Jump to content

Searchnu has taken over my toolbar!


Recommended Posts

Hello Glenna and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Thanks for your help

Here is the OTL log

Glenna

OTL logfile created on: 4/2/2012 9:15:25 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = F:\Documents and Settings\Glenna Montgomery\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.46% Memory free

4.84 Gb Paging File | 3.80 Gb Available in Paging File | 78.56% Paging File free

Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files

Drive C: | 7.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 867.25 Gb Free Space | 93.10% Space Free | Partition Type: NTFS

Drive E: | 111.78 Gb Total Space | 106.99 Gb Free Space | 95.71% Space Free | Partition Type: NTFS

Drive F: | 59.61 Gb Total Space | 32.49 Gb Free Space | 54.52% Space Free | Partition Type: NTFS

Computer Name: GLENNA-GAMER | User Name: Glenna Montgomery | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/02 20:49:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Glenna Montgomery\Desktop\OTL.exe

PRC - [2012/03/23 20:10:56 | 000,924,600 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/03/10 13:15:37 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- F:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- d:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/02/29 16:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- F:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/02/12 16:04:53 | 000,160,328 | ---- | M] (Siber Systems) -- F:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

PRC - [2011/12/03 09:31:58 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe

PRC - [2011/11/07 01:26:14 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- F:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

PRC - [2011/08/27 12:16:34 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- F:\Program Files\SUPERAntiSpyware\SASCORE.EXE

PRC - [2011/07/05 09:04:34 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe

PRC - [2011/04/27 13:51:38 | 000,200,152 | ---- | M] () -- F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe

PRC - [2011/01/10 12:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Home Server\WHSConnector.exe

PRC - [2011/01/10 12:28:52 | 000,603,504 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Home Server\WHSTrayApp.exe

PRC - [2010/12/20 10:06:32 | 001,734,480 | ---- | M] (Diskeeper Corporation) -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2010/06/01 12:26:38 | 000,435,200 | ---- | M] (MiTAC Digital Corporation.) -- F:\Program Files\Content Manager\CmTray.exe

PRC - [2009/09/04 13:16:16 | 000,075,048 | ---- | M] (cyberlink) -- F:\Program Files\CyberLink\Shared Files\brs.exe

PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- F:\Program Files\Creative\Shared Files\CTAudSvc.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe

PRC - [2007/06/04 18:24:44 | 000,599,600 | ---- | M] (CyberLink Corporation.) -- D:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe

PRC - [2006/08/17 13:45:56 | 000,249,856 | ---- | M] (BL) -- D:\Program Files\lg_fwupdate\fwupdate.exe

PRC - [2006/07/19 10:00:00 | 000,036,961 | R--- | M] (Creative Technology Ltd.) -- F:\WINDOWS\system32\V0230Mon.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/02 20:43:08 | 000,052,736 | ---- | M] () -- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012/04/02 20:43:07 | 000,065,024 | ---- | M] () -- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012/04/02 11:22:13 | 001,752,064 | ---- | M] () -- d:\Program Files\AVAST Software\Avast\defs\12040201\algo.dll

MOD - [2012/03/25 12:02:29 | 020,297,512 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll

MOD - [2012/03/25 12:02:26 | 001,099,576 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll

MOD - [2012/03/25 12:02:26 | 000,907,048 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll

MOD - [2012/03/25 12:02:26 | 000,190,776 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll

MOD - [2012/03/25 12:02:26 | 000,123,192 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll

MOD - [2012/03/23 20:10:56 | 001,969,080 | ---- | M] () -- F:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012/02/26 16:28:57 | 008,527,008 | ---- | M] () -- F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2012/02/18 14:37:25 | 012,430,848 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll

MOD - [2012/02/18 14:37:17 | 001,587,200 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll

MOD - [2012/02/18 14:36:30 | 007,953,408 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll

MOD - [2011/10/12 17:14:42 | 011,490,816 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2011/09/07 20:46:57 | 000,117,760 | ---- | M] () -- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2011/09/07 20:46:57 | 000,052,224 | ---- | M] () -- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2011/04/27 13:51:38 | 000,200,152 | ---- | M] () -- F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe

MOD - [2007/05/05 11:40:34 | 000,128,512 | ---- | M] () -- d:\Program Files\WinRar\RarExt.dll

MOD - [2007/04/10 16:27:40 | 008,357,424 | ---- | M] () -- D:\Program Files\CyberLink\InstantBurn\Win2K\Res.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- F:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - File not found [Auto | Stopped] -- -- (FlexService)

SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- d:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/02/29 16:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- F:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2011/08/27 12:16:34 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2011/07/31 19:47:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- F:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/01/10 12:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)

SRV - [2010/12/30 23:44:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- F:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2010/12/20 10:06:32 | 001,734,480 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2010/03/02 23:40:16 | 000,498,560 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- F:\Documents and Settings\Glenna Montgomery\Local Settings\Temp\NINENGPZJBZ.exe -- (NINENGPZJBZ)

SRV - [2010/03/02 23:17:21 | 000,400,256 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- F:\Documents and Settings\Glenna Montgomery\Local Settings\Temp\WBRVGUJ.exe -- (WBRVGUJ)

SRV - [2010/03/02 19:48:16 | 000,584,576 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- F:\Documents and Settings\Glenna Montgomery\Local Settings\Temp\XSWHIVHYBL.exe -- (XSWHIVHYBL)

SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- F:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2005/11/30 10:35:38 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- F:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- F:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/08/27 12:16:29 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/08/27 12:16:28 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2010/09/22 10:10:18 | 000,044,368 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- F:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)

DRV - [2010/03/05 18:50:42 | 000,022,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\Documents and Settings\Glenna Montgomery\Local Settings\Temp\EMebDrv.sys -- (EMebDrv)

DRV - [2010/03/03 21:31:47 | 000,024,168 | ---- | M] (Norman ASA) [Kernel | On_Demand | Stopped] -- F:\Documents and Settings\Glenna Montgomery\Local Settings\Temp\000011e9.nmc\nse\bin\ndiskio.sys -- (NDISKIO)

