Jump to content

search.chatzum.com cant be removed


Recommended Posts

Hi there

Vista - Processor: Pentium® Dual-Core CPU T4300 @2.10GHz 2.10GHz

Memory (RAM): 3.00GB

System Type: 32-bit Operating System

Model: HP Compaq Presario CQ61

Im new to this but on my sons laptop, everytime he now types in the bar to search anything, its 'hijacked' by search.chatzum.com. Its an annoying search engine that automatically redirects us to it and its undetected on the malware/virus check. I looked online about it and many have said it not only directs you to what you want, but it has many trojans on the chatzum page sending you to a fraudently domain.

My antivirus programs I used were: Spybot, Malware and Avast. It detected trojans but not the chatzum domain.

In my C:\ drive it has a chatzum.exe Application File. I have not done anything with it because I wanted to get advice first here, but I noticed the date (installed on 15/06/2012) but my son only noticed search.chatzum.com last night (06/07/2012) when it happened. It seems he downloaded something that came bundled with the search.chatzum.com bug.

I have attached DDS.txt and Attach.txt files and a screenprint of the file location.

I appreciate your taking the time to help me with this and hope it can be fixed.

Many thanks!!

Attach.txt

DDS.txt

post-114404-0-11117000-1341658049.jpg

Link to post
Share on other sites

Hello Lesca1 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

Ask Toolbar

My Scrap Nook Toolbar

PricePeep for Internet Explorer

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Hi Maniac

Thank you so you for helping me! Much appreciated! :)

I went to uninstall My Scap Nook Toolbar and it came up with:

Error Loading: C:\PROGA~1\MYSCRA~2\bar\1.bin\12Bar.dll

The specified module could not be found.

What can I do now to try and uninstall it as it wont let me?

Many thanks:)

Link to post
Share on other sites

Here is the first notepad ~ OTL.Txt:

OTL logfile created on: 10/07/2012 11:26:11 p.m. - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Tiresa Sio\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 63.87% Memory free

6.08 Gb Paging File | 4.83 Gb Available in Paging File | 79.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 287.05 Gb Total Space | 167.45 Gb Free Space | 58.33% Space Free | Partition Type: NTFS

Drive D: | 11.03 Gb Total Space | 1.30 Gb Free Space | 11.75% Space Free | Partition Type: NTFS

Computer Name: TIRESASIO-PC | User Name: Tiresa Sio | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 23:24:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tiresa Sio\Desktop\OTL.exe

PRC - [2012/07/07 16:56:49 | 000,218,624 | ---- | M] () -- C:\ProgramData\2degrees Mobile Broadband\OnlineUpdate\ouc.exe

PRC - [2012/07/07 03:28:04 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

PRC - [2012/06/22 10:40:16 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Tiresa Sio\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/03/07 13:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/03/07 13:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2011/09/02 00:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

PRC - [2011/08/18 11:41:40 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

PRC - [2011/07/21 22:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/11/17 01:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe

PRC - [2010/11/17 01:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe

PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe

PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe

PRC - [2009/06/03 20:43:18 | 000,450,652 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe

PRC - [2009/04/11 18:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe

PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/12/24 12:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe

PRC - [2008/08/27 02:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/08 08:47:30 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2008/09/24 12:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)

SRV - [2012/07/07 16:56:49 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\2degrees Mobile Broadband\UpdateDog\ouc.exe -- (2degrees Mobile Broadband. RunOuc)

SRV - [2012/07/07 03:28:05 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/05/25 06:58:41 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)

SRV - [2012/03/07 13:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/08/18 11:41:40 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/11/17 01:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)

SRV - [2010/10/13 05:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/06/21 19:31:18 | 000,064,328 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3001.dll -- (nosGetPlusHelper)

SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe -- (STacSV)

SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe -- (AESTFilters)

SRV - [2008/12/24 12:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008/08/27 02:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008/01/21 14:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012/07/07 16:56:59 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2012/07/07 16:56:58 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2012/07/07 16:56:58 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2012/03/07 13:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/07 13:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/07 13:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/03/07 13:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/07 13:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/03/07 13:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/08/08 08:17:58 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/08/08 08:17:57 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2010/07/14 11:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)

DRV - [2010/03/22 13:17:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2009/09/30 14:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/09/10 15:44:18 | 000,112,640 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2009/06/03 20:43:18 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)

DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2008/01/21 14:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®

DRV - [2007/06/19 12:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=91&bd=Presario&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.chatzum.com/?q={searchTerms}

IE - HKLM\..\SearchScopes\{8017DED9-6206-45F5-84A9-7AF743F6F247}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1851&query={searchTerms}&invocationType=tb50hpcnnbie7-en-nz

