038: 78 00 65 00 63 00 2e 00 x.e.c...
0040: 65 00 78 00 65 00 2c 00 e.x.e.,.
0048: 20 00 31 00 2e 00 30 00 .1...0.
0050: 2e 00 31 00 37 00 31 00 ..1.7.1.
0058: 36 00 2e 00 35 00 30 00 6...5.0.
0060: 36 00 30 00 2c 00 20 00 6.0.,. .
0068: 6b 00 62 00 32 00 37 00 k.b.2.7.
0070: 34 00 32 00 35 00 39 00 4.2.5.9.
0078: 37 00 2c 00 20 00 31 00 7.,. .1.
0080: 30 00 33 00 33 00 2c 00 0.3.3.,.
0088: 20 00 36 00 34 00 33 00 .6.4.3.
0090: 2c 00 20 00 66 00 2c 00 ,. .f.,.
0098: 20 00 69 00 6e 00 73 00 .i.n.s.
00a0: 74 00 61 00 6c 00 6c 00 t.a.l.l.
00a8: 2c 00 20 00 78 00 38 00 ,. .x.8.
00b0: 36 00 2c 00 20 00 35 00 6.,. .5.
00b8: 2e 00 31 00 2e 00 32 00 ..1...2.
00c0: 36 00 30 00 30 00 2e 00 6.0.0...
00c8: 32 00 2e 00 33 00 2e 00 2...3...
00d0: 30 00 2e 00 32 00 35 00 0...2.5.
00d8: 36 00 20 00 30 00 0d 00 6. .0...
00e0: 0a 00 ..

__________________________________________________

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	1023
Date: 2/13/2013
Time: 11:53:20 PM
User: NT AUTHORITY\SYSTEM
Computer:	JERRYSCOMP
Description:
Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 43 42 32 46 37 45 44 {CB2F7ED
0008: 44 2d 39 44 31 46 2d 34 D-9D1F-4
0010: 33 43 31 2d 39 30 46 43 3C1-90FC
0018: 2d 34 46 35 32 45 41 45 -4F52EAE
0020: 31 37 32 41 31 7d 20 7b 172A1} {
0028: 36 43 32 39 38 38 38 34 6C298884
0030: 2d 39 31 46 44 2d 34 30 -91FD-40
0038: 38 43 2d 39 44 39 30 2d 8C-9D90-
0040: 35 41 35 39 44 32 43 32 5A59D2C2
0048: 39 46 44 31 7d 20 31 36 9FD1} 16
0050: 30 33 03

___________________________________________________

SYSTEM
___________________________________________________

Event Type:	Error
Event Source:	Windows Update Agent
Event Category:	Installation 
Event ID:	20
Date: 2/13/2013
Time: 11:53:23 PM
User: N/A
Computer:	JERRYSCOMP
Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 38 sult=0x8
0010: 30 30 37 30 36 34 33 20 0070643 
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 38 30 39 31 34 46 ={80914F
0028: 34 38 2d 46 45 38 30 2d 48-FE80-
0030: 34 37 39 43 2d 38 36 44 479C-86D
0038: 42 2d 44 42 41 38 39 33 B-DBA893
0040: 45 46 39 33 39 37 7d 20 EF9397} 
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 32 Number=2
0058: 30 32 20 00 02 .


----------



## Cookiegal (Aug 27, 2003)

Try downloading .NET Framework 1.1 and installing it over the top of the existing one:

http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=26

Be sure to use Internet Explorer for these downloads.

Then see if you can get this update to install by downloading it manually:

http://www.microsoft.com/en-ca/download/details.aspx?id=36281

Once you've done that reboot the computer please.

Let me know how that goes please.


----------



## jlski (Dec 2, 2002)

I pasted the links into IE but the response was the pages did not exist. I was, however, able to do it through chrome. The preparing to install still pops up several times very very quickly on rebooting.


----------



## jlski (Dec 2, 2002)

Sorry if I've become your worst nightmare.


----------



## Cookiegal (Aug 27, 2003)

I think you have to use Internet Explorer. Please don't paste the URL but rather click on it to visit the page and then click on the download.


----------



## jlski (Dec 2, 2002)

OK. I didn't think about changing the default browser to IE. Will do.


----------



## jlski (Dec 2, 2002)

OK, I finally used IE with the updates and can't see any difference other than it seems like there is not an issue with the automatic updates. Howeverrrrr.  The pop up is still there.


----------



## Cookiegal (Aug 27, 2003)

Did the .NET Framework update install without any problem?

I'm thinking it might have had an effect on the Windows Installer not running properly.

Can you try to run the StrongVault uninstaller again and let me know if you get the same error message please.

If you do then please use SystemLook again with the following script:


```
:filefind
*strongvault*
:folderfind
*strongvault*
:regfind
strongvault
```


----------



## jlski (Dec 2, 2002)

I did not notice any installation problems. I don't remember if I told you but I tried Strong Vaults uninstall process which was nothing more than a joke. It uninstalled but upon rebooting it re-installed partially. So, I re-installed it myself then used Revo (Hunter Mode) and nailed every file and folder that was labeled Strong Vault to the wall then burnt the wall down. Now I can't find a trace of it anywhere and good riddance.

But the windows installer pop up is still popping up.


----------



## Cookiegal (Aug 27, 2003)

Sorry. I thought the popup was related to Strongvault.

Please check the Event Viewer again and post any errors or warnings that occurred around the time when you would have seen that Windows Installer popup.


----------



## jlski (Dec 2, 2002)

It seemed to be a psrt of Strong Vault because that is when the popup started.

No ERRORS in application around that time.

System

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7006
Date: 2/18/2013
Time: 9:15:36 PM
User: N/A
Computer:	JERRYSCOMP
Description:
The ScRegSetValueExW call failed for Start with the following error: 
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Please reboot the computer and then run DDS right away before doing anything else and post both logs again.


