SickAndTired
-
Posts
79 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by SickAndTired
-
-
Great! Looks like I have nothing to worry about then. Thank you very much for your time, David.
-
I got all the exact messages as was shown in those screenshots on that thread. S, just to be sure ... you are telling me I do "not" need to install this update and I can hide it once again? I will be happy not to have to fuss with it further.
I can't stay in here tonight so will check back in tomorrow.
-
Hi David. Yes, exactly as far as I can tell. I cannot try those steps right now but will give them a go this evening when I have free time. Thanks, I will get back with you. OH, if I may ask ... is it possible/okay even, to apply an older update with all the newer ones on there now? Thx
-
Hello. No malware problem but am curious about this issue (if it is one). Thanks.
Security Update Net Framework 1.1 SP1 Fails and reprompts constantly even though I have the latest versions installed. I had tried to install this in the past and it failed so I hid it so it would stop prompting me and I just remembered about it.
I have many versions installed, up to Net Framework 3.5 SP1 as well as Net Framework 4 Client Profile. All of them include many more updates under each seperate listing.
1.1 SP1 is not in the list. Not sure why it never installed originally.
Is it safe to ignore it and keep it hidden in updates?
-
Done. Rebooted. All is gone and system seems to be running just fine. It has even been starting/rebooting faster since all that restore history is gone.
Thank you!
-
On just the main folder or each entry?
-
Maybe not running ... I might have looked at a different one on that, sorry.
-
Well, when I tried to close out the txt file my computer rebooted. It reloaded fine, so far as I can tell. I went to program files - gone. I went into the registry and it is still there and shows it is running!
Here are screenshots (edited) of those folders:
-
Here are the results:
========== OTL ==========
Process SASCore.exe killed successfully!
Service !SASCORE stopped successfully!
Service !SASCORE deleted successfully!
C:\Program Files\SUPERAntiSpyware\SASCore.exe moved successfully.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service SASDIFSV stopped successfully!
Service SASDIFSV deleted successfully!
C:\Program Files\SUPERAntiSpyware\sasdifsv.sys moved successfully.
Service SASKUTIL stopped successfully!
Service SASKUTIL deleted successfully!
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS moved successfully.
Registry value HKEY_USERS\S-1-5-21-1500982738-3618749481-1802049845-1007\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1500982738-3618749481-1802049845-1007\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully.
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE moved successfully.
Registry value HKEY_USERS\S-1-5-21-1500982738-3618749481-1802049845-1011\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL moved successfully.
C:\Documents and Settings\~Debb~\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS folder moved successfully.
C:\Documents and Settings\~Debb~\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine folder moved successfully.
C:\Documents and Settings\~Debb~\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs folder moved successfully.
C:\Documents and Settings\~Debb~\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs folder moved successfully.
C:\Documents and Settings\~Debb~\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware folder moved successfully.
C:\Documents and Settings\~Debb~\Application Data\SUPERAntiSpyware.com folder moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com folder moved successfully.
C:\Program Files\SUPERAntiSpyware\Plugins folder moved successfully.
C:\Program Files\SUPERAntiSpyware\Language folder moved successfully.
C:\Program Files\SUPERAntiSpyware folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SUPERSetup folder moved successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 12132012_124012
-
I will be back in about 40 minutes ... will post back then.
-
OTL.txt:
OTL logfile created on: 12/13/2012 10:46:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\~Debb~\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 70.55% Memory free
5.08 Gb Paging File | 4.33 Gb Available in Paging File | 85.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 927.21 Gb Total Space | 894.66 Gb Free Space | 96.49% Space Free | Partition Type: NTFS
Drive D: | 4.29 Gb Total Space | 1.74 Gb Free Space | 40.50% Space Free | Partition Type: FAT32
Drive N: | 465.75 Gb Total Space | 259.50 Gb Free Space | 55.72% Space Free | Partition Type: NTFS
Computer Name: XXXXX | User Name: ~Debb~ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/13 10:46:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\~Debb~\Desktop\OTL.exe
PRC - [2012/11/29 03:27:34 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/01 17:46:40 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/23 09:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/26 10:17:26 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/11/12 00:28:01 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2010/08/23 16:42:22 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/07/20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
PRC - [2009/07/10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/06/25 12:02:28 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/06/21 17:01:32 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/05/21 16:56:52 | 001,122,304 | ---- | M] () -- C:\Program Files\CalendarPal\CalendarPal.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/02/09 11:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 11:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006/12/12 09:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 09:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 09:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2006/11/29 21:37:20 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/29 21:35:42 | 001,396,820 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/11/16 18:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 17:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2005/12/09 20:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2005/10/12 18:16:06 | 000,172,032 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
PRC - [2005/10/05 11:00:44 | 000,053,248 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
PRC - [2005/10/05 11:00:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