IE - HKLM\..\SearchScopes\{8D7BCC95-4B3A-4597-B533-7B32EBE22488}: "URL" = http://www.searchcanvas.com/web?ot=3&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en

IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={9448C3E2-F37B-4890-AA30-C852B4425769}&mid=b122643086e447d0aca9d16fd8dfa08b-3883406bb633ce3b2f3c2d552f90146e8af4ad0f〈=en&ds=cv011&pr=sa&d=2012-04-28 14:55:26&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Tiresa Sio\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tiresa Sio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tiresa Sio\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Tiresa Sio\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tiresa Sio\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tiresa Sio\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/27 22:49:44 | 000,000,000 | ---D | M]

[2009/12/04 20:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tiresa Sio\AppData\Roaming\mozilla\Extensions

[2009/12/04 20:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tiresa Sio\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Tiresa Sio\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Tiresa Sio\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll

CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Tiresa Sio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Tiresa Sio\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Users\Tiresa Sio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Tiresa Sio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Tiresa Sio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/07 20:30:33 | 000,442,985 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15221 more lines...

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found

O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found

O3 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003..\Run: [Akamai NetSession Interface] C:\Users\Tiresa Sio\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" File not found

O4 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003..\Run: [sME] C:\ProgramData\162fac\SM162_302.exe ()

O4 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - Startup: C:\Users\Tiresa Sio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..Trusted Domains: digital-supply.com ([]http in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Scrapbook%20Paige/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwebbooks.com/reader/dbplugin.cab (DNL Reader)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271139069705 (Reg Error: Key error.)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Exorcist/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4A48640-E286-4E05-8D79-AD0232AC0B86}: DhcpNameServer = 118.148.1.10 118.148.1.20

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC77A67C-4150-4D65-A072-2AF8A6919136}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1026E7F-77E1-4B62-8886-C4A485C9EF16}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Users\Tiresa Sio\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Tiresa Sio\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/19 09:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2cc8fe94-c7ae-11e1-8972-00269e3b4978}\Shell - "" = AutoRun

O33 - MountPoints2\{2cc8fe94-c7ae-11e1-8972-00269e3b4978}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{2cc8feb0-c7ae-11e1-8972-001e101f2c0e}\Shell - "" = AutoRun

O33 - MountPoints2\{2cc8feb0-c7ae-11e1-8972-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{f1c61443-42ec-11e0-b835-00269e3b4978}\Shell - "" = AutoRun

O33 - MountPoints2\{f1c61443-42ec-11e0-b835-00269e3b4978}\Shell\AutoRun\command - "" = G:\HPLauncher.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 23:24:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tiresa Sio\Desktop\OTL.exe

[2012/07/09 23:12:41 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\Desktop\2012-07 (Jul)

[2012/07/07 21:51:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tiresa Sio\Desktop\dds.scr

[2012/07/07 16:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2degrees Mobile Broadband

[2012/07/07 16:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\2degrees Mobile Broadband

[2012/07/07 16:57:48 | 000,085,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys

[2012/07/07 16:57:48 | 000,051,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys

[2012/07/07 16:57:48 | 000,026,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys

[2012/07/07 16:57:45 | 000,072,576 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys

[2012/07/07 16:57:35 | 000,860,928 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys

[2012/07/07 16:57:35 | 000,116,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys

[2012/07/07 16:57:35 | 000,106,880 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys

[2012/07/07 16:57:35 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys

[2012/07/07 16:57:35 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys

[2012/07/07 16:57:23 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys

[2012/07/07 16:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\2degrees Mobile Broadband

[2012/07/07 16:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService

[2012/07/07 04:21:32 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\AppData\Roaming\DriverCure

[2012/07/07 04:21:31 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\AppData\Roaming\SpeedyPC Software

[2012/07/07 04:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

[2012/07/07 03:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012/07/07 03:58:00 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/07/07 02:27:40 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\AppData\Local\{FFB9E763-7D67-47B0-8E7E-AA768E405A8F}

[2012/07/07 02:15:15 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\Contacts\Documents\sw4b4

[2012/07/06 20:18:06 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\Desktop\MOVIES

[2012/07/06 20:15:32 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\AppData\Local\CRE

[2012/07/06 20:15:05 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\AppData\Local\Conduit

[2012/07/04 21:54:43 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\AppData\Roaming\Games

[2012/07/04 14:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment

[2012/07/04 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\Desktop\WIRELESS INFO

[2012/07/03 06:20:23 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\AppData\Roaming\CasualForge