DRV - [2010/03/03 21:31:46 | 000,018,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\Documents and Settings\Glenna Montgomery\Local Settings\Temp\000011e9.nmc\nse\bin\nsak.sys -- (nsak)

DRV - [2010/02/24 20:44:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- F:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2009/10/07 13:49:18 | 000,044,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\BackupReader.sys -- (BackupReader)

DRV - [2009/09/01 17:51:32 | 000,087,536 | ---- | M] (CyberLink Corp.) [2012/03/11 19:24:54] [Kernel | Auto | Running] -- D:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})

DRV - [2009/07/07 03:59:03 | 001,810,560 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\Ctafilt.sys -- (Ctafilt)

DRV - [2008/11/03 12:21:10 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\jraid.sys -- (jraid)

DRV - [2008/03/13 23:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2007/06/04 18:25:14 | 000,016,048 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)

DRV - [2007/06/04 18:25:12 | 000,162,096 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- F:\WINDOWS\System32\drivers\CLBUDF.sys -- (CLBUDF)

DRV - [2006/07/24 10:00:00 | 000,498,464 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\V0230VID.sys -- (V0230VID)

DRV - [2006/03/23 10:00:00 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\V0230Vfx.sys -- (V0230Vfx)

DRV - [2005/12/11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- F:\WINDOWS\system32\ANIO.sys -- (ANIO)

DRV - [2005/11/03 04:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?source=gama&hl=en

IE - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig?hl=en

IE - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=vmn&type=vmn-ada-vmntbcleaner-1_0-ya-ch-rp&q={searchTerms}

IE - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_enUS360

IE - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98

FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 5555

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: d:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: d:\Program Files\Musicnotes\npsibelius.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: F:\Program Files\Object\facetheme [2010/10/16 13:05:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: d:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/16 09:18:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: F:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/02/12 16:05:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: F:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/16 16:09:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2012/03/23 20:10:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2012/04/01 21:28:50 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: F:\Program Files\Object\facetheme [2010/10/16 13:05:20 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: F:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/16 16:09:10 | 000,000,000 | ---D | M]

[2012/04/02 20:45:46 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Glenna Montgomery\Application Data\Mozilla\Extensions

[2012/04/02 20:46:03 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Glenna Montgomery\Application Data\Mozilla\Firefox\Profiles\md0hy31t.default\extensions

[2012/04/01 21:06:39 | 000,002,519 | ---- | M] () -- F:\Documents and Settings\Glenna Montgomery\Application Data\Mozilla\Firefox\Profiles\md0hy31t.default\searchplugins\Search_Results.xml

[2012/04/02 20:45:46 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions

[2012/03/16 09:18:55 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/03/23 20:10:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/07/13 14:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- F:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/07/13 14:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- F:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/03/16 14:56:33 | 000,308,600 | ---- | M] (Musicnotes, Inc.) -- F:\Program Files\mozilla firefox\plugins\npmusicn.dll

[2012/02/14 19:41:05 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/04/01 21:06:39 | 000,002,519 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

[2012/02/14 19:41:05 | 000,002,040 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = F:\Program Files\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = F:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = F:\Program Files\Google\Chrome\Application\17.0.963.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = E:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\NPcol400.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = F:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = F:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = F:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = F:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Musicnotes (Enabled) = d:\Program Files\Musicnotes\npmusicn.dll

CHR - plugin: ScorchPlugin (Enabled) = d:\Program Files\Musicnotes\npsibelius.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = F:\Documents and Settings\Glenna Montgomery\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = F:\Documents and Settings\Glenna Montgomery\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\

CHR - Extension: avast! WebRep = F:\Documents and Settings\Glenna Montgomery\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

CHR - Extension: Gmail = F:\Documents and Settings\Glenna Montgomery\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/09/19 17:36:57 | 000,000,780 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 192.168.0.102 SERVER #Windows Home Server#

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Windows Live ID Sign-in Helper) - {56DA6D94-3557-26F6-0549-2C82376B074E} - Reg Error: Value error. File not found

O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - F:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - Reg Error: Value error. File not found

O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - F:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - F:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - Reg Error: Value error. File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ANIWZCS2Service] F:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)

O4 - HKLM..\Run: [Anti-phishing Domain Advisor] F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))

O4 - HKLM..\Run: [avast] d:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bDRegion] F:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [D-Link Wireless G WUA-1340] D:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe (D-Link)

O4 - HKLM..\Run: [instantBurn] D:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)

O4 - HKLM..\Run: [LanguageShortcut] D:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [LGODDFU] D:\Program Files\lg_fwupdate\fwupdate.exe (BL)

O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] F:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()

O4 - HKLM..\Run: [V0230Mon.exe] F:\WINDOWS\system32\V0230Mon.exe (Creative Technology Ltd.)

O4 - HKU\.DEFAULT..\Run: [RoboForm] F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKU\S-1-5-18..\Run: [RoboForm] F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003..\Run: [Creative Live! Cam Manager] "E:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" File not found

O4 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003..\Run: [Magellan CmTray] F:\Program Files\Content Manager\CmTray.exe (MiTAC Digital Corporation.)

O4 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003..\Run: [Power2GoExpress] File not found

O4 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003..\Run: [RoboForm] F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003..\Run: [steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003..\Run: [sUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003..\Run: [uTorrent] "E:\Program Files\uTorrent\uTorrent.exe" File not found

O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "F:\Program Files\Searchqu Toolbar" File not found

O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "F:\Program Files\Searchqu Toolbar\Datamngr\ToolBar" File not found

O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found

O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found

O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk = F:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)

O4 - Startup: F:\Documents and Settings\Glenna Montgomery\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk = D:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe ()

O4 - Startup: F:\Documents and Settings\Glenna Montgomery\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk = D:\Program Files\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1177238915-1303643608-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Customize Menu - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: Download with Mipony - D:\Program Files\MiPony\Browser\IEContext.htm ()

O8 - Extra context menu item: Fill Forms - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: RoboForm Toolbar - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Save Forms - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remote.yrmc.org/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.yrmc.org/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6044D495-E1B1-4D7C-9BBA-65DC6857E03E}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: F:\Documents and Settings\Glenna Montgomery\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: F:\Documents and Settings\Glenna Montgomery\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/01 21:15:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck autocheck gx??????????????????????????????)