PRC - [2005/03/09 12:29:58 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/03/09 12:29:44 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/03/02 22:24:50 | 005,576,704 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe
========== Modules (No Company Name) ==========
MOD - [2012/11/29 03:27:37 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/17 15:02:20 | 000,970,240 | ---- | M] () -- C:\Documents and Settings\~Debb~\Application Data\Mozilla\Firefox\Profiles\6iegk1ue.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/11/12 00:28:01 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/14 17:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/07/20 11:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/06/25 12:02:28 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2008/05/21 16:56:52 | 001,122,304 | ---- | M] () -- C:\Program Files\CalendarPal\CalendarPal.exe
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2007/02/09 11:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007/02/09 11:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007/02/09 11:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2005/10/29 22:31:08 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2005/10/05 11:00:44 | 000,053,248 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
MOD - [2005/10/05 11:00:06 | 000,094,208 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\libwidcommc-2.dll
MOD - [2005/10/05 11:00:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll
MOD - [2005/10/05 11:00:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
MOD - [2005/10/05 11:00:06 | 000,049,152 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\pybluetooth.pyd
MOD - [2005/10/05 11:00:06 | 000,045,056 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\libbluetooth.dll
MOD - [2005/10/05 11:00:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\pywidcommc.pyd
MOD - [2005/10/05 11:00:06 | 000,015,360 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\libwidcommc.dll
MOD - [2005/10/05 11:00:06 | 000,011,776 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\pyvspdxp.pyd
MOD - [2005/08/05 23:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 22:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005/02/23 15:27:06 | 000,307,200 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\pythoncom23.dll
MOD - [2005/02/23 15:27:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\pywintypes23.dll
MOD - [2004/04/26 12:21:08 | 000,040,960 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\dde.pyd
MOD - [2004/04/26 12:20:58 | 000,659,456 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\win32ui.pyd
MOD - [2004/04/26 12:20:34 | 000,094,208 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\shell.pyd
MOD - [2004/04/26 12:19:22 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\win32gui.pyd
MOD - [2004/04/26 12:19:16 | 000,057,344 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\win32security.pyd
MOD - [2004/04/26 12:19:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\win32process.pyd
MOD - [2004/04/26 12:19:12 | 000,028,672 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\win32pdh.pyd
MOD - [2004/04/26 12:19:12 | 000,024,576 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\win32pipe.pyd
MOD - [2004/04/26 12:19:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\win32file.pyd
MOD - [2004/04/26 12:19:00 | 000,024,576 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\win32event.pyd
MOD - [2004/04/26 12:18:58 | 000,069,632 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\win32api.pyd
MOD - [2003/12/18 20:30:20 | 000,061,503 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\zlib.pyd
MOD - [2003/12/18 20:29:36 | 000,036,864 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\_winreg.pyd
MOD - [2003/12/18 20:28:10 | 000,135,234 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\pyexpat.pyd
MOD - [2003/12/18 20:26:04 | 000,495,616 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\_ssl.pyd
MOD - [2003/12/18 20:25:42 | 000,057,407 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\_sre.pyd
MOD - [2003/12/18 20:25:18 | 000,049,218 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\_socket.pyd
MOD - [2003/12/08 05:36:28 | 000,049,152 | ---- | M] () -- C:\WINDOWS\CNYUSB.dll
MOD - [2003/10/01 12:41:58 | 000,196,608 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\htmlc.pyd
MOD - [2003/10/01 12:41:56 | 002,240,512 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\wxc.pyd
MOD - [2003/10/01 10:48:44 | 003,416,064 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\wxmsw24uh.dll
MOD - [2002/09/26 05:07:02 | 000,005,120 | ---- | M] () -- C:\WINDOWS\HKCYDLL.dll
========== Services (SafeList) ==========
SRV - [2012/12/11 17:04:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/01 17:46:40 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/23 09:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/11/12 00:28:01 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/08/23 16:42:22 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/06/25 12:02:28 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/21 17:01:32 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2008/01/29 15:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/12/12 18:32:32 | 000,053,248 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Program Files\SigmaTel\C-Major Audio\wdm\stacsv.exe -- (STacSV)
SRV - [2005/10/12 18:16:06 | 000,172,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)
SRV - [2005/10/05 11:00:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe -- (Logitech Easy Synchronization)