----------



## jlski (Dec 2, 2002)

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.17117
Run by Owner at 14:30:57 on 2013-02-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.464 [GMT -6:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Workspace\offSyncService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.roboform.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\bae.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: HopSurf toolbar: {E9FAB13D-4600-49E1-90D1-EE961C859D39} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ContactKeeper Birthday reminder] "c:\program files\contactkeeper\ContactKeeper.exe" /Reminder
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Password Generator - c:\program files\siber systems\ai roboform\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - c:\program files\siber systems\ai roboform\RoboFormComEditIdent.html
IE: RoboForm TaskBar Icon - c:\program files\siber systems\ai roboform\RoboFormComTaskBarIcon.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {45DB34C3-955C-11D3-ABEF-444553540001} - {45DB34C3-955C-11D3-ABEF-444553540001} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354034315693
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 216.81.36.10 216.81.36.20
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C} : DHCPNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2012-12-16 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-12-16 25160]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-12-16 723632]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2013-1-24 2074256]
R2 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2012-2-21 1168680]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
.
=============== File Associations ===============
.
FileExt: .scr: Icad.load.scr - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]
FileExt: .ini: FreeOpener=notepad.exe %1
.vbe: <filetype is not registered>
FileExt: .js: FreeOpener=notepad.exe %1
.jse: <filetype is not registered>
.wsf: <filetype is not registered>
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2013-02-19 03:15:23	--------	d-----w-	c:\documents and settings\all users\application data\VS Revo Group
2013-02-16 14:29:50	--------	d-----w-	c:\documents and settings\all users\application data\Trymedia
2013-02-15 03:00:39	--------	d-----w-	c:\windows\system32\URTTEMP
2013-02-10 16:02:25	--------	d-sh--w-	c:\windows\system32\AI_RecycleBin
2013-01-29 01:54:11	--------	d-----w-	c:\documents and settings\owner\local settings\application data\WinZip
2013-01-24 16:28:01	47368	----a-w-	c:\windows\system32\certsentry.dll
2013-01-22 02:47:29	--------	d-----w-	c:\documents and settings\owner\local settings\application data\VS Revo Group
2013-01-22 02:46:56	27064	----a-w-	c:\windows\system32\drivers\revoflt.sys
2013-01-22 02:46:51	--------	d-----w-	c:\program files\VS Revo Group
2013-01-22 02:36:12	--------	d-----w-	C:\MATS
2013-01-21 23:52:30	--------	d-----w-	c:\documents and settings\all users\application data\Logs
.
==================== Find3M ====================
.
2013-02-14 14:16:01	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 14:16:01	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-26 03:55:44	552448	------w-	c:\windows\system32\oleaut32.dll
2013-01-16 16:27:28	499712	----a-w-	c:\windows\system32\msvcp71.dll
2013-01-16 16:27:28	348160	----a-w-	c:\windows\system32\msvcr71.dll
2013-01-15 22:56:10	477616	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-01-15 22:56:07	473520	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-15 21:14:01	73728	----a-w-	c:\windows\system32\javacpl.cpl
2013-01-07 01:16:02	2193024	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58	2069760	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00	1867264	----a-w-	c:\windows\system32\win32k.sys
2013-01-02 06:49:10	1292288	----a-w-	c:\windows\system32\quartz.dll
2012-12-26 20:43:21	832512	----a-w-	c:\windows\system32\wininet.dll
2012-12-26 20:43:21	1830912	----a-w-	c:\windows\system32\inetcpl.cpl
2012-12-26 20:43:20	78336	----a-w-	c:\windows\system32\ieencode.dll
2012-12-26 20:43:20	17408	----a-w-	c:\windows\system32\corpol.dll
2012-12-24 01:11:02	335	----a-w-	C:\Start_.cmd
2012-12-16 12:23:59	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 11:53:23	25160	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2012-12-16 11:53:23	179792	----a-w-	c:\windows\system32\guard32.dll
2012-12-16 11:53:23	132296	----a-w-	c:\windows\system32\drivers\cmdguard.sys
2012-12-14 22:49:28	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:32:31.15 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2010 11:56:12 AM
System Uptime: 2/19/2013 2:26:28 PM (0 hours ago)
.
Motherboard: Intel Corporation | | D101GGC
Processor: Intel(R) Celeron(R) D CPU 3.33GHz | | 3333/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 105.873 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.387 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&29C049B9&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&29C049B9&0
Service: i8042prt
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: BCM5701 Gigabit Ethernet
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer: 
Name: BCM5701 Gigabit Ethernet #2
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: b57w2k
.
==== System Restore Points ===================
.
RP1: 12/28/2012 8:53:26 PM - System Checkpoint
RP2: 12/28/2012 9:00:39 PM - Today 12/28/12
RP3: 12/29/2012 11:10:08 PM - System Checkpoint
RP4: 12/31/2012 12:03:04 AM - System Checkpoint
RP5: 1/1/2013 1:02:04 AM - System Checkpoint
RP6: 1/2/2013 2:02:05 AM - System Checkpoint
RP7: 1/3/2013 3:00:12 AM - System Checkpoint
RP8: 1/4/2013 3:00:22 AM - Software Distribution Service 3.0
RP9: 1/5/2013 3:31:33 AM - System Checkpoint
RP10: 1/6/2013 4:30:02 AM - System Checkpoint
RP11: 1/7/2013 5:27:28 AM - System Checkpoint
RP12: 1/8/2013 6:59:53 AM - System Checkpoint
RP13: 1/9/2013 3:00:20 AM - Software Distribution Service 3.0
RP14: 1/9/2013 6:40:17 AM - Software Distribution Service 3.0
RP15: 1/9/2013 8:01:47 AM - Software Distribution Service 3.0
RP16: 1/10/2013 3:00:21 AM - Software Distribution Service 3.0
RP17: 1/10/2013 12:29:30 PM - Software Distribution Service 3.0
RP18: 1/11/2013 1:04:47 AM - Software Distribution Service 3.0
RP19: 1/12/2013 1:08:34 AM - System Checkpoint
RP20: 1/12/2013 3:00:17 AM - Software Distribution Service 3.0
RP21: 1/13/2013 3:00:20 AM - Software Distribution Service 3.0
RP22: 1/13/2013 6:30:42 AM - Software Distribution Service 3.0
RP23: 1/14/2013 12:33:44 AM - Software Distribution Service 3.0
RP24: 1/14/2013 3:00:16 AM - Software Distribution Service 3.0
RP25: 1/15/2013 3:00:18 AM - Software Distribution Service 3.0
RP26: 1/16/2013 3:00:23 AM - Software Distribution Service 3.0
RP27: 1/16/2013 11:00:05 PM - Software Distribution Service 3.0
RP28: 1/17/2013 7:25:37 AM - Software Distribution Service 3.0
RP29: 1/18/2013 3:00:21 AM - Software Distribution Service 3.0
RP30: 1/19/2013 3:00:22 AM - Software Distribution Service 3.0
RP31: 1/20/2013 3:00:22 AM - Software Distribution Service 3.0
RP32: 1/21/2013 3:00:23 AM - Software Distribution Service 3.0
RP33: 1/21/2013 4:56:35 PM - Removed Strongvault Online Backup
RP34: 1/21/2013 5:02:07 PM - Software Distribution Service 3.0
RP35: 1/21/2013 5:53:42 PM - Software Distribution Service 3.0
RP36: 1/21/2013 7:54:31 PM - Software Distribution Service 3.0
RP37: 1/21/2013 8:35:29 PM - Restore Point before Corrupt Patch Registry keys
RP38: 1/21/2013 8:36:12 PM - Restore Point before Strongvault Online Backup was removed using Program Install and Uninstall troubleshooter
RP39: 1/21/2013 8:36:30 PM - Strongvault Online Backup 
RP40: 1/21/2013 9:04:52 PM - Revo Uninstaller Pro's restore point - 
RP41: 1/21/2013 9:48:35 PM - Removed System Requirements Lab for Intel
RP42: 1/22/2013 3:00:20 AM - Software Distribution Service 3.0
RP43: 1/23/2013 3:00:17 AM - Software Distribution Service 3.0
RP44: 1/23/2013 11:33:35 AM - Software Distribution Service 3.0
RP45: 1/23/2013 11:40:53 AM - Software Distribution Service 3.0
RP46: 1/23/2013 2:33:04 PM - Software Distribution Service 3.0
RP47: 1/24/2013 3:00:21 AM - Software Distribution Service 3.0
RP48: 1/24/2013 10:14:02 AM - Software Distribution Service 3.0
RP49: 1/24/2013 4:39:10 PM - Software Distribution Service 3.0
RP50: 1/24/2013 6:49:47 PM - Software Distribution Service 3.0
RP51: 1/25/2013 3:00:20 AM - Software Distribution Service 3.0
RP52: 1/26/2013 3:00:21 AM - Software Distribution Service 3.0
RP53: 1/27/2013 3:00:22 AM - Software Distribution Service 3.0
RP54: 1/28/2013 3:00:21 AM - Software Distribution Service 3.0
RP55: 1/28/2013 7:49:40 PM - Removed WinZip 17.0
RP56: 1/28/2013 7:59:56 PM - Software Distribution Service 3.0
RP57: 1/29/2013 3:00:23 AM - Software Distribution Service 3.0
RP58: 1/30/2013 3:00:24 AM - Software Distribution Service 3.0
RP59: 1/31/2013 3:00:21 AM - Software Distribution Service 3.0
RP60: 1/31/2013 11:39:01 PM - Restore Point before Strongvault Online Backup was removed using Program Install and Uninstall troubleshooter
RP61: 1/31/2013 11:39:13 PM - Strongvault Online Backup 
RP62: 1/31/2013 11:46:09 PM - Software Distribution Service 3.0
RP63: 2/1/2013 7:27:24 AM - Software Distribution Service 3.0
RP64: 2/1/2013 5:25:24 PM - Software Distribution Service 3.0
RP65: 2/2/2013 3:00:22 AM - Software Distribution Service 3.0
RP66: 2/3/2013 3:00:22 AM - Software Distribution Service 3.0
RP67: 2/4/2013 3:00:21 AM - Software Distribution Service 3.0
RP68: 2/4/2013 11:34:55 AM - Software Distribution Service 3.0
RP69: 2/5/2013 3:00:22 AM - Software Distribution Service 3.0
RP70: 2/5/2013 7:50:22 AM - Installed Java(TM) 6 Update 39
RP71: 2/6/2013 3:00:22 AM - Software Distribution Service 3.0
RP72: 2/7/2013 3:00:20 AM - Software Distribution Service 3.0
RP73: 2/8/2013 3:00:22 AM - Software Distribution Service 3.0
RP74: 2/9/2013 12:10:26 AM - Software Distribution Service 3.0
RP75: 2/9/2013 11:29:45 PM - Removed Microsoft Fix it Center
RP76: 2/10/2013 12:06:00 AM - Removed Microsoft Fix it Center
RP77: 2/10/2013 12:10:15 AM - Removed Microsoft Fix it Center
RP78: 2/10/2013 12:11:06 AM - Removed System Requirements Lab for Intel
RP79: 2/10/2013 3:00:20 AM - Software Distribution Service 3.0
RP80: 2/10/2013 10:10:57 AM - Removed Strongvault Online Backup
RP81: 2/10/2013 11:00:13 AM - Software Distribution Service 3.0
RP82: 2/11/2013 3:00:22 AM - Software Distribution Service 3.0
RP83: 2/12/2013 3:48:27 AM - System Checkpoint
RP84: 2/12/2013 3:53:29 PM - Revo Uninstaller Pro's restore point - Backup Launcher
RP85: 2/12/2013 4:04:55 PM - Revo Uninstaller Pro's restore point - 
RP86: 2/12/2013 4:07:11 PM - Revo Uninstaller Pro's restore point - 
RP87: 2/12/2013 5:12:50 PM - Revo Uninstaller Pro's restore point - CCleaner
RP88: 2/12/2013 5:14:18 PM - Revo Uninstaller Pro's restore point - CCleaner
RP89: 2/13/2013 12:52:49 PM - Software Distribution Service 3.0
RP90: 2/13/2013 9:51:36 PM - Software Distribution Service 3.0
RP91: 2/13/2013 11:52:22 PM - Software Distribution Service 3.0
RP92: 2/15/2013 12:24:42 AM - System Checkpoint
RP93: 2/16/2013 12:31:01 AM - System Checkpoint
RP94: 2/16/2013 8:32:44 AM - Revo Uninstaller Pro's restore point - Microsoft® Windows® Operating System
RP95: 2/16/2013 11:04:10 AM - Revo Uninstaller Pro's restore point - Microsoft® Windows® Operating System
RP96: 2/17/2013 3:11:01 PM - System Checkpoint
RP97: 2/18/2013 3:31:34 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
AiO_Scan_CDA
AiOSoftwareNPI
ATI Display Driver
Big Fish Games: Game Manager
Browser Address Error Redirector
BufferChm
Comodo Dragon
Comodo HopSurf
COMODO Internet Security
ContactKeeper 1.5.0
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
Digital Media Reader
DocProc
DVD Solution
eSupportQFolder
F300
F300_Help
F300Trb
Fax_CDA
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
HPProductAssistant
Internet Explorer (Enable DEP)
Java Auto Updater
Java(TM) 6 Update 39
Lost Treasures of Alexandria
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Namo WebEditor 5
NewCopy_CDA
Night In The Opera
OpenOffice.org 3.3
ProductContextNPI
QuickTime
Readme
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Software Suite eMachines
Revo Uninstaller Pro 3.0.2
RoboForm 7-8-6-5 (All Users)
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB2792100)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB2799329)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype™ 5.10
SolutionCenter
Sonic Encoders
Sparkle
SpywareBlaster 4.6
Status
swMSM
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 17.0
Workspace Desktop
.
==== Event Viewer Messages From Past Week ========
.
2/18/2013 9:15:36 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
2/13/2013 11:53:23 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).
2/12/2013 3:33:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/12/2013 3:31:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/12/2013 3:28:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/12/2013 3:24:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard Fips intelppm
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