O34 - HKLM BootExecute: (autocheck autocheck ???+Ý????U)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/02 21:01:27 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Local Settings\Application Data\antiphishing-vmntbcleaner1_0dn

[2012/04/02 20:58:21 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor

[2012/04/02 20:58:12 | 000,000,000 | ---D | C] -- F:\Program Files\Toolbar Cleaner

[2012/04/02 20:58:12 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Start Menu\Programs\Toolbar Cleaner

[2012/04/02 20:57:54 | 000,763,744 | ---- | C] (Visicom Media Inc.) -- F:\Documents and Settings\Glenna Montgomery\Desktop\toolbarcleaner_setup.exe

[2012/04/02 20:49:38 | 000,593,920 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Glenna Montgomery\Desktop\OTL.exe

[2012/04/02 20:43:12 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\boost_interprocess

[2012/04/02 20:43:02 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Start Menu\Programs\CyberLink PowerDVD

[2012/04/01 21:27:18 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Application Data\HiddenMystRoyalFamilySecretsSG

[2012/04/01 21:09:18 | 000,000,000 | R--D | C] -- F:\Documents and Settings\Glenna Montgomery\My Documents\My Videos

[2012/04/01 21:07:56 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Local Settings\Application Data\Ilivid Player

[2012/04/01 21:06:39 | 000,000,000 | ---D | C] -- F:\Program Files\Searchqu Toolbar

[2012/04/01 13:08:22 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

[2012/04/01 13:06:12 | 000,000,000 | ---D | C] -- F:\WINDOWS\SxsCaPendDel

[2012/03/29 19:54:35 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Application Data\My Games

[2012/03/27 21:53:51 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Desktop\Movies

[2012/03/25 23:37:49 | 000,274,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mucltui.dll

[2012/03/25 23:37:49 | 000,016,736 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mucltui.dll.mui

[2012/03/25 12:35:54 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\My Documents\Christmas Vacation 2012

[2012/03/24 12:20:24 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Application Data\4 Friends Games

[2012/03/18 17:19:04 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Desktop\Nursing Licenses

[2012/03/18 17:12:19 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\NVIDIA

[2012/03/18 17:12:18 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2012/03/18 17:11:45 | 000,000,000 | ---D | C] -- F:\NVIDIA

[2012/03/18 17:11:23 | 002,522,944 | ---- | C] (NVIDIA Corporation) -- F:\WINDOWS\System32\nvcuvid.dll

[2012/03/18 17:11:23 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- F:\WINDOWS\System32\nvcuvenc.dll

[2012/03/18 17:11:23 | 001,000,256 | ---- | C] (NVIDIA Corporation) -- F:\WINDOWS\System32\nvdispco32.dll

[2012/03/18 17:11:23 | 000,881,984 | ---- | C] (NVIDIA Corporation) -- F:\WINDOWS\System32\nvgenco32.dll

[2012/03/18 17:11:23 | 000,065,536 | ---- | C] (Khronos Group) -- F:\WINDOWS\System32\OpenCL.dll

[2012/03/18 17:11:21 | 017,534,976 | ---- | C] (NVIDIA Corporation) -- F:\WINDOWS\System32\nvcompiler.dll

[2012/03/18 17:11:10 | 000,000,000 | ---D | C] -- F:\Program Files\NVIDIA Corporation

[2012/03/17 11:59:13 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Application Data\Dark Blue Games

[2012/03/16 16:09:31 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft

[2012/03/16 16:09:26 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft Silverlight

[2012/03/16 16:09:16 | 000,000,000 | ---D | C] -- F:\Program Files\Bing Bar Installer

[2012/03/16 16:08:30 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\HP Product Assistant

[2012/03/16 16:08:19 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\HP

[2012/03/16 16:07:48 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\HP

[2012/03/16 16:00:24 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Application Data\FlowerOfImmortality

[2012/03/11 16:47:39 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\My Documents\CyberLink

[2012/03/11 16:17:39 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\LG ODD Auto Firmware Update

[2012/03/11 16:17:36 | 000,102,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\Vb6stkit.dll

[2012/03/11 16:17:36 | 000,102,160 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\VB6KO.DLL

[2012/03/11 16:17:36 | 000,016,384 | ---- | C] (CST) -- F:\WINDOWS\System32\lgfwunis.exe

[2012/03/11 16:14:32 | 000,162,096 | ---- | C] (CyberLink Corporation.) -- F:\WINDOWS\System32\drivers\CLBUDF.sys

[2012/03/11 16:14:32 | 000,131,072 | ---- | C] (CyberLink) -- F:\WINDOWS\IBUnInst.exe

[2012/03/11 16:14:32 | 000,016,048 | ---- | C] (Cyberlink Co.,Ltd.) -- F:\WINDOWS\System32\drivers\CLBStor.sys

[2012/03/11 16:13:59 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\LightScribeODK

[2012/03/11 16:13:57 | 000,000,000 | ---D | C] -- F:\Program Files\LightScribeODK

[2012/03/11 16:13:57 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\LightScribe

[2012/03/11 16:13:35 | 001,053,232 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\MFC71u.dll

[2012/03/11 16:13:15 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Application Data\CyberLink

[2012/03/11 16:11:51 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Start Menu\Programs\CyberLink Hi-Def Suite

[2012/03/11 16:11:47 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\CyberLink

[2012/03/11 16:11:44 | 000,029,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\msxml3a.dll

[2012/03/11 16:09:13 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Hi-Def Suite

[2012/03/11 16:09:13 | 000,000,000 | ---D | C] -- F:\Program Files\CyberLink

[2012/03/10 13:18:50 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Application Data\GO Games

[2012/03/09 21:36:45 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Application Data\FlyWheelGames

[2012/03/06 19:33:03 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Glenna Montgomery\Application Data\Natural Threat.Ominous Shores

[69 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

[5 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

[46 F:\WINDOWS\System32\dllcache\*.tmp files -> F:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/02 21:01:16 | 000,000,761 | ---- | M] () -- F:\Documents and Settings\Glenna Montgomery\Desktop\Toolbar Cleaner.lnk