SRV - [2005/03/09 12:29:44 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - [2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 10:25:19 | 000,124,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 15:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 15:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 15:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 13:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/12/18 09:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/06/21 17:01:44 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/10 19:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/18 02:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/24 09:49:34 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/02/09 11:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 11:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2007/01/23 14:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/12/19 07:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 07:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 07:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 07:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 07:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 07:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/12/04 16:33:36 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/04 16:33:34 | 000,863,402 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/12/04 16:33:34 | 000,047,907 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/12/04 16:33:34 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/12/04 16:33:32 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/12/02 19:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/10/12 18:15:50 | 000,007,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/10/12 18:15:48 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/10/12 18:15:24 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/10/12 18:15:22 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/10/12 18:15:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/10/05 11:00:06 | 000,047,104 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2005/10/05 11:00:06 | 000,018,167 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2005/09/16 00:24:38 | 000,206,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2005/08/31 14:31:44 | 000,020,480 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2005/07/13 20:18:48 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX510S
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX510S
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007\..\SearchScopes,DefaultScope = {70020C68-0823-4804-90A8-5A708D694CA9}
IE - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007\..\SearchScopes\{70020C68-0823-4804-90A8-5A708D694CA9}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1500982738-3618749481-1802049845-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX510S
IE - HKU\S-1-5-21-1500982738-3618749481-1802049845-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX510S
IE - HKU\S-1-5-21-1500982738-3618749481-1802049845-1011\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/11 13:32:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/11 13:32:46 | 000,000,000 | ---D | M]
[2012/12/10 12:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\~Debb~\Application Data\Mozilla\Extensions
[2012/12/10 12:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\~Debb~\Application Data\Mozilla\Firefox\Profiles\6iegk1ue.default\extensions
[2012/12/10 12:43:11 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\~Debb~\Application Data\Mozilla\Firefox\Profiles\6iegk1ue.default\extensions\support@lastpass.com
[2012/12/10 12:59:26 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\~Debb~\Application Data\Mozilla\Firefox\Profiles\6iegk1ue.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/10 12:32:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/11/12 22:22:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll ()
O3 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DT GWY] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe ()
O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [intelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007..\Run: [CalendarPal] C:\Program Files\CalendarPal\CalendarPal.exe ()
O4 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1011..\Run: [Power2GoExpress] NA File not found
O4 - HKLM..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1500982738-3618749481-1802049845-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: LastPass - file://C:\Documents and Settings\~Debb~\Local Settings\Application Data\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Documents and Settings\~Debb~\Local Settings\Application Data\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282605770000 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344552290562 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{288821FE-6D52-4199-93B1-3025EE1D3178}: DhcpNameServer = 97.64.209.36 97.64.168.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\~Debb~\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\~Debb~\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {FE24CD78-7C63-465D-8787-4EDF7FC79895} - C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/13 10:46:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\~Debb~\Desktop\OTL.exe
[2012/12/12 17:20:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/12 16:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\My Documents\Smokey
[2012/12/11 20:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\Music Midis
[2012/12/11 20:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\SD_OurHouse1
[2012/12/11 18:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\SD_OurHouse2
[2012/12/11 15:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\SD_OurHouse
[2012/12/11 13:32:50 | 000,464,024 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2012/12/11 13:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/12/10 23:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\Christmas actions
[2012/12/10 18:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Application Data\SUPERAntiSpyware.com
[2012/12/10 17:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/12/10 17:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/12/10 17:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/12/10 17:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/12/10 15:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\4 IM Stats
[2012/12/10 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/08 20:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\4 Em 3
[2012/12/04 14:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\My Documents\DFFL
[2012/12/04 14:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012/12/04 14:05:27 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012/12/04 13:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\Graphics Card DRIVER Updates
[2012/12/04 13:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/11/24 22:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\GTA Maps
[2012/11/18 18:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\RESEARCH ME
[2012/11/18 16:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/17 11:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\Photo Paper & Sticker Paper Sites
[2012/11/16 22:49:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/11/14 11:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\~Debb~\Desktop\4Debbs2Save