[2012/07/03 06:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CasualForge

[2012/07/02 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/07/02 00:42:04 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\AppData\Roaming\quickclick

[2012/06/21 12:56:28 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\Contacts\Documents\MyHeritage

[2012/06/19 12:44:23 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\Desktop\FAMILY PICS

[2012/06/17 12:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Fenomen Games

[2012/06/15 14:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems

[2012/06/12 19:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2010/06/29 22:36:31 | 001,228,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Tiresa Sio\Photoshop_12_LS1.exe

[2010/03/26 22:41:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Tiresa Sio\AppData\Roaming\pcouffin.sys

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Tiresa Sio\Contacts\Documents\*.tmp files -> C:\Users\Tiresa Sio\Contacts\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/10 23:24:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tiresa Sio\Desktop\OTL.exe

[2012/07/10 23:21:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3800679263-2657678675-3102809212-1003UA.job

[2012/07/10 22:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/10 22:01:57 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\PersonalSec.job

[2012/07/10 22:01:44 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/10 22:01:44 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/10 22:01:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/10 22:01:33 | 3146,735,616 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/10 20:21:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3800679263-2657678675-3102809212-1003Core.job

[2012/07/10 00:50:08 | 000,331,249 | ---- | M] () -- C:\Users\Tiresa Sio\Desktop\Reference_TSio.pdf

[2012/07/10 00:50:07 | 000,000,471 | ---- | M] () -- C:\Users\Tiresa Sio\Desktop\Reference_TSio.pdf.lnk

[2012/07/09 23:04:01 | 000,149,408 | ---- | M] () -- C:\Users\Tiresa Sio\Desktop\discontinuationandorbackdatingafterduedate.pdf

[2012/07/09 23:03:54 | 000,192,657 | ---- | M] () -- C:\Users\Tiresa Sio\Desktop\Withdrawl_App.pdf

[2012/07/09 22:14:28 | 000,128,661 | ---- | M] () -- C:\Users\Tiresa Sio\Desktop\ADEN1031_Backdate_Discontinue_FRM_WEB.pdf

[2012/07/08 18:03:54 | 000,026,791 | ---- | M] () -- C:\Users\Tiresa Sio\Desktop\My Scrap Nook.jpg

[2012/07/08 17:58:15 | 000,002,573 | ---- | M] () -- C:\Users\Tiresa Sio\Desktop\Microsoft Word 2010.lnk

[2012/07/08 17:51:20 | 000,113,152 | ---- | M] () -- C:\Users\Tiresa Sio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/08 14:54:32 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/07/08 14:54:32 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/07/08 10:25:30 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job

[2012/07/07 22:46:49 | 000,143,437 | ---- | M] () -- C:\Users\Tiresa Sio\Desktop\Chatzum.jpg

[2012/07/07 22:46:21 | 000,002,265 | ---- | M] () -- C:\Users\Tiresa Sio\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2012/07/07 21:52:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tiresa Sio\Desktop\dds.scr

[2012/07/07 21:50:38 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/07 20:30:33 | 000,442,985 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/07/07 16:58:35 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\2degrees Mobile Broadband.lnk

[2012/07/07 16:57:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf

[2012/07/07 16:57:00 | 000,860,928 | ---- | M] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys

[2012/07/07 16:56:59 | 000,085,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys

[2012/07/07 16:56:59 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys

[2012/07/07 16:56:59 | 000,051,456 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys

[2012/07/07 16:56:59 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys

[2012/07/07 16:56:59 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys

[2012/07/07 16:56:58 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys

[2012/07/07 16:56:58 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys

[2012/07/07 16:56:58 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys

[2012/07/07 16:56:58 | 000,023,424 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys

[2012/07/07 10:27:01 | 000,002,493 | ---- | M] () -- C:\Users\Tiresa Sio\Desktop\HiJackThis.lnk

[2012/07/07 09:01:24 | 000,001,356 | ---- | M] () -- C:\Users\Tiresa Sio\AppData\Local\d3d9caps.dat

[2012/07/04 10:30:07 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk

[2012/07/02 00:14:16 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk

[2012/06/30 02:07:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTiresa Sio.job

[2012/06/15 08:44:20 | 003,826,112 | ---- | M] () -- C:\chatzum.exe

[2012/06/14 10:31:17 | 005,582,541 | ---- | M] () -- C:\Users\Tiresa Sio\Desktop\Def Leppard - Love Bites.mp3

[2012/06/14 03:37:10 | 003,759,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/06/12 18:37:28 | 110,481,408 | ---- | M] () -- C:\Users\Tiresa Sio\Contacts\Documents\Capture(0).mpg