[2012/04/02 20:57:56 | 000,763,744 | ---- | M] (Visicom Media Inc.) -- F:\Documents and Settings\Glenna Montgomery\Desktop\toolbarcleaner_setup.exe

[2012/04/02 20:53:00 | 000,000,472 | ---- | M] () -- F:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2012/04/02 20:52:07 | 000,444,392 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat

[2012/04/02 20:52:07 | 000,072,524 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat

[2012/04/02 20:49:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Glenna Montgomery\Desktop\OTL.exe

[2012/04/02 20:44:24 | 000,000,000 | -HS- | M] () -- F:\DkHyperbootSync

[2012/04/02 20:43:13 | 000,000,707 | ---- | M] () -- F:\Documents and Settings\Glenna Montgomery\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk

[2012/04/02 20:43:11 | 000,000,804 | ---- | M] () -- F:\Documents and Settings\Glenna Montgomery\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk

[2012/04/02 20:43:09 | 000,002,299 | ---- | M] () -- F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk

[2012/04/02 20:43:04 | 000,013,748 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl

[2012/04/02 20:43:02 | 000,000,289 | ---- | M] () -- F:\WINDOWS\lgfwup.ini

[2012/04/02 20:42:58 | 000,000,904 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/02 20:42:58 | 000,000,288 | ---- | M] () -- F:\WINDOWS\tasks\RegistryBooster.job

[2012/04/02 20:42:00 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat

[2012/04/02 20:31:00 | 000,000,908 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/02 17:00:00 | 000,000,350 | ---- | M] () -- F:\WINDOWS\tasks\At1.job

[2012/04/02 14:53:00 | 000,000,472 | ---- | M] () -- F:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2012/04/02 13:31:00 | 000,000,534 | ---- | M] () -- F:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task fac6fa8f-5e59-4e57-81c9-6fa39c0216b9.job

[2012/04/02 11:13:00 | 000,000,350 | ---- | M] () -- F:\WINDOWS\tasks\At4.job

[2012/04/02 08:53:00 | 000,000,472 | ---- | M] () -- F:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2012/04/02 05:41:00 | 000,000,350 | ---- | M] () -- F:\WINDOWS\tasks\At3.job

[2012/04/02 02:53:00 | 000,000,472 | ---- | M] () -- F:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2012/04/02 02:00:00 | 000,000,534 | ---- | M] () -- F:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 849f22bd-6d4a-4591-82e8-e0b5f5ea9d73.job

[2012/04/01 23:46:00 | 000,000,350 | ---- | M] () -- F:\WINDOWS\tasks\At2.job

[2012/04/01 21:23:44 | 000,000,659 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/01 21:06:53 | 024,967,944 | ---- | M] () -- F:\Documents and Settings\Glenna Montgomery\Desktop\HiddenMystRoyalFamilySecretsSG.exe

[2012/04/01 20:53:00 | 000,000,472 | ---- | M] () -- F:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2012/04/01 13:33:15 | 000,279,744 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT

[2012/03/29 19:54:21 | 000,000,914 | ---- | M] () -- F:\Documents and Settings\Glenna Montgomery\Desktop\Phenomenon City of Cyan.lnk

[2012/03/27 21:31:40 | 000,012,288 | ---- | M] () -- F:\Documents and Settings\Glenna Montgomery\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/03/27 17:32:00 | 000,000,352 | ---- | M] () -- F:\WINDOWS\tasks\At5.job

[2012/03/22 17:41:10 | 000,000,036 | -H-- | M] () -- F:\WINDOWS\System32\f9t.dat

[2012/03/18 17:17:30 | 000,293,992 | ---- | M] () -- F:\WINDOWS\System32\nvdrsdb1.bin

[2012/03/18 17:17:30 | 000,000,001 | ---- | M] () -- F:\WINDOWS\System32\nvdrssel.bin

[2012/03/18 17:17:28 | 000,000,026 | ---- | M] () -- F:\WINDOWS\System32\nvModes.dat

[2012/03/18 17:17:19 | 000,293,992 | ---- | M] () -- F:\WINDOWS\System32\nvdrsdb0.bin

[2012/03/18 17:11:42 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\nvdrswr.lk

[2012/03/18 16:40:36 | 000,190,619 | ---- | M] () -- F:\WINDOWS\System32\nvapps.xml

[2012/03/18 14:03:53 | 000,228,973 | ---- | M] () -- F:\WINDOWS\hpwins23.dat

[2012/03/16 16:09:04 | 000,001,808 | ---- | M] () -- F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012/03/16 15:41:31 | 000,000,905 | ---- | M] () -- F:\Documents and Settings\Glenna Montgomery\Desktop\Flower of Immortality.lnk

[2012/03/16 09:18:56 | 000,002,625 | ---- | M] () -- F:\WINDOWS\System32\CONFIG.NT

[2012/03/15 20:51:43 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK

[2012/03/11 19:24:53 | 000,000,779 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD.lnk

[2012/03/11 16:09:13 | 000,000,827 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\CyberLink Hi-Def Suite.lnk

[2012/03/06 17:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- F:\WINDOWS\avastSS.scr

[2012/03/06 17:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- F:\WINDOWS\System32\aswBoot.exe

[2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- F:\WINDOWS\System32\drivers\aswSnx.sys

[2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- F:\WINDOWS\System32\drivers\aswSP.sys

[2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- F:\WINDOWS\System32\drivers\aswRdr.sys

[2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- F:\WINDOWS\System32\drivers\aswTdi.sys

[2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- F:\WINDOWS\System32\drivers\aswmon2.sys

[2012/03/06 17:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- F:\WINDOWS\System32\drivers\aswmon.sys

[2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- F:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- F:\WINDOWS\System32\drivers\aavmker4.sys

[69 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

[5 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

[46 F:\WINDOWS\System32\dllcache\*.tmp files -> F:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/02 20:58:12 | 000,000,761 | ---- | C] () -- F:\Documents and Settings\Glenna Montgomery\Desktop\Toolbar Cleaner.lnk