[2012/07/02 13:43:06 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/12/13 10:46:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\~Debb~\Desktop\OTL.exe
[2012/12/13 10:16:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/13 10:14:54 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2012/12/13 10:14:54 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2012/12/13 10:14:54 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2012/12/13 10:14:54 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/12/13 10:14:54 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/12/13 10:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/12 17:17:36 | 001,720,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/12 16:48:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/12 13:00:43 | 000,004,128 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/12/11 23:29:37 | 000,007,128 | ---- | M] () -- C:\Documents and Settings\~Debb~\Application Data\wklnhst.dat
[2012/12/11 20:44:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/11 20:43:19 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\~Debb~\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/11 13:32:50 | 000,464,024 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2012/12/11 12:03:53 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\~Debb~\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/10 15:13:44 | 000,299,013 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\Make into a stat.png
[2012/12/09 17:33:06 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\Uninstall Firefox from your computer Firefox Help.URL
[2012/12/08 11:03:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/05 22:17:41 | 000,001,302 | ---- | M] () -- C:\WINDOWS\nvrbm.ini
[2012/12/05 20:48:12 | 000,000,445 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\christmas - Google Search.URL
[2012/12/04 14:05:27 | 001,101,436 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/12/04 14:05:27 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/12/04 14:05:23 | 001,101,436 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/12/04 14:05:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/11/24 23:09:29 | 000,025,349 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\FIND your mouse.png
[2012/11/20 10:13:13 | 000,000,060 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\The Graphics Fairy LLC.URL
[2012/11/20 10:11:30 | 000,306,744 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\acorn oak vintage image graphicsfairy002b.jpg
[2012/11/20 10:11:12 | 000,931,681 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\turkey vintage image graphicsfairy4.jpg
[2012/11/18 23:08:20 | 000,000,068 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\Freebies.URL
[2012/11/18 16:08:21 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\Crockpot Breakfast Recipe Just A Pinch Recipes.URL
[2012/11/17 21:36:47 | 000,077,807 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\SD_DFFL.jpg
[2012/11/17 16:58:53 | 000,853,355 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\JACK.pspimage
[2012/11/17 16:06:58 | 000,000,091 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\Shopping Cart.URL
[2012/11/16 22:29:42 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\Mr.C Want to see if I have an infection on Desktop now. - Malwarebytes Forum - Page 2.URL
[2012/11/16 22:18:02 | 000,000,068 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\Premium Hosting.URL
[2012/11/16 21:42:01 | 000,000,047 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\1&1 Internet - Home.URL
[2012/11/16 10:04:17 | 000,481,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/16 10:04:17 | 000,079,790 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/13 17:43:40 | 029,949,923 | ---- | M] () -- C:\Documents and Settings\~Debb~\Desktop\mask.pspimage
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/11 12:03:53 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\~Debb~\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/10 15:13:43 | 000,299,013 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\Make into a stat.png
[2012/12/09 17:33:06 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\Uninstall Firefox from your computer Firefox Help.URL
[2012/12/05 20:48:12 | 000,000,445 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\christmas - Google Search.URL
[2012/12/04 14:05:23 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/12/04 14:05:23 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/12/04 14:05:23 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/12/04 14:05:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/12/04 13:42:34 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/12/04 13:42:34 | 000,012,210 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/11/24 23:09:28 | 000,025,349 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\FIND your mouse.png
[2012/11/24 22:52:07 | 000,246,104 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\SD_MeshBowSupplies.zip
[2012/11/20 10:13:13 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\The Graphics Fairy LLC.URL
[2012/11/20 10:11:30 | 000,306,744 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\acorn oak vintage image graphicsfairy002b.jpg
[2012/11/20 10:11:11 | 000,931,681 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\turkey vintage image graphicsfairy4.jpg
[2012/11/18 23:08:20 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\Freebies.URL
[2012/11/18 16:08:21 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\Crockpot Breakfast Recipe Just A Pinch Recipes.URL
[2012/11/17 21:36:47 | 000,077,807 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\SD_DFFL.jpg
[2012/11/17 16:29:54 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\Cricut® Pink Tool Kit - Cricut Shop.URL
[2012/11/17 16:29:54 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\Free HTML, CSS and Paint Shop Pro Classes - WebTech University.URL
[2012/11/17 16:06:58 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\Shopping Cart.URL
[2012/11/16 22:29:42 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\Mr.C Want to see if I have an infection on Desktop now. - Malwarebytes Forum - Page 2.URL
[2012/11/16 22:18:02 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\Premium Hosting.URL
[2012/11/16 21:42:01 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\1&1 Internet - Home.URL
[2012/11/13 17:43:29 | 029,949,923 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\mask.pspimage
[2012/11/13 11:51:54 | 000,853,355 | ---- | C] () -- C:\Documents and Settings\~Debb~\Desktop\JACK.pspimage