[2012/06/12 18:37:14 | 110,481,408 | ---- | M] () -- C:\Users\Tiresa Sio\Contacts\Documents\Capture.mpg

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Tiresa Sio\Contacts\Documents\*.tmp files -> C:\Users\Tiresa Sio\Contacts\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/10 00:50:07 | 000,331,249 | ---- | C] () -- C:\Users\Tiresa Sio\Desktop\Reference_TSio.pdf

[2012/07/10 00:50:07 | 000,000,471 | ---- | C] () -- C:\Users\Tiresa Sio\Desktop\Reference_TSio.pdf.lnk

[2012/07/09 23:04:01 | 000,149,408 | ---- | C] () -- C:\Users\Tiresa Sio\Desktop\discontinuationandorbackdatingafterduedate.pdf

[2012/07/09 23:03:54 | 000,192,657 | ---- | C] () -- C:\Users\Tiresa Sio\Desktop\Withdrawl_App.pdf

[2012/07/09 22:14:28 | 000,128,661 | ---- | C] () -- C:\Users\Tiresa Sio\Desktop\ADEN1031_Backdate_Discontinue_FRM_WEB.pdf

[2012/07/08 18:03:04 | 000,026,791 | ---- | C] () -- C:\Users\Tiresa Sio\Desktop\My Scrap Nook.jpg

[2012/07/07 22:46:49 | 000,143,437 | ---- | C] () -- C:\Users\Tiresa Sio\Desktop\Chatzum.jpg

[2012/07/07 21:50:38 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/07 16:58:35 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\2degrees Mobile Broadband.lnk

[2012/07/07 16:57:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf

[2012/07/07 09:04:44 | 3146,735,616 | -HS- | C] () -- C:\hiberfil.sys

[2012/07/07 03:58:00 | 000,002,493 | ---- | C] () -- C:\Users\Tiresa Sio\Desktop\HiJackThis.lnk

[2012/07/01 23:17:02 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk

[2012/06/15 08:44:20 | 003,826,112 | ---- | C] () -- C:\chatzum.exe

[2012/06/13 23:25:58 | 005,582,541 | ---- | C] () -- C:\Users\Tiresa Sio\Desktop\Def Leppard - Love Bites.mp3

[2012/06/13 11:00:57 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTiresa Sio.job

[2012/03/24 12:12:06 | 000,032,150 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Local\slot1.mm1

[2012/03/13 11:48:20 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012/03/13 11:02:51 | 000,000,525 | ---- | C] () -- C:\Users\Tiresa Sio\Peni_Pua_60thbday.xspf

[2011/07/16 21:29:31 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2011/06/13 18:47:33 | 000,003,947 | ---- | C] () -- C:\Users\Tiresa Sio\Snapshot 1 (13-06-2011 6-47 p.m.).png

[2011/03/15 18:49:20 | 000,000,946 | ---- | C] () -- C:\Users\Tiresa Sio\CyberLink YouCam.lnk

[2010/12/28 12:56:04 | 000,027,088 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Roaming\UserTile.png

[2010/11/21 11:20:18 | 000,000,114 | ---- | C] () -- C:\Windows\WINCHESS.INI

[2010/11/09 18:49:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/09/10 10:22:57 | 000,000,241 | ---- | C] () -- C:\Windows\cncscore.ini

[2010/06/29 22:36:31 | 1026,293,791 | ---- | C] () -- C:\Users\Tiresa Sio\Photoshop_12_LS1.7z

[2010/06/21 20:09:52 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010/06/21 20:09:52 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ECEFC28617.sys

[2010/05/23 02:18:49 | 000,000,016 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Roaming\qvjsge.dat

[2010/04/25 22:12:01 | 000,000,552 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Local\d3d8caps.dat

[2010/03/26 22:43:17 | 000,001,057 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Roaming\vso_ts_preview.xml

[2010/03/26 22:41:52 | 000,087,608 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Roaming\inst.exe

[2010/03/26 22:41:52 | 000,007,887 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Roaming\pcouffin.cat

[2010/03/26 22:41:52 | 000,001,144 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Roaming\pcouffin.inf

[2010/03/13 10:44:17 | 000,796,987 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Local\Kidspiration.chm

[2010/01/20 17:56:46 | 000,181,573 | ---- | C] () -- C:\Users\Tiresa Sio\ateform.pdf

[2009/12/01 18:05:18 | 000,000,373 | ---- | C] () -- C:\Users\Tiresa Sio\Pictures - Shortcut.lnk

[2009/11/28 18:26:01 | 000,001,356 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Local\d3d9caps.dat

[2009/11/25 22:12:49 | 000,113,152 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/20 21:59:10 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini

[1980/01/01 00:00:00 | 000,069,390 | ---- | C] () -- C:\Users\Tiresa Sio\document.xml

========== LOP Check ==========

[2009/11/28 17:31:32 | 000,000,000 | ---D | M] -- C:\Users\Family Use\AppData\Roaming\FloodLightGames

[2010/08/23 17:04:50 | 000,000,000 | ---D | M] -- C:\Users\Family Use\AppData\Roaming\funkitron

[2009/11/28 08:25:57 | 000,000,000 | ---D | M] -- C:\Users\Family Use\AppData\Roaming\Gamelab

[2011/12/10 07:14:57 | 000,000,000 | ---D | M] -- C:\Users\Family Use\AppData\Roaming\ICAClient

[2010/08/23 17:44:26 | 000,000,000 | ---D | M] -- C:\Users\Family Use\AppData\Roaming\SoftGrid Client

[2009/11/26 13:19:09 | 000,000,000 | ---D | M] -- C:\Users\Family Use\AppData\Roaming\WildTangent

[2010/12/17 14:14:08 | 000,000,000 | -HSD | M] -- C:\Users\Tiresa Sio\AppData\Roaming\.#

[2011/07/08 19:49:43 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\3 Days Zoo Mystery

[2011/01/06 02:20:55 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets

[2011/02/15 22:20:17 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Absolutist

[2012/04/15 14:56:16 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Alawar

[2012/01/19 22:05:59 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\AnvSoft

[2012/01/28 15:57:58 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Artifex Mundi

[2012/04/28 14:51:56 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Avnex

[2011/05/01 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Awem

[2011/04/25 03:38:26 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\AzuazGames

[2010/02/20 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Big Fish Games

[2011/07/08 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\blg

[2011/01/24 00:58:43 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\BloodTies

[2011/03/26 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Boolat Games

[2011/01/29 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Boomzap

[2011/01/22 05:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Casual Mechanics

[2012/07/03 06:20:23 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\CasualForge

[2011/03/26 20:39:27 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\cerasus.media

[2012/05/26 13:45:24 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/01/18 19:40:43 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2010/01/20 17:59:05 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/01/28 22:57:12 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\CursedOnboard

[2012/07/04 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Deep Shadows

[2012/05/26 14:30:33 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\DGform

[2012/07/07 04:21:32 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\DriverCure

[2012/03/13 10:49:58 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\DVDVideoSoft

[2011/04/25 02:37:32 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Dying for Daylight

[2011/04/25 02:37:53 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Dying for Daylight Shared

[2012/03/25 14:42:24 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Enlightenus_iWin

[2010/02/20 21:21:31 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\EscapeTheMuseum2

[2010/04/13 18:12:00 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Facebook

[2011/09/05 13:05:09 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\FaceOffMax

[2012/03/24 18:26:40 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Flood Light Games

[2011/01/31 21:16:58 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Floodlight Games

[2011/01/06 00:01:11 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Freeze Tag

[2011/01/30 19:38:03 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\FreezeTag

[2009/12/02 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\funkitron

[2012/07/02 00:30:17 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Funlinker

[2011/02/23 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Gaijin Ent

[2012/03/24 16:42:18 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\GameHouse

[2012/01/25 12:44:24 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\GameInvest

[2011/02/24 09:32:05 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Gamelab

[2011/01/28 22:24:29 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\GamersDigital

[2012/07/04 21:54:43 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Games

[2011/05/29 10:46:21 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\GestaltGames

[2010/10/04 20:05:00 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\GetRightToGo

[2011/01/28 08:12:21 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Gogii

[2012/05/14 20:36:01 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Gogii Games

[2011/05/28 23:34:00 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\GuardiansOfMagic

[2012/01/22 13:40:45 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Happy Muffin Top

[2011/10/25 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\ICAClient

[2010/03/13 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Inspiration Software

[2012/04/15 14:07:10 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\IronCode

[2010/12/10 21:22:00 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\iWin

[2011/03/20 08:06:00 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Jewel Keepers Easter Island

[2012/01/28 03:24:25 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Jewel Match 3

[2012/03/24 22:20:50 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\LaJangada

[2012/04/15 15:20:02 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Legends of pirates

[2011/01/06 03:30:04 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Magic Academy

[2012/01/22 13:48:51 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\MagicIndie

[2011/08/15 14:03:18 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\ManifestoGames

[2012/01/23 15:41:58 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\margrave3_full

[2011/01/29 23:00:03 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\MemoryClinic

[2012/01/28 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Meridian93

[2011/05/29 10:44:02 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Merscom