[2012/04/02 20:44:24 | 000,000,000 | -HS- | C] () -- F:\DkHyperbootSync

[2012/04/01 21:23:44 | 000,000,659 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/01 21:01:14 | 024,967,944 | ---- | C] () -- F:\Documents and Settings\Glenna Montgomery\Desktop\HiddenMystRoyalFamilySecretsSG.exe

[2012/03/29 19:54:21 | 000,000,914 | ---- | C] () -- F:\Documents and Settings\Glenna Montgomery\Desktop\Phenomenon City of Cyan.lnk

[2012/03/18 17:11:42 | 000,293,992 | ---- | C] () -- F:\WINDOWS\System32\nvdrsdb1.bin

[2012/03/18 17:11:42 | 000,293,992 | ---- | C] () -- F:\WINDOWS\System32\nvdrsdb0.bin

[2012/03/18 17:11:42 | 000,000,001 | ---- | C] () -- F:\WINDOWS\System32\nvdrssel.bin

[2012/03/18 17:11:42 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\nvdrswr.lk

[2012/03/18 17:11:23 | 002,784,050 | ---- | C] () -- F:\WINDOWS\System32\nvdata.data

[2012/03/18 17:11:23 | 000,007,843 | ---- | C] () -- F:\WINDOWS\System32\nvinfo.pb

[2012/03/16 16:09:18 | 000,001,077 | ---- | C] () -- F:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk

[2012/03/16 16:09:04 | 000,001,808 | ---- | C] () -- F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012/03/16 16:08:37 | 000,000,731 | ---- | C] () -- F:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk

[2012/03/16 16:06:06 | 000,186,662 | ---- | C] () -- F:\WINDOWS\hpwins23.dat.temp

[2012/03/16 16:06:06 | 000,002,075 | ---- | C] () -- F:\WINDOWS\hpwmdl23.dat.temp

[2012/03/16 15:41:31 | 000,000,905 | ---- | C] () -- F:\Documents and Settings\Glenna Montgomery\Desktop\Flower of Immortality.lnk

[2012/03/11 19:24:53 | 000,000,779 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD.lnk

[2012/03/11 16:17:39 | 000,000,289 | ---- | C] () -- F:\WINDOWS\lgfwup.ini

[2012/03/11 16:14:32 | 000,486,766 | ---- | C] () -- F:\WINDOWS\CLBUDF.tbl

[2012/03/11 16:09:13 | 000,000,827 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\CyberLink Hi-Def Suite.lnk

[2012/02/14 12:41:12 | 000,003,072 | ---- | C] () -- F:\WINDOWS\System32\iacenc.dll

[2011/11/11 04:53:20 | 000,228,973 | ---- | C] () -- F:\WINDOWS\hpwins23.dat

[2011/11/11 04:53:20 | 000,002,075 | ---- | C] () -- F:\WINDOWS\hpwmdl23.dat

[2011/11/07 17:11:25 | 000,049,152 | ---- | C] () -- F:\WINDOWS\System32\JJAKEn.dll

[2011/09/18 14:03:00 | 000,000,026 | ---- | C] () -- F:\WINDOWS\System32\nvModes.dat

[2011/05/08 10:47:32 | 000,000,036 | -H-- | C] () -- F:\WINDOWS\System32\f9t.dat

[2010/12/30 22:43:52 | 000,000,056 | -H-- | C] () -- F:\WINDOWS\System32\ezsidmv.dat

[2010/11/26 22:15:07 | 000,000,000 | ---- | C] () -- F:\WINDOWS\OPPRIN~1.INI

[2010/11/20 11:34:45 | 000,054,016 | ---- | C] () -- F:\WINDOWS\System32\drivers\rxlktj.sys

[2010/04/21 21:15:09 | 000,003,716 | R--- | C] () -- F:\WINDOWS\System32\drivers\V0230FwH.bin

[2010/04/21 21:15:09 | 000,003,716 | R--- | C] () -- F:\WINDOWS\System32\drivers\V0230FwF.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:D48500F8

@Alternate Data Stream - 238 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:3CAE2A70

@Alternate Data Stream - 222 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:A4E7D25F

@Alternate Data Stream - 219 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:E2CFA9CD

@Alternate Data Stream - 218 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:927EC486

@Alternate Data Stream - 215 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:ECF3C50F

@Alternate Data Stream - 207 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:F610C203

@Alternate Data Stream - 206 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:DA5888A7

@Alternate Data Stream - 204 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:87A3A233

@Alternate Data Stream - 203 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9

@Alternate Data Stream - 199 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:397D67BA

@Alternate Data Stream - 197 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:A866F8A3

@Alternate Data Stream - 191 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F

@Alternate Data Stream - 184 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:18DEBC51

@Alternate Data Stream - 180 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:4CD3F344

@Alternate Data Stream - 173 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:587F3582

@Alternate Data Stream - 171 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:6EE8565A

@Alternate Data Stream - 168 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC

@Alternate Data Stream - 165 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:B4258C5D

@Alternate Data Stream - 161 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:ED0B32CA

@Alternate Data Stream - 160 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:FB4262DE

@Alternate Data Stream - 143 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:C49A5AD1

@Alternate Data Stream - 142 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:AA0017FD

@Alternate Data Stream - 139 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:CA23BCFD

@Alternate Data Stream - 138 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:E6708F08

@Alternate Data Stream - 138 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:C5DC2B0C

@Alternate Data Stream - 138 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:B2CB0E61

@Alternate Data Stream - 138 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:985A63CF

@Alternate Data Stream - 138 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:54380FEC

@Alternate Data Stream - 137 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:E7367C77

@Alternate Data Stream - 137 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:4D551822

@Alternate Data Stream - 137 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:021496FB

@Alternate Data Stream - 136 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:B3C7433B

@Alternate Data Stream - 135 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:F0EDC13A

@Alternate Data Stream - 135 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:D026A5A4

@Alternate Data Stream - 134 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:F5D01D7C

@Alternate Data Stream - 134 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:E0888117

@Alternate Data Stream - 134 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:689AB7E9

@Alternate Data Stream - 134 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:33CF835F

@Alternate Data Stream - 134 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9

@Alternate Data Stream - 133 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:ED2D63E4

@Alternate Data Stream - 133 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:A6F30843