[2012/11/12 17:59:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/15 17:28:15 | 000,035,979 | ---- | C] () -- C:\Program Files\Photoshop CS3 Read Me.html
[2012/03/26 17:45:23 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2012/03/26 17:45:23 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\SkinPlusPlusDLL.dll
[2012/03/26 17:45:23 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\avutil.dll
[2012/03/26 17:45:22 | 007,177,728 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2012/03/26 17:45:18 | 004,819,968 | ---- | C] () -- C:\WINDOWS\System32\rtpdiamond.exe
[2012/03/26 17:45:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\rtfpulse.exe
[2012/02/17 14:34:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/04 12:27:42 | 000,007,128 | ---- | C] () -- C:\Documents and Settings\~Debb~\Application Data\wklnhst.dat
[2011/11/04 12:14:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/18 15:43:26 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.~Debb~.ini
[2011/05/18 16:58:45 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\~Debb~\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 16:53:42 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/23 15:42:27 | 000,164,746 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2011/01/23 15:42:27 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2011/01/22 16:44:28 | 000,164,652 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2011/01/22 16:44:28 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2011/01/22 15:56:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/11/23 23:35:17 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\~Debb~\default.pls
[2010/09/18 17:27:27 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\~Debb~\.recently-used.xbel
[2010/08/27 20:23:55 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\~Debb~\Local Settings\Application Data\Images.fl
[2010/08/25 12:53:57 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\~Debb~\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 19:47:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\~Debb~\Ÿ9Ÿ9
========== ZeroAccess Check ==========
[2006/06/17 04:37:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/08/23 16:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/08/23 16:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/08/31 10:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Caphyon
[2011/08/31 10:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConeXware
[2010/08/25 10:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/08/25 10:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2012/01/30 14:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/09/18 15:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\namesuppressed
[2010/08/23 23:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2010/11/01 16:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PearlMountainSoft
[2010/12/28 18:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2011/11/12 00:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2010/08/25 11:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/08/24 21:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/12/10 17:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/11/01 17:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/01/30 13:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xara
[2012/07/13 15:23:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{529BBEB3-0369-420C-BD9C-37553D289203}
[2012/07/13 15:23:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{682FE305-7958-4875-9B95-34673E7151AD}
[2012/07/13 15:24:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{738BC746-5FBD-4969-B3F1-6A065E31C7BE}
[2012/07/13 16:34:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7D1F40B1-FDA9-48B3-9A00-C43B98B6061B}
[2012/07/13 15:22:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8265C354-3D13-4FE5-95C7-65F277FF3041}
[2012/07/13 15:23:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
[2012/07/13 15:22:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AB404F93-CDCE-40D9-8D4E-8606C84D368C}
[2012/07/01 19:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C3B35EBF-B1F6-4DE1-9682-ED71913E187B}
[2012/07/13 15:23:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DD44E1C4-AD22-4508-8355-744AA998F06D}
[2012/07/13 15:22:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E6AF2639-F710-4F5B-8830-95A396FB523F}
[2012/07/13 15:24:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EC2F7042-ADE8-4F04-9A7E-2316AD6311E2}
[2012/02/19 12:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FD7CAB3E-E895-4E98-9D68-A307CC601204}
[2010/08/23 16:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Leadertech
[2010/08/23 16:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2010/08/23 16:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Leadertech
[2010/08/23 16:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\SampleView
[2012/08/24 12:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\AlawarEntertainment
[2012/09/14 16:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\Alien Skin
[2011/08/27 16:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\ARulerForWindows
[2010/11/01 13:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\Avery
[2011/08/26 15:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\ColorCop
[2010/12/14 21:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\CoreFTP
[2010/08/23 21:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\DisplayTune
[2011/10/29 17:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\doctor
[2011/10/11 15:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\ElevatedDiagnostics
[2010/10/23 17:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\Hi
[2010/09/18 17:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\inkscape
[2010/12/19 13:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\Jasc
[2010/08/23 16:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\Leadertech
[2011/04/02 19:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\LG Electronics
[2012/01/30 14:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\MAGIX
[2011/11/02 17:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\Netscape
[2010/09/23 17:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\Opera
[2010/11/01 16:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\PearlMountainSoft
[2011/11/02 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\Photodex
[2010/08/23 16:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\SampleView