Please remove the version of ComboFix that you have by dragging it to the Recycle Bin and then disable your security programs, run a new scan, re-enable your security programs, post the new scan log.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## jlski (Dec 2, 2002)

I installed combofix and ran it. I left for a bit to let it run. I came back and it had closed itself and did not produce a log.


----------



## Cookiegal (Aug 27, 2003)

Please try again when you can be at the machine to see any error or alert that may appear.


----------



## jlski (Dec 2, 2002)

Will do teach.


----------



## jlski (Dec 2, 2002)

Tried running again and got the following error message.


----------



## Cookiegal (Aug 27, 2003)

Click Abort if you haven't already then remove that copy of ComboFix and grab a new copy.

Before running it do the following:

Download and run the following tool to help allow other programs to run. _(Courtesy of BleepingComputer.com)_
There are 4 different versions. If one of them won't run then download and try to run the other one. Do not reboot after running this program.

Vista and Win7 users need to right click and choose *Run as Admin* 
*You only need to get one of them to run, not all of them.*

rkill.exe
rkill.com
rkill.scr
rkill.pif

do NOT reboot the machine. Now proceed to disable your security programs and run ComboFix.


----------



## jlski (Dec 2, 2002)

Cookiegal, please refresh my memory. Shouldn't I rename Combofix before running it?


----------



## Cookiegal (Aug 27, 2003)

You should rename it as you're downloading and saving it.


----------



## jlski (Dec 2, 2002)

I renamed it at the time of saving it to my desktop. Would it run without a hitch? HA!! Error message in the attachment.


----------



## Cookiegal (Aug 27, 2003)

I believe it's still an anti-virus program interfering.

Please try running ComboFix in safe mode.


----------



## jlski (Dec 2, 2002)

I did run combofix in safe mode, however, I'm not sure comodo internet security was disabled. Safemode is a different realm. I tried to run combofix as admin in safemode but the combofix icon did not show on the desktop, so I ran it as owner. Log is below.

ComboFix 13-02-20.01 - Owner 02/21/2013 11:43:56.3.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.687 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Hunter.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 )))))))))))))))))))))))))))))))
.
.
2013-02-19 03:15 . 2013-02-19 03:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\VS Revo Group
2013-02-16 14:29 . 2013-02-16 14:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Trymedia
2013-02-12 21:23 . 2013-02-12 21:23	--------	d-----w-	c:\documents and settings\Administrator\Application Data\RealNetworks
2013-02-12 21:23 . 2013-02-12 21:23	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Google
2013-02-12 21:22 . 2013-02-12 21:22	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\offsync
2013-02-10 16:02 . 2013-02-10 16:48	--------	d-sh--w-	c:\windows\system32\AI_RecycleBin
2013-01-29 01:54 . 2013-02-14 00:44	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2013-01-29 01:52 . 2013-01-29 01:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2013-01-24 23:16 . 2013-01-24 23:16	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2013-01-24 16:28 . 2013-01-24 16:28	47368	----a-w-	c:\windows\system32\certsentry.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 14:16 . 2013-01-18 12:58	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-14 14:16 . 2013-01-18 12:58	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2007-07-11 20:26	552448	------w-	c:\windows\system32\oleaut32.dll
2013-01-16 16:27 . 2003-08-13 01:17	499712	----a-w-	c:\windows\system32\msvcp71.dll
2013-01-16 16:27 . 2003-08-13 01:17	348160	----a-w-	c:\windows\system32\msvcr71.dll
2013-01-15 22:56 . 2012-07-22 11:48	477616	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-01-15 22:56 . 2011-04-27 18:36	473520	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-15 21:14 . 2012-07-22 11:48	73728	----a-w-	c:\windows\system32\javacpl.cpl
2013-01-07 01:16 . 2007-07-11 20:26	2193024	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2010-10-20 14:47	2069760	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2007-07-11 20:28	1867264	----a-w-	c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-01-09 23:48	1292288	----a-w-	c:\windows\system32\quartz.dll
2012-12-26 20:43 . 2007-07-11 20:28	832512	----a-w-	c:\windows\system32\wininet.dll
2012-12-26 20:43 . 2007-07-11 20:23	1830912	----a-w-	c:\windows\system32\inetcpl.cpl
2012-12-26 20:43 . 2012-11-25 16:43	78336	----a-w-	c:\windows\system32\ieencode.dll
2012-12-26 20:43 . 2007-07-11 20:21	17408	----a-w-	c:\windows\system32\corpol.dll
2012-12-16 12:23 . 2007-07-11 20:20	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 11:53 . 2012-12-16 11:53	87104	----a-w-	c:\windows\system32\drivers\inspect.sys
2012-12-16 11:53 . 2012-12-16 11:53	25160	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2012-12-16 11:53 . 2012-12-16 11:53	179792	----a-w-	c:\windows\system32\guard32.dll
2012-12-16 11:53 . 2012-12-16 11:53	132296	----a-w-	c:\windows\system32\drivers\cmdguard.sys
2012-12-14 22:49 . 2011-09-07 03:06	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ContactKeeper Birthday reminder"="c:\program files\ContactKeeper\ContactKeeper.exe" [2011-11-11 921600]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-02-17 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-12-16 1799952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-01-16 295072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Namo\\WebEditor 5\\bin\\WebEditor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/16/2012 5:53 AM 25160]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12/16/2012 5:53 AM 132296]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\COMODO\Dragon\dragon_updater.exe [1/24/2013 5:52 AM 2074256]
S2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2/21/2012 8:58 AM 1168680]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 8:31 PM 38608]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 12:59	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 14:16]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2013-02-21 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-21 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-21 c:\windows\Tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.roboform.com
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Password Generator - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: RoboForm TaskBar Icon - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: secureserver.net\email14
TCP: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
.
.
------- File Associations -------
.
.scr=Icad.load.scr
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-21 11:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(492)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-02-21 11:52:07
ComboFix-quarantined-files.txt 2013-02-21 17:52
.
Pre-Run: 116,651,638,784 bytes free
Post-Run: 116,713,381,888 bytes free
.
- - End Of File - - 92737D02B287DB983FA886CD3D512F97