[2009/11/30 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Motorola

[2011/08/14 23:29:04 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\MumboJumbo

[2009/11/30 21:35:13 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\muvee Technologies

[2011/05/01 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\My Games

[2011/02/24 12:08:52 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Mystery of Mortlake Mansion

[2011/01/20 00:10:53 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\MysteryStudio

[2010/10/14 18:58:03 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\NJB

[2010/05/31 09:58:33 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\NVD

[2011/03/23 23:06:05 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Old Castle

[2009/11/30 16:18:03 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Panasonic

[2012/01/31 21:30:07 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\PathToSuccess

[2010/12/28 12:56:04 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\PeerNetworking

[2012/01/25 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Ph03nixNewMedia

[2011/03/21 12:23:53 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Phantasmat_wildgames_se

[2010/06/26 21:06:10 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\PhotoScape

[2012/04/15 14:03:10 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\PlayFirst

[2012/01/27 23:26:24 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\playmink

[2011/06/13 20:21:15 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Playrix Entertainment

[2012/03/24 14:32:12 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\PoBros

[2011/06/19 18:23:25 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Pogo Games

[2010/02/20 20:05:27 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\PopCapv1002

[2011/03/21 21:58:55 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Princess Isabella

[2012/07/03 00:36:45 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\quickclick

[2012/01/29 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Scholastic

[2012/02/01 19:06:59 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\SMIGames

[2010/12/01 09:21:07 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\SoftGrid Client

[2012/07/07 04:21:31 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\SpeedyPC Software

[2011/07/16 19:18:50 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\SpinTop

[2012/01/22 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\SpinTop Games

[2011/02/04 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Supermarket Mania 2

[2011/03/18 15:13:03 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\The Inquisitor

[2011/01/12 15:38:07 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\TitanicMystery

[2010/11/28 16:50:53 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\TP

[2011/01/29 14:21:56 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\TripleHippo

[2010/05/18 22:21:14 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Uniblue

[2011/01/15 21:52:05 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Valusoft

[2011/01/27 23:20:25 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\VampireSaga

[2012/01/26 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\VampireSagaHL

[2011/01/27 23:17:44 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Vast Studios

[2010/03/26 22:50:44 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Vso

[2011/04/25 23:38:51 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\WhiteBirdsProductions

[2011/02/15 19:55:50 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Wildgames_DressUpRush

[2012/07/02 00:14:03 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\WildTangent

[2011/02/15 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\WildTangentv1000

[2010/10/25 23:56:21 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\Windows Live Writer

[2011/03/22 22:41:52 | 000,000,000 | ---D | M] -- C:\Users\Tiresa Sio\AppData\Roaming\World-LooM

[2012/07/08 10:25:30 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Driver Fetch.job

[2012/07/10 22:01:57 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\PersonalSec.job

[2012/07/10 22:00:34 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Tiresa Sio\Contacts\Documents\Capture.mpg:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\Tiresa Sio\Contacts\Documents\Capture(0).mpg:TOC.WMV

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C7E1612B

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4A448DB2

@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:46FD5052

@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:204C7BBB

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2

@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:6444B424

@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:1E518ADC

< End of report >

Link to post
Share on other sites

Here is the second notepad Extras.Txt:

OTL Extras logfile created on: 10/07/2012 11:26:11 p.m. - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Tiresa Sio\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 63.87% Memory free

6.08 Gb Paging File | 4.83 Gb Available in Paging File | 79.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 287.05 Gb Total Space | 167.45 Gb Free Space | 58.33% Space Free | Partition Type: NTFS

Drive D: | 11.03 Gb Total Space | 1.30 Gb Free Space | 11.75% Space Free | Partition Type: NTFS

Computer Name: TIRESASIO-PC | User Name: Tiresa Sio | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallDisableNotify" = 0

"FirewallOverride" = 0

"FirstRunDisabled" =

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{023205A8-E37A-45DB-BB80-1328082B514F}" = rport=5358 | protocol=6 | dir=out | app=system |

"{082C0B06-71AF-4DC1-94E7-6FA97A45C913}" = lport=5985 | protocol=6 | dir=in | app=system |

"{09A6A47E-A45F-4B3F-83D1-B2C411FFE740}" = rport=138 | protocol=17 | dir=out | app=system |

"{0F58B21A-AA23-48F9-AB14-25D78AB0FFEA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{10C429BC-0CF0-43C1-966F-9226FE13E96E}" = rport=445 | protocol=6 | dir=out | app=system |

"{1142507B-AD80-422D-902E-45AC3CF4288C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{11F25400-8000-4524-A32F-D62930390021}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{1463A551-1E40-4F1A-87C8-0DCA01464EF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{15CCC099-4883-46C1-86E1-A204F0912A77}" = lport=5358 | protocol=6 | dir=in | app=system |