@Alternate Data Stream - 132 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:2C86E2AD

@Alternate Data Stream - 132 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:17EB5BAE

@Alternate Data Stream - 131 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:E5496666

@Alternate Data Stream - 130 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:9B9085E9

@Alternate Data Stream - 130 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:1A052BF6

@Alternate Data Stream - 130 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:14B2E0BD

@Alternate Data Stream - 128 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:BEACE4C8

@Alternate Data Stream - 128 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:B0456F0C

@Alternate Data Stream - 128 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:A76A1B1B

@Alternate Data Stream - 128 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:697DDE2B

@Alternate Data Stream - 127 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:F5B51004

@Alternate Data Stream - 127 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:7C8AA9A6

@Alternate Data Stream - 127 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:012BC84F

@Alternate Data Stream - 126 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:E5B07840

@Alternate Data Stream - 126 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:A8B4A032

@Alternate Data Stream - 126 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:9C3AAD57

@Alternate Data Stream - 126 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:6E2D80C8

@Alternate Data Stream - 126 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:6A0A47E7

@Alternate Data Stream - 126 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:65137F0D

@Alternate Data Stream - 125 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:474022C7

@Alternate Data Stream - 124 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:E4EE99EF

@Alternate Data Stream - 124 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C

@Alternate Data Stream - 124 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:26499772

@Alternate Data Stream - 123 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:D92485C9

@Alternate Data Stream - 123 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:891E6CB1

@Alternate Data Stream - 122 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C

@Alternate Data Stream - 122 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE

@Alternate Data Stream - 122 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:B30D9A49

@Alternate Data Stream - 120 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:DBC3D477

@Alternate Data Stream - 120 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:BB8B6B1E

@Alternate Data Stream - 120 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:AD2DB2F9

@Alternate Data Stream - 119 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:E8C44CB4

@Alternate Data Stream - 119 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:902C848D

@Alternate Data Stream - 119 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:2AF322BF

@Alternate Data Stream - 118 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:E6BEADB7

@Alternate Data Stream - 117 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:6C99C213

@Alternate Data Stream - 116 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:98DFF516

@Alternate Data Stream - 115 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:3595B780

@Alternate Data Stream - 115 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:34EFF1F2

@Alternate Data Stream - 115 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:28BEC2EC

@Alternate Data Stream - 114 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:25249477

@Alternate Data Stream - 114 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

@Alternate Data Stream - 114 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530

@Alternate Data Stream - 114 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:02F30776

@Alternate Data Stream - 112 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:B9B3B2FE

@Alternate Data Stream - 112 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:774C075A

@Alternate Data Stream - 112 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:75798D9A

@Alternate Data Stream - 112 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:2F8138B7

@Alternate Data Stream - 111 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:5F95AE81

< End of report >

Link to post
Share on other sites

Thanks again--

Glenna

Here is the extras log.

OTL Extras logfile created on: 4/2/2012 9:15:25 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = F:\Documents and Settings\Glenna Montgomery\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.46% Memory free

4.84 Gb Paging File | 3.80 Gb Available in Paging File | 78.56% Paging File free

Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files

Drive C: | 7.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 867.25 Gb Free Space | 93.10% Space Free | Partition Type: NTFS

Drive E: | 111.78 Gb Total Space | 106.99 Gb Free Space | 95.71% Space Free | Partition Type: NTFS

Drive F: | 59.61 Gb Total Space | 32.49 Gb Free Space | 54.52% Space Free | Partition Type: NTFS

Computer Name: GLENNA-GAMER | User Name: Glenna Montgomery | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1177238915-1303643608-839522115-1003\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Value error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

"2479:TCP" = 2479:TCP:*:Enabled:Services

"3246:TCP" = 3246:TCP:*:Enabled:Services

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

"2479:TCP" = 2479:TCP:*:Enabled:Services

"3246:TCP" = 3246:TCP:*:Enabled:Services

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"F:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = F:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = F:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = F:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = F:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = F:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = F:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = F:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = F:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = F:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = F:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = F:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\HP Software Update\hpwucli.exe" = F:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"F:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = F:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"F:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = F:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )

"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

"G:\setup\hpznui01.exe" = G:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

"D:\Documents and Settings\Glenna Montgomery\Local Settings\Temp\7zS5FB7\OJ6500vE709_Full_14\setup\hpznui01.exe" = D:\Documents and Settings\Glenna Montgomery\Local Settings\Temp\7zS5FB7\OJ6500vE709_Full_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

"F:\Program Files\HP\Digital Imaging\{58D79E62-CFC8-4331-8469-3A1B16E1769C}\setup\hpznui01.exe" = F:\Program Files\HP\Digital Imaging\{58D79E62-CFC8-4331-8469-3A1B16E1769C}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent

"E:\Program Files\BitTorrent\bittorrent.exe" = E:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"F:\Documents and Settings\Glenna Montgomery\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = F:\Documents and Settings\Glenna Montgomery\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)

"F:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = F:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = F:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = F:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = F:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = F:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = F:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = F:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = F:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = F:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = F:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = F:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"F:\Program Files\HP\HP Software Update\hpwucli.exe" = F:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"F:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = F:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"F:\Program Files\Alwil Software\Avast5\AvastUI.exe" = F:\Program Files\Alwil Software\Avast5\AvastUI.exe:*:Enabled:avast! Free Antivirus

"F:\Program Files\Alwil Software\Avast5\AvastSvc.exe" = F:\Program Files\Alwil Software\Avast5\AvastSvc.exe:LocalSubNet:Enabled:avast! Antivirus Service

"F:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = F:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"D:\Program Files\BitTorrent\BitTorrent.exe" = D:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"F:\Program Files\Skype\Plugin Manager\skypePM.exe" = F:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"D:\Program Files\AVAST Software\Avast\AvastSvc.exe" = D:\Program Files\AVAST Software\Avast\AvastSvc.exe:LocalSubNet:Enabled:avast! Antivirus Service -- (AVAST Software)

"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )

"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

"G:\setup\hpznui01.exe" = G:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"D:\Program Files\Steam\steamapps\common\brink\brink.exe" = D:\Program Files\Steam\steamapps\common\brink\brink.exe:*:Enabled:Brink -- (Splash Damage, Ltd.)