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
Folder::
c:\windows\system32\AI_RecycleBin
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## jlski (Dec 2, 2002)

Sorry cookiegal, I forgot to disable comodo on the last step and received all kinds of error messages. I reran combofix again in safemode and the log is below. Let me know if you want me to run the last step again after you read this.

Once again, very sorry.

ComboFix 13-02-21.02 - Owner 02/21/2013 13:19:54.4.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.690 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ducks.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 )))))))))))))))))))))))))))))))
.
.
2013-02-21 19:18 . 2013-02-21 19:18	--------	d-----w-	c:\windows\LastGood
2013-02-21 19:03 . 2013-02-21 19:03	--------	d-----w-	C:\Hunter
2013-02-20 15:57 . 2013-02-21 17:41	--------	d-----w-	C:\ComboFix
2013-02-19 22:56 . 2013-02-19 22:56	--------	d-----w-	c:\documents and settings\Owner\Application Data\SampleView
2013-02-19 03:15 . 2013-02-19 03:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\VS Revo Group
2013-02-16 14:29 . 2013-02-16 14:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Trymedia
2013-02-12 21:23 . 2013-02-12 21:23	--------	d-----w-	c:\documents and settings\Administrator\Application Data\RealNetworks
2013-02-12 21:23 . 2013-02-12 21:23	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Google
2013-02-12 21:22 . 2013-02-12 21:22	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\offsync
2013-02-10 16:02 . 2013-02-10 16:48	--------	d-sh--w-	c:\windows\system32\AI_RecycleBin
2013-01-29 01:54 . 2013-02-14 00:44	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2013-01-29 01:52 . 2013-01-29 01:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2013-01-24 23:16 . 2013-01-24 23:16	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2013-01-24 16:28 . 2013-01-24 16:28	47368	----a-w-	c:\windows\system32\certsentry.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 14:16 . 2013-01-18 12:58	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-14 14:16 . 2013-01-18 12:58	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2007-07-11 20:26	552448	------w-	c:\windows\system32\oleaut32.dll
2013-01-16 16:27 . 2003-08-13 01:17	499712	----a-w-	c:\windows\system32\msvcp71.dll
2013-01-16 16:27 . 2003-08-13 01:17	348160	----a-w-	c:\windows\system32\msvcr71.dll
2013-01-15 22:56 . 2012-07-22 11:48	477616	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-01-15 22:56 . 2011-04-27 18:36	473520	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-15 21:14 . 2012-07-22 11:48	73728	----a-w-	c:\windows\system32\javacpl.cpl
2013-01-07 01:16 . 2007-07-11 20:26	2193024	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2010-10-20 14:47	2069760	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2007-07-11 20:28	1867264	----a-w-	c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-01-09 23:48	1292288	----a-w-	c:\windows\system32\quartz.dll
2012-12-26 20:43 . 2007-07-11 20:28	832512	----a-w-	c:\windows\system32\wininet.dll
2012-12-26 20:43 . 2007-07-11 20:23	1830912	----a-w-	c:\windows\system32\inetcpl.cpl
2012-12-26 20:43 . 2012-11-25 16:43	78336	----a-w-	c:\windows\system32\ieencode.dll
2012-12-26 20:43 . 2007-07-11 20:21	17408	----a-w-	c:\windows\system32\corpol.dll
2012-12-16 12:23 . 2007-07-11 20:20	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 11:53 . 2012-12-16 11:53	87104	----a-w-	c:\windows\system32\drivers\inspect.sys
2012-12-16 11:53 . 2012-12-16 11:53	25160	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2012-12-16 11:53 . 2012-12-16 11:53	179792	----a-w-	c:\windows\system32\guard32.dll
2012-12-16 11:53 . 2012-12-16 11:53	132296	----a-w-	c:\windows\system32\drivers\cmdguard.sys
2012-12-14 22:49 . 2011-09-07 03:06	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ContactKeeper Birthday reminder"="c:\program files\ContactKeeper\ContactKeeper.exe" [2011-11-11 921600]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-02-17 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-12-16 1799952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-01-16 295072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Namo\\WebEditor 5\\bin\\WebEditor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/16/2012 5:53 AM 25160]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12/16/2012 5:53 AM 132296]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\COMODO\Dragon\dragon_updater.exe [1/24/2013 5:52 AM 2074256]
S2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2/21/2012 8:58 AM 1168680]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 8:31 PM 38608]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/21/2013 8:46 PM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 12:59	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 14:16]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2013-02-21 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-21 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-21 c:\windows\Tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.roboform.com
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Password Generator - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: RoboForm TaskBar Icon - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: secureserver.net\email14
TCP: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
.
.
------- File Associations -------
.
.scr=Icad.load.scr
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-21 13:27
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(476)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1644)
c:\windows\system32\WININET.dll
c:\program files\Workspace\offsyncext.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-02-21 13:29:01
ComboFix-quarantined-files.txt 2013-02-21 19:28
ComboFix2.txt 2013-02-21 17:52
.
Pre-Run: 116,709,588,992 bytes free
Post-Run: 116,698,796,032 bytes free
.
- - End Of File - - 125B6600264A41DE4431060A6BAB9B8B


----------



## Cookiegal (Aug 27, 2003)

The log shows Comodo wasn't disabled. It's very difficult to run fixes when Comodo is installed.

Please disabled Comodo and run the CFScript again as it didn't work.

Also, do you recognize this folder? It was just created today. Did you create it?

C:\*Hunter*


----------



## jlski (Dec 2, 2002)

In safemode comodo was showing in the systems tray. I right clicked on it and the click exit (the only disable choice given) then I was asked if I was sure I wanted to exit and I clicked yes. In safemode that was the only choice given. If I have to I will uninstall comodo til we get through this. After making sure comodo was disabled this time I then ran the CFScript again but it didn't leave a log. C:\*Hunter* is what I renamed Combofix the last time. Now there should be a C:/*Ducks* now.


----------



## Cookiegal (Aug 27, 2003)

It's going to be confusing for me if you keep renaming ComboFix something different.

Please run ComboFix again so I can see if the fix worked.


----------



## jlski (Dec 2, 2002)

My misunderstanding. I thought I was supposed to name it differently every time I downloaded it as you had me do in the past. This time I uninstalled comodo then ran combofix in safemode.