[2011/11/03 13:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\Thinstall
[2010/11/29 20:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\Tific
[2012/08/16 17:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\VSO
[2011/07/18 16:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\Walgreens
[2012/11/01 17:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\~Debb~\Application Data\WildTangent
========== Purity Check ==========
< End of report >
###################################################
Extras.txt:
OTL Extras logfile created on: 12/13/2012 10:46:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\~Debb~\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 70.55% Memory free
5.08 Gb Paging File | 4.33 Gb Available in Paging File | 85.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 927.21 Gb Total Space | 894.66 Gb Free Space | 96.49% Space Free | Partition Type: NTFS
Drive D: | 4.29 Gb Total Space | 1.74 Gb Free Space | 40.50% Space Free | Partition Type: FAT32
Drive N: | 465.75 Gb Total Space | 259.50 Gb Free Space | 55.72% Space Free | Partition Type: NTFS
Computer Name: XXXXX | User Name: ~Debb~ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1500982738-3618749481-1802049845-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\Bin\ImLc.exe" = C:\Program Files\IncrediMail\Bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\IncrediMail\Bin\ImPackr.exe" = C:\Program Files\IncrediMail\Bin\ImPackr.exe:*:Enabled:IncrediMail -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}" = Xara 3D Maker 7
"{1C52C859-8E8E-4E69-9608-C923644AC1E0}" = LG PC Suite III
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2086A549-ED96-4dc9-BBE3-0538AB29ABEC}" = PSP Thumbnail Handler
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27ECB379-B140-43C3-BAD5-36C034B5A996}" = Intel® Quick Resume Technology Drivers
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3a6f8a27-fa78-48a4-bbd1-399b000bcc9a}" = C8100_Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio 2.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{549B6B58-0881-4D0F-BFF1-5A345944BF76}" = PowerArchiver 2012
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BDEA9E0-E55B-45A7-93F7-6B8F68F851E5}" = Topaz InFocus
"{6054F774-FEF0-46C6-9311-EC97FC576FC5}" = USB Wireless Keyboard Driver
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770D3BDC-19D7-49D0-B60B-C5BB77553FBB}" = Topaz Fusion Express 2
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8117EA22-035F-4880-86AE-AC7C4F1FA3E2}" = Topaz ReMask 3
"{83483790-4C9A-4ea0-9076-EFB0FB58674B}" = 3D Starry Night Lake Scene
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.0.54
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}" = Topaz Simplify 3
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E146BA1-26DD-4C3B-9F0F-90F2E3CEC9D2}" = Topaz DeJpeg 4
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC134D03-97F1-45B9-B32A-52E885AFA895}" = Mobile Phone Suite Easy Synchronization
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}" = KODAK Share Button App
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}" = Topaz Detail 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D85AB83D-CD2D-44D0-9DA3-E16294DE81D2}" = Intel Audio Studio 2.0
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DCF4C336-18DB-449B-9238-821B7F28B614}_is1" = Uninstall A Ruler for Windows
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDAC27F9-8293-465f-A4B0-011F1D38BBA1}" = RoxioShim
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E0303B6A-C675-4102-95DA-C013625BFA99}" = GTA San Andreas
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6C48B74-26ED-4EF8-A04C-42AFDE5E1CA3}" = Intel® PRO Network Connections
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF3F9770-CA7B-4c5d-8A98-49AB97216546}" = C8100
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4955758-B754-471D-9091-7CE2C3D9E9AA}" = EzTune
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FCFEC0B9-6999-4BD2-85D1-4ED21070704E}" = Intel® Viiv™
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AI RoboForm" = AI RoboForm (All Users)
"All ATI Software" = ATI - Software Uninstall Utility
"AudioLabel" = AudioLabel
"AV Bros. Page Curl Pro 2.2" = AV Bros. Page Curl Pro 2.2 (Remove Only)
"AVBrosPageCurl" = AV Bros. Page Curl 1.2 (Remove Only)
"AVBrosPuzzlePro12" = AV Bros. Puzzle Pro 1.2 (Remove Only)
"CalendarPal" = CalendarPal
"Canon MOV Encoder" = Canon MOV Encoder
"Core FTP LE 2.1" = Core FTP LE 2.1
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"Eye Candy 3" = Eye Candy 3
"Eye Candy 4000" = Eye Candy 4000 Demo
"EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact
"EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"Filters Unlimited_is1" = Filters Unlimited 2.0.3
"gtw_logo" = gtw_logo
"Harry's Filters" = Harry's Filters
"Harry's Filters_is1" = Harry's Filters 3.01
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"HTMLKit_is1" = HTML-Kit
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail 2.0
"Inkscape" = Inkscape 0.47
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Intel® Quick Resume Technology" = Intel® Quick Resume Technology Drivers
"Kylix Ringtone Maker 3.0_is1" = Kylix Ringtone Maker 3.0
"LastPass" = LastPass (uninstall only)
"MAGIX_MSI_Xara3D7" = Xara 3D Maker 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1" = Memorex exPressit Label Design Studio
"PatchBeam" = PatchBeam
"Permanent Press plug-in for Adobe Photoshop and ~4DEC09C6_is1" = Permanent Press 1.02.
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Photodex Presenter" = Photodex Presenter
"PhotoMail" = PhotoMail Maker
"PlaidLite_5QM" = namesuppressed Plaid Lite
"PowerArchiver 2012 13.00.26" = PowerArchiver 2012
"ProShow Gold" = ProShow Gold
"RealPlayer 6.0" = RealPlayer Basic
"Shop for HP Supplies" = Shop for HP Supplies
"Smileycons_is1" = Smileycons 6.0.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"Topaz Adjust 4" = Topaz Adjust 4
"Topaz Adjust 5" = Topaz Adjust 5
"Topaz Clean 3" = Topaz Clean 3
"Topaz DeJpeg 4" = Topaz DeJpeg 4
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz Detail 2" = Topaz Detail 2
"Topaz Fusion Express 2" = Topaz Fusion Express 2
"Topaz InFocus" = Topaz InFocus
"Topaz ReMask 3" = Topaz ReMask 3
"Topaz Simplify 3" = Topaz Simplify 3
"Vizros Plug-ins 4.1" = Vizros Plug-ins 4.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/12/2012 5:40:54 PM | Computer Name = XXXXX | Source = Application Error | ID = 1000
Description = Faulting application mhotkey.exe, version 3.0.0.9, faulting module
mhotkey.exe, version 3.0.0.9, fault address 0x000099a1.