"D:\Documents and Settings\Glenna Montgomery\Local Settings\Temp\7zS5FB7\OJ6500vE709_Full_14\setup\hpznui01.exe" = D:\Documents and Settings\Glenna Montgomery\Local Settings\Temp\7zS5FB7\OJ6500vE709_Full_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

"F:\Program Files\HP\Digital Imaging\{58D79E62-CFC8-4331-8469-3A1B16E1769C}\setup\hpznui01.exe" = F:\Program Files\HP\Digital Imaging\{58D79E62-CFC8-4331-8469-3A1B16E1769C}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

"F:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = F:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0451FD8E-D80E-4BA6-AE02-EBE80A059CB0}" = Sibelius Scorch (ActiveX Only)

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network

"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Hi-Def Suite

"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 29

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade

"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update

"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD

"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com

"{6BB9C1F3-661C-4A19-7F48-2F9039CC3981}" = Jacquie Lawson Advent Calendar

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71F17309-007D-43F9-9313-DBFBA5FCB3B3}" = LightScribe Optical Disc Kit

"{71FD28F7-E697-40B4-8DC9-91E8B1B9AEE9}" = Wireless G WUA-1340

"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service

"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax

"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr

"{982B2A0F-7679-41D6-A584-C8E735F4A8CD}" = Windows Home Server Toolkit 1.1

"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A19E1C26-6DAF-AFDC-4EFF-EFF7FA36F72D}" = Jacquie Lawson London Advent Calendar

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B3EA8C67-C182-40E5-BCC7-6F132DA46AAD}" = Logitech Harmony Remote Software 7

"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0957BCD-AE33-42B1-82F6-B2D4B3C6E2A4}" = Diskeeper 2010 Professional

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"A Vampyre Story" = A Vampyre Story

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe PhotoDeluxe 2.0" = Adobe PhotoDeluxe 2.0

"AI RoboForm" = AI RoboForm (All Users)

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12

"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor

"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 10.0.7

"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20

"AudioCS" = Creative Audio Control Panel

"avast" = avast! Free Antivirus

"Behind the Reflection 2 Witchs Revenge 1.00" = Behind the Reflection 2 Witchs Revenge 1.00

"Between the Worlds 2 The Pyramid 1.00" = Between the Worlds 2 The Pyramid 1.00

"BFGC" = Big Fish Games: Game Manager

"BitTorrent" = BitTorrent

"Bluebeards Castle 1.00" = Bluebeards Castle 1.00

"CCleaner" = CCleaner

"Christmasville 1.00" = Christmasville 1.00

"Chronicles of Mystery - The Tree of Life ~ jJust For Fun Games" = Chronicles of Mystery - The Tree of Life ~ jJust For Fun Games

"Clutter 1.00" = Clutter 1.00

"Columbus Ghost of the Mystery Stone 1.00" = Columbus Ghost of the Mystery Stone 1.00

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"Creative Live! Cam Center" = Creative Live! Cam Center

"Creative Live! Cam Manager" = Creative Live! Cam Manager

"Creative Live! Cam Video IM Pro User's Guide English" = Creative Live! Cam Video IM Pro User's Guide (English)

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative VF0230" = Creative Live! Cam Video IM Pro Driver (1.00.07.0725)

"Crime and Punishment Who Framed Raskolnikov 1.00" = Crime and Punishment Who Framed Raskolnikov 1.00

"Dark Parables 3 Rise of the Snow Queen Collectors Edition 1.00" = Dark Parables 3 Rise of the Snow Queen Collectors Edition 1.00

"Escape The Emerald Star 1.00" = Escape The Emerald Star 1.00

"Facetheme" = Face Theme

"Fantastic Creations House of Brass Collectors Edition 1.00" = Fantastic Creations House of Brass Collectors Edition 1.00

"Flower of Immortality 1.00" = Flower of Immortality 1.00

"Gemsweeper_is1" = Gemsweeper 1.402

"Get Yahoo! Messenger" = Get Yahoo! Messenger

"Haunted Manor 2 Queen of Death Collectors Edition 1.00" = Haunted Manor 2 Queen of Death Collectors Edition 1.00

"Haunted Past Realm of Ghosts Collectors Edition 1.00" = Haunted Past Realm of Ghosts Collectors Edition 1.00

"HijackThis" = HijackThis 2.0.2

"hp deskjet 5600 series_Driver" = hp deskjet 5600 series

"HP Document Manager" = HP Document Manager 2.0

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"HPOCR" = OCR Software by I.R.I.S. 14.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Image Composer" = Microsoft Image Composer 1.5

"InstallShield_{71FD28F7-E697-40B4-8DC9-91E8B1B9AEE9}" = Wireless G WUA-1340

"JacquieLawsonAdventCalendar" = Jacquie Lawson Advent Calendar

"JLAdventCalendarLondon2011" = Jacquie Lawson London Advent Calendar

"Little Shop - Memories 1.052" = Little Shop - Memories 1.052

"Little Shop - Road Trip 1.00" = Little Shop - Road Trip 1.00

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MiPony" = MiPony 1.5.2

"Mishap 2 An Intentional Haunting Collectors Edition 1.00" = Mishap 2 An Intentional Haunting Collectors Edition 1.00

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"MSNINST" = MSN

"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Pahelika 2 Revelations 1.00" = Pahelika 2 Revelations 1.00

"Phenomenon City of Cyan 1.00" = Phenomenon City of Cyan 1.00

"PowerISO" = PowerISO

"Princess Isabella Return of the Curse Collectors Edition 1.00" = Princess Isabella Return of the Curse Collectors Edition 1.00

"PunkBusterSvc" = PunkBuster Services

"RarZilla Free Unrar" = RarZilla Free Unrar

"Red Crow Mysteries Legion 1.00" = Red Crow Mysteries Legion 1.00

"Rhiannon - Curse Of The Four Branches ." = Rhiannon - Curse Of The Four Branches .