ComboFix 13-02-21.02 - Owner 02/21/2013 16:38:57.5.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.698 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ducks.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 )))))))))))))))))))))))))))))))
.
.
2013-02-21 20:23 . 2013-02-21 20:23	--------	d-----w-	C:\ducks
2013-02-21 19:03 . 2013-02-21 19:03	--------	d-----w-	C:\Hunter
2013-02-20 15:57 . 2013-02-21 17:41	--------	d-----w-	C:\ComboFix
2013-02-19 22:56 . 2013-02-19 22:56	--------	d-----w-	c:\documents and settings\Owner\Application Data\SampleView
2013-02-19 03:15 . 2013-02-19 03:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\VS Revo Group
2013-02-16 14:29 . 2013-02-16 14:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Trymedia
2013-02-12 21:23 . 2013-02-12 21:23	--------	d-----w-	c:\documents and settings\Administrator\Application Data\RealNetworks
2013-02-12 21:23 . 2013-02-12 21:23	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Google
2013-02-12 21:22 . 2013-02-12 21:22	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\offsync
2013-02-10 16:02 . 2013-02-10 16:48	--------	d-sh--w-	c:\windows\system32\AI_RecycleBin
2013-01-29 01:54 . 2013-02-14 00:44	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2013-01-29 01:52 . 2013-01-29 01:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2013-01-24 23:16 . 2013-01-24 23:16	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2013-01-24 16:28 . 2013-01-24 16:28	47368	----a-w-	c:\windows\system32\certsentry.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 14:16 . 2013-01-18 12:58	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-14 14:16 . 2013-01-18 12:58	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2007-07-11 20:26	552448	------w-	c:\windows\system32\oleaut32.dll
2013-01-16 16:27 . 2003-08-13 01:17	499712	----a-w-	c:\windows\system32\msvcp71.dll
2013-01-16 16:27 . 2003-08-13 01:17	348160	----a-w-	c:\windows\system32\msvcr71.dll
2013-01-15 22:56 . 2012-07-22 11:48	477616	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-01-15 22:56 . 2011-04-27 18:36	473520	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-15 21:14 . 2012-07-22 11:48	73728	----a-w-	c:\windows\system32\javacpl.cpl
2013-01-07 01:16 . 2007-07-11 20:26	2193024	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2010-10-20 14:47	2069760	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2007-07-11 20:28	1867264	----a-w-	c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-01-09 23:48	1292288	----a-w-	c:\windows\system32\quartz.dll
2012-12-26 20:43 . 2007-07-11 20:28	832512	----a-w-	c:\windows\system32\wininet.dll
2012-12-26 20:43 . 2007-07-11 20:23	1830912	----a-w-	c:\windows\system32\inetcpl.cpl
2012-12-26 20:43 . 2012-11-25 16:43	78336	----a-w-	c:\windows\system32\ieencode.dll
2012-12-26 20:43 . 2007-07-11 20:21	17408	----a-w-	c:\windows\system32\corpol.dll
2012-12-16 12:23 . 2007-07-11 20:20	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2011-09-07 03:06	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ContactKeeper Birthday reminder"="c:\program files\ContactKeeper\ContactKeeper.exe" [2011-11-11 921600]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-02-17 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-01-16 295072]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Namo\\WebEditor 5\\bin\\WebEditor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\COMODO\Dragon\dragon_updater.exe [1/24/2013 5:52 AM 2074256]
S2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2/21/2012 8:58 AM 1168680]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 8:31 PM 38608]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/21/2013 8:46 PM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 12:59	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 14:16]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2013-02-21 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-21 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-21 c:\windows\Tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.roboform.com
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Password Generator - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: RoboForm TaskBar Icon - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: secureserver.net\email14
TCP: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
.
.
------- File Associations -------
.
.scr=Icad.load.scr
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-21 16:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1124)
c:\windows\system32\WININET.dll
c:\program files\Workspace\offsyncext.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
Completion time: 2013-02-21 16:48:12
ComboFix-quarantined-files.txt 2013-02-21 22:48
ComboFix2.txt 2013-02-21 19:29
ComboFix3.txt 2013-02-21 17:52
.
Pre-Run: 116,843,786,240 bytes free
Post-Run: 116,829,270,016 bytes free
.
- - End Of File - - 308A54CE658F0B6523B87A302173D01D


----------



## Cookiegal (Aug 27, 2003)

Please run it again with the instructions I gave you in post no. 291.


----------



## jlski (Dec 2, 2002)

YAHOOOO!!!!  Got through it without a hitch.

ComboFix 13-02-21.02 - Owner 02/21/2013 18:46:28.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.195 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ducks.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AI_RecycleBin
.
.
((((((((((((((((((((((((( Files Created from 2013-01-22 to 2013-02-22  )))))))))))))))))))))))))))))))
.
.
2013-02-21 20:23 . 2013-02-21 20:23	--------	d-----w-	C:\ducks
2013-02-21 19:03 . 2013-02-21 19:03	--------	d-----w-	C:\Hunter
2013-02-20 15:57 . 2013-02-21 17:41	--------	d-----w-	C:\ComboFix
2013-02-19 22:56 . 2013-02-19 22:56	--------	d-----w-	c:\documents and settings\Owner\Application Data\SampleView
2013-02-19 03:15 . 2013-02-19 03:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\VS Revo Group
2013-02-16 14:29 . 2013-02-16 14:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Trymedia
2013-02-12 21:23 . 2013-02-12 21:23	--------	d-----w-	c:\documents and settings\Administrator\Application Data\RealNetworks
2013-02-12 21:23 . 2013-02-12 21:23	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Google
2013-02-12 21:22 . 2013-02-12 21:22	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\offsync
2013-01-29 01:54 . 2013-02-14 00:44	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2013-01-29 01:52 . 2013-01-29 01:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2013-01-24 23:16 . 2013-01-24 23:16	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2013-01-24 16:28 . 2013-01-24 16:28	47368	----a-w-	c:\windows\system32\certsentry.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 14:16 . 2013-01-18 12:58	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-14 14:16 . 2013-01-18 12:58	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2007-07-11 20:26	552448	------w-	c:\windows\system32\oleaut32.dll
2013-01-16 16:27 . 2003-08-13 01:17	499712	----a-w-	c:\windows\system32\msvcp71.dll
2013-01-16 16:27 . 2003-08-13 01:17	348160	----a-w-	c:\windows\system32\msvcr71.dll
2013-01-15 22:56 . 2012-07-22 11:48	477616	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-01-15 22:56 . 2011-04-27 18:36	473520	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-15 21:14 . 2012-07-22 11:48	73728	----a-w-	c:\windows\system32\javacpl.cpl
2013-01-07 01:16 . 2007-07-11 20:26	2193024	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2010-10-20 14:47	2069760	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2007-07-11 20:28	1867264	----a-w-	c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-01-09 23:48	1292288	----a-w-	c:\windows\system32\quartz.dll
2012-12-26 20:43 . 2007-07-11 20:28	832512	----a-w-	c:\windows\system32\wininet.dll
2012-12-26 20:43 . 2007-07-11 20:23	1830912	----a-w-	c:\windows\system32\inetcpl.cpl
2012-12-26 20:43 . 2012-11-25 16:43	78336	----a-w-	c:\windows\system32\ieencode.dll
2012-12-26 20:43 . 2007-07-11 20:21	17408	----a-w-	c:\windows\system32\corpol.dll
2012-12-16 12:23 . 2007-07-11 20:20	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2011-09-07 03:06	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:05	1065776	----a-w-	c:\program files\Workspace\offsyncext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ContactKeeper Birthday reminder"="c:\program files\ContactKeeper\ContactKeeper.exe" [2011-11-11 921600]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-02-17 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-01-16 295072]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Namo\\WebEditor 5\\bin\\WebEditor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\COMODO\Dragon\dragon_updater.exe [1/24/2013 5:52 AM 2074256]
R2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2/21/2012 8:58 AM 1168680]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 8:31 PM 38608]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/21/2013 8:46 PM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 12:59	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 14:16]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 14:29]
.
2013-02-21 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-21 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2752115482-2144442535-3955104311-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2013-02-22 c:\windows\Tasks\User_Feed_Synchronization-{4519A47C-0ECA-4208-AF21-2846D577C78D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.roboform.com
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Password Generator - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: RoboForm Editor - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: RoboForm TaskBar Icon - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: secureserver.net\email14
TCP: DhcpNameServer = 192.168.1.1 216.81.36.10 216.81.36.20
TCP: Interfaces\{D344F2B7-845D-4D29-AA15-15FDBF0C859C}: NameServer = 156.154.70.22,156.154.71.22
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-21 18:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(864)
c:\windows\system32\WININET.dll
c:\program files\Workspace\offsyncext.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-02-21 19:00:05
ComboFix-quarantined-files.txt 2013-02-22 01:00
ComboFix2.txt 2013-02-21 22:48
ComboFix3.txt 2013-02-21 19:29
ComboFix4.txt 2013-02-21 17:52
.
Pre-Run: 116,837,408,768 bytes free
Post-Run: 116,824,825,856 bytes free
.
- - End Of File - - DD6352831B3492714CE9F41177C5DDFD