Error - 12/12/2012 5:41:43 PM | Computer Name = XXXXX | Source = STacSV | ID = 268435455
Description =
Error - 12/12/2012 5:51:15 PM | Computer Name = XXXXX | Source = Application Error | ID = 1000
Description = Faulting application mhotkey.exe, version 3.0.0.9, faulting module
mhotkey.exe, version 3.0.0.9, fault address 0x000099a1.
Error - 12/12/2012 5:52:02 PM | Computer Name = XXXXX | Source = STacSV | ID = 268435455
Description =
Error - 12/12/2012 6:18:57 PM | Computer Name = XXXXX | Source = Application Error | ID = 1000
Description = Faulting application mhotkey.exe, version 3.0.0.9, faulting module
mhotkey.exe, version 3.0.0.9, fault address 0x000099a1.
Error - 12/12/2012 6:19:18 PM | Computer Name = XXXXX | Source = STacSV | ID = 268435455
Description =
Error - 12/13/2012 10:29:17 AM | Computer Name = XXXXX | Source = STacSV | ID = 268435455
Description =
Error - 12/13/2012 10:29:28 AM | Computer Name = XXXXX | Source = Application Error | ID = 1000
Description = Faulting application mhotkey.exe, version 3.0.0.9, faulting module
mhotkey.exe, version 3.0.0.9, fault address 0x000099a1.
Error - 12/13/2012 11:17:35 AM | Computer Name = XXXXX | Source = Application Error | ID = 1000
Description = Faulting application mhotkey.exe, version 3.0.0.9, faulting module
mhotkey.exe, version 3.0.0.9, fault address 0x000099a1.
Error - 12/13/2012 11:18:20 AM | Computer Name = XXXXX | Source = STacSV | ID = 268435455
Description =
[ System Events ]
Error - 12/12/2012 5:43:05 PM | Computer Name = XXXXX | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 12/12/2012 5:43:05 PM | Computer Name = XXXXX | Source = Service Control Manager | ID = 7034
Description = The SigmaTel Audio Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 12/12/2012 5:53:24 PM | Computer Name = XXXXX | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 12/12/2012 5:53:24 PM | Computer Name = XXXXX | Source = Service Control Manager | ID = 7034
Description = The SigmaTel Audio Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 12/12/2012 6:19:15 PM | Computer Name = XXXXX | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 12/12/2012 6:19:26 PM | Computer Name = XXXXX | Source = Service Control Manager | ID = 7034
Description = The SigmaTel Audio Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 12/13/2012 10:28:26 AM | Computer Name = XXXXX | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 12/13/2012 10:29:17 AM | Computer Name = XXXXX | Source = Service Control Manager | ID = 7034
Description = The SigmaTel Audio Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 12/13/2012 11:18:07 AM | Computer Name = XXXXX | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 12/13/2012 11:18:20 AM | Computer Name = XXXXX | Source = Service Control Manager | ID = 7034
Description = The SigmaTel Audio Service service terminated unexpectedly. It has
done this 1 time(s).
< End of report >
-
I have a problem. I went into Add/Remove programs and uninstalled SuperAntiSpyware. It showed me a screen that it was removed but it still was in the list so I clicked it again to remove it. It told me it wasn't there and asked me if I wanted to remove it from the list so I did. I restarted computer and the dang thing is still showing in my system tray. I right clicked it to Exit, went back to Add/Remove but it is not listed there. I went to Programs Files and the folder is there. I tried to delete it but it says I don't have permission to do that and I am the Administrator. I have XP Pro.
What do I need to do to rid myself of this thing?
Thanks.
-
Thank you kindly, Sir. Have a great day!
-
I've removed ComboFix. It unchecked system restore for all drives but so far as I saw didn't create a new restore point, but I did. As far as FRST, didn't have/run that one (can't find it anyway). I have an JRT folder in C (but not in program files or in Add/Remove Programs. Is it okay to delete that? There is a lot inside it.
How about AdwCleaner, and Microsoft Safty Scanner, MS Standalone System Sweeper, and SecurityCheck - are those something I can leave on system and use at any time or should I remove them as well?
Also, does SuperAntiSpyware and Malwarebytes play nice with each other? If so I will leave them on together, or no?
Lets see, and I think there was ERUNT Registry Backup Utility, and ListParts ... do I need, or want to keep them?
Thanks.