"Shop for HP Supplies" = Shop for HP Supplies

"Special Enquiry Detail 2 1.00" = Special Enquiry Detail 2 1.00

"Stamps.com" = Stamps.com

"Stanza" = Stanza

"Steam App 22350" = Brink

"Steam App 400" = Portal

"Surface Mystery of Another World CE 1.00" = Surface Mystery of Another World CE 1.00

"SysInfo" = Creative System Information

"The Clockwork Man 2 The Hidden World Ultimate Edition 1.00" = The Clockwork Man 2 The Hidden World Ultimate Edition 1.00

"Toolbar Cleaner" = Toolbar Cleaner 1.0

"UHS Reader (Version 6.10)" = UHS Reader (Version 6.10)

"Uniblue RegistryBooster" = Uniblue RegistryBooster

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.9

"WIC" = Windows Imaging Component

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1177238915-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Juniper_Setup_Client" = Juniper Networks Setup Client

"Juniper_Term_Services" = Juniper Terminal Services Client

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/18/2012 4:59:47 PM | Computer Name = GLENNA-GAMER | Source = Application Hang | ID = 1001

Description = Fault bucket 1723027567.

Error - 3/18/2012 5:51:28 PM | Computer Name = GLENNA-GAMER | Source = Application Hang | ID = 1002

Description = Hanging application hpzsetup.exe, version 14.0.301.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2012 8:42:48 PM | Computer Name = GLENNA-GAMER | Source = Application Error | ID = 1000

Description = Faulting application templeoflife_thelegendoffourelementsce.exe, version

0.0.0.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.

Error - 3/18/2012 8:42:51 PM | Computer Name = GLENNA-GAMER | Source = Application Error | ID = 1001

Description = Fault bucket -1562415543.

Error - 3/19/2012 7:47:42 PM | Computer Name = GLENNA-GAMER | Source = Application Error | ID = 1000

Description = Faulting application templeoflife_thelegendoffourelementsce.exe, version

0.0.0.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.

Error - 3/20/2012 11:04:50 PM | Computer Name = GLENNA-GAMER | Source = Application Error | ID = 1000

Description = Faulting application templeoflife_thelegendoffourelementsce.exe, version

0.0.0.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.

Error - 3/25/2012 7:43:00 PM | Computer Name = GLENNA-GAMER | Source = Application Hang | ID = 1002

Description = Hanging application ST.exe, version 1.0.42.2, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/1/2012 6:43:32 PM | Computer Name = GLENNA-GAMER | Source = Diskeeper | ID = 5

Description = Diskeeper Control Center - ERROR The Diskeeper News and Information

feature was unable to contact the Diskeeper Corporation web server. Ensure this

computer has Internet access. The Error Code is 5.

Error - 4/2/2012 12:09:42 AM | Computer Name = GLENNA-GAMER | Source = Application Error | ID = 1000

Description = Faulting application ilivid.exe, version 0.0.0.0, faulting module

qtwebkit4.dll, version 4.7.3.0, fault address 0x00880e7c.

Error - 4/3/2012 12:15:02 AM | Computer Name = GLENNA-GAMER | Source = Application Hang | ID = 1002

Description = Hanging application OTL.exe, version 3.2.39.2, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 4/1/2012 2:13:00 PM | Computer Name = GLENNA-GAMER | Source = Schedule | ID = 7901

Description = The At4.job command failed to start due to the following error: %%2147942402

Error - 4/1/2012 4:33:24 PM | Computer Name = GLENNA-GAMER | Source = NETLOGON | ID = 3095

Description = This computer is configured as a member of a workgroup, not as a member

of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/1/2012 4:33:27 PM | Computer Name = GLENNA-GAMER | Source = Service Control Manager | ID = 7000

Description = The Remote Connections Service service failed to start due to the

following error: %%3

Error - 4/1/2012 8:00:00 PM | Computer Name = GLENNA-GAMER | Source = Schedule | ID = 7901

Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 4/2/2012 2:46:00 AM | Computer Name = GLENNA-GAMER | Source = Schedule | ID = 7901

Description = The At2.job command failed to start due to the following error: %%2147942402

Error - 4/2/2012 8:41:00 AM | Computer Name = GLENNA-GAMER | Source = Schedule | ID = 7901

Description = The At3.job command failed to start due to the following error: %%2147942402

Error - 4/2/2012 2:13:00 PM | Computer Name = GLENNA-GAMER | Source = Schedule | ID = 7901

Description = The At4.job command failed to start due to the following error: %%2147942402

Error - 4/2/2012 8:00:00 PM | Computer Name = GLENNA-GAMER | Source = Schedule | ID = 7901

Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 4/2/2012 11:42:01 PM | Computer Name = GLENNA-GAMER | Source = NETLOGON | ID = 3095

Description = This computer is configured as a member of a workgroup, not as a member

of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/2/2012 11:42:03 PM | Computer Name = GLENNA-GAMER | Source = Service Control Manager | ID = 7000

Description = The Remote Connections Service service failed to start due to the

following error: %%3

< End of report >

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

µTorrent

BitTorrent

Please take a look here:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.selectedEngine: "Search Results"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
    FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 5555
    FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
    FF - prefs.js..network.proxy.type: 0
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: F:\Program Files\Object\facetheme [2010/10/16 13:05:20 | 000,000,000 | ---D | M]
    [2012/04/01 21:06:39 | 000,002,519 | ---- | M] () -- F:\Documents and Settings\Glenna Montgomery\Application Data\Mozilla\Firefox\Profiles\md0hy31t.default\searchplugins\Search_Results.xml
    [2012/04/01 21:06:39 | 000,002,519 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1177238915-1303643608-839522115-1003\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - Reg Error: Value error. File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "F:\Program Files\Searchqu Toolbar" File not found
    O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "F:\Program Files\Searchqu Toolbar\Datamngr\ToolBar" File not found
    O34 - HKLM BootExecute: (autocheck autocheck gx??????????????????????????????)
    O34 - HKLM BootExecute: (autocheck autocheck ???+Ý????U)
    [2012/04/02 20:43:12 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2012/04/01 21:06:39 | 000,000,000 | ---D | C] -- F:\Program Files\Searchqu Toolbar

    :files
    F:\WINDOWS\tasks\At*.job

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.