----------



## Cookiegal (Aug 27, 2003)

Please run AdwCleaner again but there may have been some updates so please remove the version you currently have by dragging it to the Recycle Bin and grab the latest version please.

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## jlski (Dec 2, 2002)

# AdwCleaner v2.112 - Logfile created 02/22/2013 at 13:04:57
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - JERRYSCOMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia

***** [Registry] *****

Key Found : HKCU\Software\5c2dcdcb53cb914
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\5c2dcdcb53cb914
Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{069B290F-5398-4629-A009-85B4BCB4B1B9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17117

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.28] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "hxxp://www.claro-search.com/?affID=117465&tt=4812_4&babsrc=HP_ss&mntrId=742510ee0000000000000016767832aa", "hxxp://us.yahoo.com/?fr=fpc-comodo", "hxxp://start.roboform.com" ]
Found [l.3756] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "hxxp://www.claro-search.com/?affID=117465&tt=4812_4&babsrc=HP_ss&mntrId=742510ee0000000000000016767832aa", "hxxp://us.yahoo.com/?fr=fpc-comodo", "hxxp://start.roboform.com" ]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "hxxp://www.claro-search.com/?affID=117465&tt=4812_4&babsrc=HP_ss&mntrId=742510ee0000000000000016767832aa", "hxxp://us.yahoo.com/?fr=fpc-comodo", "hxxp://start.roboform.com" ]
Found [l.2699] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "hxxp://www.claro-search.com/?affID=117465&tt=4812_4&babsrc=HP_ss&mntrId=742510ee0000000000000016767832aa", "hxxp://us.yahoo.com/?fr=fpc-comodo", "hxxp://start.roboform.com" ]

*************************

AdwCleaner[R1].txt - [1328 octets] - [18/12/2012 13:15:52]
AdwCleaner[R2].txt - [1388 octets] - [18/12/2012 13:17:20]
AdwCleaner[R3].txt - [2666 octets] - [22/02/2013 13:04:58]
AdwCleaner[S1].txt - [1169 octets] - [18/12/2012 14:36:07]
AdwCleaner[S2].txt - [1015 octets] - [18/12/2012 14:56:25]

########## EOF - C:\AdwCleaner[R3].txt - [2846 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please run AdwCleaner again and this time select the option to "delete" and post the resulting log.


----------



## jlski (Dec 2, 2002)

# AdwCleaner v2.112 - Logfile created 02/22/2013 at 15:00:43
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - JERRYSCOMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

***** [Registry] *****

Key Deleted : HKCU\Software\5c2dcdcb53cb914
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\5c2dcdcb53cb914
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{069B290F-5398-4629-A009-85B4BCB4B1B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17117

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48"[...]
Deleted [l.3742] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "[...]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48"[...]
Deleted [l.2699] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3209604&SearchSource=48", "[...]

*************************

AdwCleaner[R1].txt - [1328 octets] - [18/12/2012 13:15:52]
AdwCleaner[R2].txt - [1388 octets] - [18/12/2012 13:17:20]
AdwCleaner[R3].txt - [2915 octets] - [22/02/2013 13:04:58]
AdwCleaner[S1].txt - [1169 octets] - [18/12/2012 14:36:07]
AdwCleaner[S2].txt - [1015 octets] - [18/12/2012 14:56:25]
AdwCleaner[S3].txt - [2186 octets] - [22/02/2013 15:00:43]

########## EOF - C:\AdwCleaner[S3].txt - [2246 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Dare I ask if you're still getting that Windows Installer thing after rebooting?


----------



## jlski (Dec 2, 2002)

They need to make an emoticon of a crybaby.  Yes it is still haunting me.


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start * *Run *- type *msconfig*  click OK and click on the *startup tab*. Uncheck everything there except for your anti-virus program. Then reboot and let me know if the problem persists please.


----------



## jlski (Dec 2, 2002)

Comodo Anti-virus wasn't in the list because I have it uninstalled since yesterday. The popup did not come up this time.


----------



## Cookiegal (Aug 27, 2003)

Try rechecking each item in msconfig one at a time and then reboot after each to see which will generate the Windows Installer popup.


----------



## jlski (Dec 2, 2002)

Contact Keeper was the culprit cookiegal. I don't understand why, I've been using it for about seven years.


----------



## Cookiegal (Aug 27, 2003)

I don't see where anything we've done may have affected that program but it could be damaged or corrupt.

I would try uninstalling and reinstalling it if you have the means to do so.


----------



## jlski (Dec 2, 2002)

Thanks cookiegal, I'll give that a shot, recheck it and see if the problem still exist and get back to you.


----------



## Cookiegal (Aug 27, 2003)

Thanks.


----------



## jlski (Dec 2, 2002)

I uninstalled ContactKeeper and re-installed the newest version and the problem persists. I unchecked it from the start up list because it really doesn't have to be there to work. However, the popup does not pop up when rebooting but does when I click on the ContactKeeper icon on my desktop. So the issue is definitely with ContactKeeper.


----------



## Cookiegal (Aug 27, 2003)

Does the same thing happen if you click on the program's exectuable from this location to run the program?

c:\program files\contactkeeper\*ContactKeeper.exe*


----------



## jlski (Dec 2, 2002)

Wouldn't you know it?


----------



## jlski (Dec 2, 2002)

Yes, the same thing happens if I click on the program's executable from this location to run the program?

c:\program files\contactkeeper\*ContactKeeper.exe*


----------



## Cookiegal (Aug 27, 2003)

I would try the MS FixIt tool again. It's for problems with installation as well as uninstallation. Perhaps select the option "install or upgrade software or hardware" or see if there's something else that might be more appropriate. Let me know how that goes please.


----------



## jlski (Dec 2, 2002)

MS Fixit is still not working.


----------



## Cookiegal (Aug 27, 2003)

Can you elaborate a bit? What happens when you run it?


----------



## jlski (Dec 2, 2002)

I'll get an error message snapshot and post it here.


----------



## jlski (Dec 2, 2002)

This is the same error I got a week or two back with Google Chrome & IE7.


----------



## Cookiegal (Aug 27, 2003)

Please check the date and time on your machine and let me know if they are correct.


----------



## jlski (Dec 2, 2002)

Yes, they are correct.


----------



## Cookiegal (Aug 27, 2003)

Please try to access all of the following URLs and report any that you can't access or any behaviour other than what's noted below.

http://support.microsoft.com
https://support.microsoft.com
https://dcupload.microsoft.com
https://diagnostics.support.microsoft.com
https://dcodews.partners.extranet.microsoft.com
http://microsoft.com
https://microsoft.com

Note that:

https://diagnostics.support.microsoft.com should show an Access Denied message. 
https://dcupload.microsoft.com and https://dcodews.partners.extranet.microsoft.com should show a "Hello from…" text message.