-
Charlie, I forgot to ask you what I do with all these programs we installed - the files, RK quarantine, etc.?
I'll check back in tomorrow. Thanks for all your help.
-
-
Will I be safe going to my bank now?
-
I ran the scan. Below is the log file. I removed it all (even JRT, lol). Restarted computer, temp. disabled AdBlock Plus, restrted browser and still get redirect attempts.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/10/2012 at 07:02 PM
Application Version : 5.6.1014
Core Rules Database Version : 9716
Trace Rules Database Version: 7528
Scan type : Complete Scan
Total Scan Time : 00:57:02
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 645
Memory threats detected : 0
Registry items scanned : 41958
Registry threats detected : 0
File items scanned : 50908
File threats detected : 3
Adware.Tracking Cookie
C:\Documents and Settings\~Debb~\Cookies\IQE6WEMT.txt [ /ad.yieldmanager.com ]
Trojan.Agent/Gen-PWS
C:\DOCUMENTS AND SETTINGS\~DEBB~\DESKTOP\JRT.EXE
Adware.CouponBar
C:\WINDOWS\SYSTEM32\CPNPRT2.CID
-
I'm not sure what to do either. If these are coming up clean why am I getting redirect attempts? I need to be able to access my bank. Do you feel I am safe to do this now?
If you think I should run more scans I can.
-
You can download and run fresh copies of AdwCleaner and JRT, see if anything is found.
I have my prefrences set to delete all cookies, history etc on each exit of FF. Plus, I also have a Google (Gmail) account and as I read this kind of nullifies the cookie privacy thing in Cookienator? Lol.
My Results from both scans:
# AdwCleaner v2.100 - Logfile created 12/10/2012 at 14:11:20
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ~Debb~ - XXXXX
# Boot Mode : Normal
# Running from : C:\Documents and Settings\~Debb~\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
Profile name : default
File : C:\Documents and Settings\~Debb~\Application Data\Mozilla\Firefox\Profiles\6iegk1ue.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2641 octets] - [12/11/2012 23:08:13]
AdwCleaner[R2].txt - [2760 octets] - [13/11/2012 11:05:25]
AdwCleaner[s1].txt - [367 octets] - [13/11/2012 10:53:43]
AdwCleaner[s2].txt - [2558 octets] - [13/11/2012 11:06:02]
AdwCleaner[s3].txt - [966 octets] - [10/12/2012 14:11:20]
########## EOF - C:\AdwCleaner[s3].txt - [1025 octets] ##########
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.0.4 (12.09.2012:4)
OS: Microsoft Windows XP x86
Ran by ~Debb~ on Mon 12/10/2012 at 14:19:44.39
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/10/2012 at 14:27:48.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Good Afternoon.
I uninstalled FF. Removed all Personal Content. Restarted pc. Redirect attempts continued.
I went into the registry and ALL Mozilla files, extensions, etc were still there! I deleted them all! Rebooted.
All plugins and history etc was gone except for two plugins: 1. Adobe Acrobat 2. QuickTime Plugin. I disabled them, restarted FF. Tried my known redirect attempt link ... Redirect attempts continued.
I found an add on for FF that disables Popups etc called Adblock.
I installed it and quess what .... NO MORE redirect attempts!
Still doesn't tell me what is the root of this problem, however.
What is your opinion?
-
Reboot did not change anything.
how did you get all these plugins and extensions if you reinstalled FF??I have wondered that myself. I don't recall what I did to the desktop so I went back through what we have worked on and I don't see us doing that. I believe that was when we were working on the laptop. I can try that. How do I make sure I get rid of EVERYTHING though? When we did it all the proper way on his laptop it still left files everywhere and reloaded all plugins etc. It was crazy!
-
I removed it, and a few other too! Restarted browser but still showing redirect attempts. Did not reboot pc, should I?
-
I have no idea. Nothing that I "wanted" or know anything about. I did a search and find it is some sort of search engine, but one I am not familiar with. I clicked on the search down arrow on my FF search area and it is in that list, at the bottom.
GetDefaultBrowserError:2
in General Windows PC Help
Posted
I just ran into this very problem. I'm running XP SP3. Got a notification that a Java update was needed. I allowed it to update. I UNchecked for the added crap they wanted to install (McAfee) and when it finished the install it said it 'updated successfully'. I clicked OK and got the "GetDefaultBrowserError:2" message. No codes on the error message, not even a title - just a plain white message box with that message. I am running the latest FF version and it is set as my default as well. I have had plenty of run-ins with Java in the past and can say it is my least favorite updates to do.
I went to verify if the version was correct and working and it tells me this:
Verified Java VersionYou have the recommended Java installed (Version 7 Update 25).
So looks like I am okay, but I will still keep an eye on this post.