----------



## jlski (Dec 2, 2002)

http://support.microsoft.com - Accessed

https://support.microsoft.com - Accessed

https://dcupload.microsoft.com - Hello from US-02

https://diagnostics.support.microsoft.com - Server Error - 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

https://dcodews.partners.extranet.microsoft.com/ - Hello from US-01

http://microsoft.com/ - forwarded to http://www.microsoft.com/en-us/default.aspx - Accessed

https://microsoft.com/ - This webpage is not available


----------



## Cookiegal (Aug 27, 2003)

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


Double-click *VEW.exe*

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Information*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## jlski (Dec 2, 2002)

Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/02/2013 8:54:09 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/02/2013 9:35:24 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket -884433235. 

Log: 'Application' Date/Time: 22/02/2013 9:35:09 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 7.0.6000.17117, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 

Log: 'Application' Date/Time: 22/02/2013 3:57:43 PM
Type: error Category: 0
Event: 1 Source: Chrome
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2013 3:57:21 PM
Type: error Category: 0
Event: 1 Source: Chrome
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2013 3:47:22 PM
Type: error Category: 0
Event: 1 Source: Chrome
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2013 3:37:51 PM
Type: error Category: 0
Event: 1 Source: Chrome
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2013 3:32:12 PM
Type: error Category: 0
Event: 1 Source: Chrome
The event description cannot be found.

Log: 'Application' Date/Time: 21/02/2013 11:57:45 PM
Type: error Category: 0
Event: 1 Source: Chrome
The event description cannot be found.

Log: 'Application' Date/Time: 21/02/2013 4:45:26 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x0008d1c0. 

Log: 'Application' Date/Time: 13/02/2013 11:53:22 PM
Type: error Category: 0
Event: 5000 Source: NativeWrapper
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/02/2013 5:04:08 PM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.

Log: 'Application' Date/Time: 27/02/2013 5:04:01 PM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.

Log: 'Application' Date/Time: 27/02/2013 2:10:45 PM
Type: information Category: 1
Event: 101 Source: SkypeUpdate
Service stopped. 

Log: 'Application' Date/Time: 27/02/2013 2:10:44 PM
Type: information Category: 1
Event: 103 Source: SkypeUpdate
SkypeUpdate service is shutting down due to idle timeout. 

Log: 'Application' Date/Time: 27/02/2013 2:08:56 PM
Type: information Category: 0
Event: 1042 Source: MsiInstaller
Ending a Windows Installer transaction: {5E33D30D-D896-4D92-B033-5F45819B2937}. Client Process Id: 1912. 

Log: 'Application' Date/Time: 27/02/2013 2:08:56 PM
Type: information Category: 0
Event: 1040 Source: MsiInstaller
Beginning a Windows Installer transaction: {5E33D30D-D896-4D92-B033-5F45819B2937}. Client Process Id: 1912. 

Log: 'Application' Date/Time: 27/02/2013 2:08:56 PM
Type: information Category: 0
Event: 1042 Source: MsiInstaller
Ending a Windows Installer transaction: {5E33D30D-D896-4D92-B033-5F45819B2937}. Client Process Id: 1912. 

Log: 'Application' Date/Time: 27/02/2013 2:08:56 PM
Type: information Category: 0
Event: 1040 Source: MsiInstaller
Beginning a Windows Installer transaction: {5E33D30D-D896-4D92-B033-5F45819B2937}. Client Process Id: 1912. 

Log: 'Application' Date/Time: 27/02/2013 2:08:55 PM
Type: information Category: 0
Event: 1042 Source: MsiInstaller
Ending a Windows Installer transaction: {5E33D30D-D896-4D92-B033-5F45819B2937}. Client Process Id: 1912. 

Log: 'Application' Date/Time: 27/02/2013 2:08:55 PM
Type: information Category: 0
Event: 1040 Source: MsiInstaller
Beginning a Windows Installer transaction: {5E33D30D-D896-4D92-B033-5F45819B2937}. Client Process Id: 1912. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/02/2013 2:08:56 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{5E33D30D-D896-4D92-B033-5F45819B2937}', feature 'AlwaysInstall' failed during request for component '{A5741631-78FD-46BF-B567-A3156C8C7F41}' 

Log: 'Application' Date/Time: 27/02/2013 2:08:55 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{5E33D30D-D896-4D92-B033-5F45819B2937}', feature 'AlwaysInstall' failed during request for component '{A5741631-78FD-46BF-B567-A3156C8C7F41}' 

Log: 'Application' Date/Time: 27/02/2013 2:08:55 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{5E33D30D-D896-4D92-B033-5F45819B2937}', feature 'AlwaysInstall' failed during request for component '{A5741631-78FD-46BF-B567-A3156C8C7F41}' 

Log: 'Application' Date/Time: 27/02/2013 2:08:54 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{5E33D30D-D896-4D92-B033-5F45819B2937}', feature 'AlwaysInstall' failed during request for component '{B23ADF68-6C4C-4772-9664-D5010AC9CC25}' 

Log: 'Application' Date/Time: 27/02/2013 2:08:53 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{5E33D30D-D896-4D92-B033-5F45819B2937}', feature 'AlwaysInstall' failed during request for component '{B23ADF68-6C4C-4772-9664-D5010AC9CC25}' 

Log: 'Application' Date/Time: 27/02/2013 2:08:52 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{5E33D30D-D896-4D92-B033-5F45819B2937}', feature 'AlwaysInstall' failed during request for component '{A5741631-78FD-46BF-B567-A3156C8C7F41}' 

Log: 'Application' Date/Time: 27/02/2013 2:08:52 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{5E33D30D-D896-4D92-B033-5F45819B2937}', feature 'AlwaysInstall' failed during request for component '{A5741631-78FD-46BF-B567-A3156C8C7F41}' 

Log: 'Application' Date/Time: 27/02/2013 2:08:51 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{5E33D30D-D896-4D92-B033-5F45819B2937}', feature 'AlwaysInstall' failed during request for component '{A5741631-78FD-46BF-B567-A3156C8C7F41}' 

Log: 'Application' Date/Time: 27/02/2013 2:08:31 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{5E33D30D-D896-4D92-B033-5F45819B2937}', feature 'AlwaysInstall' failed during request for component '{A5741631-78FD-46BF-B567-A3156C8C7F41}' 

Log: 'Application' Date/Time: 27/02/2013 7:56:49 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{5E33D30D-D896-4D92-B033-5F45819B2937}', feature 'AlwaysInstall' failed during request for component '{A5741631-78FD-46BF-B567-A3156C8C7F41}' 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/02/2013 2:09:17 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s). 

Log: 'System' Date/Time: 27/02/2013 11:27:02 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 192.168.1.138 for the Network Card with network address 0016767832AA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 

Log: 'System' Date/Time: 22/02/2013 3:00:58 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s). 

Log: 'System' Date/Time: 21/02/2013 4:53:17 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 

Log: 'System' Date/Time: 21/02/2013 4:38:10 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Fips intelppm 

Log: 'System' Date/Time: 21/02/2013 4:36:53 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 

Log: 'System' Date/Time: 21/02/2013 1:30:27 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 

Log: 'System' Date/Time: 21/02/2013 1:14:26 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cmdGuard Fips intelppm 

Log: 'System' Date/Time: 21/02/2013 1:13:10 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 

Log: 'System' Date/Time: 21/02/2013 11:53:01 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/02/2013 8:12:19 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the stopped state. 

Log: 'System' Date/Time: 27/02/2013 8:12:19 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Adobe Flash Player Update Service service was successfully sent a start control. 

Log: 'System' Date/Time: 27/02/2013 8:12:19 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the running state. 

Log: 'System' Date/Time: 27/02/2013 7:12:03 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the stopped state. 

Log: 'System' Date/Time: 27/02/2013 7:12:03 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Adobe Flash Player Update Service service was successfully sent a start control. 

Log: 'System' Date/Time: 27/02/2013 7:12:03 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the running state. 

Log: 'System' Date/Time: 27/02/2013 6:12:08 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the stopped state. 

Log: 'System' Date/Time: 27/02/2013 6:12:08 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Adobe Flash Player Update Service service was successfully sent a start control. 

Log: 'System' Date/Time: 27/02/2013 6:12:08 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the running state. 

Log: 'System' Date/Time: 27/02/2013 5:12:00 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Adobe Flash Player Update Service service was successfully sent a start control. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/02/2013 4:27:24 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 26/02/2013 2:01:06 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 25/02/2013 8:57:03 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 24/02/2013 12:23:07 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 23/02/2013 11:01:18 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 22/02/2013 1:45:43 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 21/02/2013 6:48:33 PM
Type: warning Category: 0
Event: 11050 Source: dnscache
The DNS Client service could not contact any DNS servers for a repeated number of attempts. For the next 30 seconds the DNS Client service will not use the network to avoid further network performance problems. It will resume its normal behavior after that. If this problem persists, verify your TCP/IP configuration, specifically check that you have a preferred (and possibly an alternate) DNS server configured. If the problem continues, verify network conditions to these DNS servers or contact your network administrator. 

Log: 'System' Date/Time: 20/02/2013 4:29:09 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 19/02/2013 10:58:19 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 18/02/2013 4:29:03 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.


----------



## Cookiegal (Aug 27, 2003)

Please use SystemLook again and run it with the following script:


```
:regfind
5E33D30D
```
Then post the log please.


----------



## jlski (Dec 2, 2002)

SystemLook 30.07.11 by jpshortstuff
Log created at 13:58 on 28/02/2013 by Owner
Administrator - Elevation successful

========== regfind ==========

Searching for "5E33D30D"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D03D33E5698D29D40B33F55418B99273]
"ProductIcon"="C:\WINDOWS\Installer\{5E33D30D-D896-4D92-B033-5F45819B2937}\SOS_APP_ICON"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOS Online Backup\DefaultIcon]
@="C:\WINDOWS\Installer\{5E33D30D-D896-4D92-B033-5F45819B2937}\SOS_PROGID_ICON,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\{5E33D30D-D896-4D92-B033-5F45819B2937}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5E33D30D-D896-4D92-B033-5F45819B2937}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\WINDOWS\Installer\{5E33D30D-D896-4D92-B033-5F45819B2937}\"=""

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please delete this folder:

C:\*MATS*

I'm attaching a Fixjlski3.zip file to this post. Save it to your desktop. Unzip it (extract the file) and double-click the Fixjlski3.reg file and allow it to merge into the registry.


----------



## jlski (Dec 2, 2002)

Sorry cookiegal. I ran into a major problem. My winzip trial expired so I have to find a program to unzip it. I also had to uninstall Comodo because for some reason it went wacko and wouldn't let me on the internet. Once I figured out what was causing the issue I uninstalled Comodo and now I'm back on. I think my puter is possessed.


----------



## jlski (Dec 2, 2002)

OK, merged what next? Also deleted C:/MATS.


----------



## Cookiegal (Aug 27, 2003)

So I guess you figured out that Windows can unzip files. :up:

Have you rebooted the machine since doing those fixes?

If not please do so and report back if you're still getting the Windows Installer popup.


----------



## jlski (Dec 2, 2002)

Good morning cookiegal, if it is morning for you. Yes, it is still haunting me.  I also get this (http://xn--in-process-plugins-6m9j/) now with Google Chrome. This tab loads by itself, yet I'm still connected to the ISP and can still surf the net.


----------



## Cookiegal (Aug 27, 2003)

Did you by chance download the 64-bit version of Chrome?


----------



## jlski (Dec 2, 2002)

If I did it wasn't intentional. It is version 1.3.21.135 which is supposed to be for Windows XP.


----------



## Cookiegal (Aug 27, 2003)

I would recommend uninstalling and then reinstalling Chrome.


----------



## jlski (Dec 2, 2002)

I like your thinking. Will do.


----------



## jlski (Dec 2, 2002)

Solved that little problem. Thank you. However, that thing that has possessed my computer world is still with.


----------



## Cookiegal (Aug 27, 2003)

Contact Keeper doesn't need to be running at startup. If you go to *Start *- *Run *- *msconfig *- click on the startup tab and uncheck it there then click *Apply *and *OK* does that stop the Windows installer from popping up at every boot?


----------



## jlski (Dec 2, 2002)

Yes it does.


----------



## Cookiegal (Aug 27, 2003)

In ContactKeeper do you have "Check version" in the "Options" menu checked? If so, that means it connects to the Internet to download a file to check if you have the latest version. I'm thinking this may provoke the Windows Installer in some way.


----------



## jlski (Dec 2, 2002)

Unchecking it did not help, however, I think I found the problem. Check out the attachment.


----------



## Cookiegal (Aug 27, 2003)

Yes, I saw that earlier too. Perhaps you could find a different program to fit your needs?


----------



## jlski (Dec 2, 2002)

Do you have any good suggestions or would not be allowed to suggest any if you did.


----------



## Cookiegal (Aug 27, 2003)

I could make suggestions but I have no idea as I've never used that type of program.


----------



## jlski (Dec 2, 2002)

I had to have something to keep up with 1,500 members and it does a great job. Until.... Other than that everything now seems to be ok. Can I take all the other programs and delete them or do you have something else up your sleeve?


----------



## Cookiegal (Aug 27, 2003)

I have something else up my sleeve. 

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging into to sites that you use on your computer as a precaution.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Please open OTS again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start* - *All Programs* - *Accessories* - *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

Then let me know if there are any programs we used that didn't get uninstalled with the above cleanup routine please.


----------



## jlski (Dec 2, 2002)

These are still on my desktop. 

Gemer, ATF-Cleaner, OTL, SystemLook, OTS, RogueKiller, RK_Quarantine Folder, aswMBR, dds, JRT, backups folder, AdwCleaner


----------



## Cookiegal (Aug 27, 2003)

Gmer, ATFCleaner and JRT can be removed by dragging them to the Recycle Bin.

Open AdwCleaner and click on the button that says "Uninstall" and it will uninstall itself.

Are you sure you rebooted the computer after running the CleanUp routine? Because OTS, OTL, SystemLook, RogueKiller, aswmbr and dds should all have been removed by doing that.

I'm not sure what "backups folder" is. Did you create that?


----------



## jlski (Dec 2, 2002)

Actually, when I went to do the first part you suggested as below in red, the box already had a check in it so I unchecked it then rebooted. Since it was already checked I thought you may have meant uncheck the Turn off System Restore.

To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply and then click OK.


----------



## Cookiegal (Aug 27, 2003)

No, you have to put a check in the box in order to turn off system restore. This flushes out all previous restore points. Then you have to go back and remove the check from that box to turn system restore back on. If there was a check there already then your system restore was already turned off.

Any luck removing those programs with the OTS cleanup routine?


----------



## jlski (Dec 2, 2002)

aswMBR is the only thing that was not removed. Also, I did create a new restore point.


----------



## etaf (Oct 2, 2003)

hi, 
we have been informed that *Cookiegal* telephone line is now down and they say that it may take upto three days before *Cookiegal* will be back online - sorry for any inconvenience

Wayne
ETAF


----------



## jlski (Dec 2, 2002)

Thank you Wayne. I understand and do wait patiently.


----------



## Cookiegal (Aug 27, 2003)

Thankfully the service was restored soone than anticipated. 

To remove aswMBR please drag all three of the following files from your desktop to the Recycle Bin:

aswMBR.exe
MBR.dat
aswMBR.txt


----------



## jlski (Dec 2, 2002)

Welcome back. Happy you they restored your power sooner than expected. Items moved to recycle bin and recycle bin emptied.


----------



## Cookiegal (Aug 27, 2003)

Thanks. I couldn't stand two or three more days without Internet or telephone service. 

Please report back if you notice any problems over the next few days but you should be good to go.


----------



## jlski (Dec 2, 2002)

Thank you ? aka cookiegal. I appreciate your help more than there are words to express. Hope your power stays on for all eternity.  If anything should go wacky I'll get back with you.


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure. Thank you for the kind words.


----------



## jlski (Dec 2, 2002)

I speak what I feel.


----------



## Cookiegal (Aug 27, 2003)

jlski said:


> I speak what I feel.


:up:


----------