"{165A1A79-2812-4D6F-8CE0-1EE4F2A3766C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{18ED2B57-07D6-49F0-A977-CC0530C4D979}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |

"{1A90B2BC-DBF3-4E9D-8B97-14CD7A2DB0A8}" = rport=5357 | protocol=6 | dir=out | app=system |

"{22CE3520-A9C2-4B14-AB4A-B939A8B840B7}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 |

"{2E75FE15-292C-48F4-9DC7-BD28C1832A68}" = lport=1701 | protocol=17 | dir=in | app=system |

"{30ABEE54-C989-464C-A165-F682B5CFEC68}" = lport=1723 | protocol=6 | dir=in | app=system |

"{30FD0CD7-711C-4CCD-9BF3-E1DA2197B636}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |

"{3242518B-947D-4E9D-B2D6-E69D9D17E00A}" = rport=139 | protocol=6 | dir=out | app=system |

"{38ED476A-18DC-412B-B2BC-930FFDD45FCD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{3E18373A-7B9D-4829-A35D-3822FC2E20B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{3F3366F5-52A1-4D41-95C2-764AC46E1690}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |

"{44911297-4B94-4F2A-BC56-24CB6AB1844D}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |

"{44B91CD0-1C36-4BAF-B7D6-19A7433F381A}" = lport=445 | protocol=6 | dir=in | app=system |

"{46B03C16-C3C5-466A-B390-DDDE8EA099FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4B5D080A-1FF3-4F6C-9E9A-64E5B575B55E}" = lport=138 | protocol=17 | dir=in | app=system |

"{4BED1B86-414F-4C2B-8E35-C8AA24974349}" = rport=137 | protocol=17 | dir=out | app=system |

"{4EE361E1-3C32-4128-8764-0395308281AA}" = rport=1723 | protocol=6 | dir=out | app=system |

"{4FEE997C-65E0-4190-8107-70BD287735D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5285E826-369E-42AC-A369-6FE4B72F8AC1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{66201803-91A7-439C-8EF0-4294F8AB0FBC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{67713FDC-2423-45E7-917A-21E452A59D5F}" = lport=445 | protocol=6 | dir=in | app=system |

"{6D4DB902-BB85-49A3-96C3-752F702EBE99}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |

"{73F31359-4603-4959-ADFB-66A0F4113D53}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{74460258-26A7-4703-80BC-B2266C62EFEE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{78689257-799D-4645-B46C-DCF68F9CA672}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |

"{836A49AD-6DCC-4153-AAC7-7D760676321D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{894D6234-6F55-453D-8148-581E9A1F6373}" = lport=445 | protocol=6 | dir=in | app=system |

"{8A476F5D-012E-4439-9784-1057358DEAA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8B7277DF-E67C-4DAA-A656-B1BD278F8F15}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{9C1B4230-8B8E-4445-8A8D-424315DCEC1D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{9ED9DA89-D8F2-4294-97C8-16481F39E8C9}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |

"{B2674C4E-A328-4201-96A1-07939C241C14}" = lport=5357 | protocol=6 | dir=in | app=system |

"{B8E65F5C-0BCE-40DE-BB01-38BD8DE7CFD1}" = lport=445 | protocol=6 | dir=in | app=system |

"{C2833ECC-108F-4481-86CC-1786E1D8B013}" = lport=445 | protocol=6 | dir=in | app=system |

"{C2DF031C-62C4-4846-A556-C6FC974A4159}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C9068AE9-82EB-485C-B7A9-17425EAF5516}" = lport=80 | protocol=6 | dir=in | name=nzmaths.co.nz |

"{C99AD1F8-2C24-44B6-A7D2-E3D4F2D5FD37}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{D0F631D3-E157-443E-93DB-971B1EEE389F}" = lport=139 | protocol=6 | dir=in | app=system |

"{D4A64804-F975-4E68-8434-D1A2ADAEA94B}" = lport=137 | protocol=17 | dir=in | app=system |

"{DA18AAB0-5077-4A5F-B831-18C336A24F78}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{E89DF63A-AA9C-4B3B-8DB3-E9CCF742B3AF}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |

"{E8C4110A-1C50-4144-9366-05FB9B39549C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{EDBD5E4B-8BE2-4C86-B639-F48D35DDE665}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |

"{F038686F-30D7-47AE-A638-FD43B817E48D}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |

"{FD0B6D59-A709-477F-BE11-FB8E7C180CE3}" = rport=1701 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A1DB7F1-0483-4D88-A6C9-FF792C68E90F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |

"{13643F5E-4DC7-4A14-9FBD-1F28F44FE763}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{23282CC0-15EB-41F9-8AA1-7AEF12ADA571}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{24843A0D-4F5F-42B3-95C6-9042F7ADA8D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{25E3B7B1-61CD-49FB-8FCC-3AA62512189A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{276C7FC8-5301-4781-ACD0-B0C9140E39A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{28386614-B9FB-4D23-A396-9C577901BDAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{2B1AA8F3-FCF2-42A9-B159-34EF904EA515}" = protocol=6 | dir=in | app=c:\users\tiresa sio\appdata\local\temp\~ose2e0.tmp\rlvknlg.exe |

"{2D22AEBC-23C7-4474-879B-D7CA787C8205}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{2E5E6474-BF3A-4847-AB82-75C1BEC4BB79}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{31B70ADF-0FCE-4145-9C83-6628274AE55E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |

"{35248567-7049-4DFC-A33B-6A7B9E077D53}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |

"{4293C471-F4A4-4874-90E7-E082C92A8611}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{42AC2D40-DDAC-4849-B4C6-4CE405F0F5B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{4BD0133A-E7DB-4E2F-B067-7839F64E13DA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{55433660-407C-44C5-AB31-BFE995024DB6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |

"{680782D8-407F-44A4-8F64-16AEFA66B249}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{6AE97B62-D20C-4F43-AD96-0FE93D4E8CA7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{72DC03B4-E39A-4F28-86DB-9FC2FD431CDD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{7301A9B8-9C34-42D4-8DEF-8714217F733D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |

"{81943418-8023-473C-9687-3B29C058F634}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{83740EB5-B7A9-4B30-BDDF-67590C5369D2}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |

"{88633FB9-BB5C-493C-AC3C-ACECB7A0E2FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

"{95B667AD-4F9F-4A51-800B-8E2A396B4C42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{99840184-209B-41A5-BC1B-B1887BD8F7BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{9A48CA0F-4168-4D0B-919D-E78EA845C7E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{9E04685A-3CD9-419A-929C-09CA9889648B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{A26EFDE2-379A-470F-8D84-FE21EB7D3097}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{AF5B7EEE-4271-4E33-90CC-7BC4B776AE18}" = dir=in | app=c:\users\tiresa sio\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{BD8E0DFD-B8BF-46F0-98A2-17DB496EAE29}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |

"{C667FC01-B4BE-4D1D-8BD2-91E6EA9DE639}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{C971B255-E42A-4645-8C0C-95FBDB071F88}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{CEE11256-B58F-4FA4-9B3C-4BFEBD41D147}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{CF8EAE0D-F2B2-414C-B138-A368127E2BB3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |

"{DD3D32B2-6612-40D5-AB93-52D626FD71B4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{E09F6637-07CE-44A4-8702-83610ADAD531}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |

"{E1972198-62E8-451E-99FB-B6600794ED79}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{F0DE6541-D833-4F3C-8F9A-CBB7B65E856D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"TCP Query User{5B858B1C-D161-42A8-97CB-8E1C385B4CFF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"TCP Query User{853CDB8E-9E8F-4C90-A930-CFE80CB59C93}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{8BEF116F-9FF5-48CC-A4B0-84557CA37589}C:\users\tiresa sio\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tiresa sio\appdata\local\akamai\netsession_win.exe |

"TCP Query User{E6737710-0852-47A2-B5B3-D5933570E68C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{F87D3227-2E3B-4365-8C79-F09FA8C4B644}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"TCP Query User{FA58A364-388A-4551-A55B-FEEA9F53D2D4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{0C3E1C81-8200-4C23-88EE-A6C19F5B5D6D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"UDP Query User{185301E0-82AD-429D-B4AC-E01325ADA4F4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{81718588-4C35-4C96-8C44-24F5A1012067}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{943C26D7-F811-42C9-A476-82C83844E792}C:\users\tiresa sio\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tiresa sio\appdata\local\akamai\netsession_win.exe |

"UDP Query User{965FFC54-3309-4AF5-A531-66655B7A1AE9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"UDP Query User{AF597A0B-EFF9-41B0-87E9-72EE922B674F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor

"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E0E6066-A687-448D-BFC4-D58BE3399C3B}" = SoftStylus

"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus+® Download Manager for Corel

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6B25BB26-A1EC-4A23-AB6C-211E57B67777}" = LightScribe System Software

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library

"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help

"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1

"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup

"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant

"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D2A0B573-BDC0-4F5B-9202-A8D9B7781664}" = GEAR driver installer for x86 and x64

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant

"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal

"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari

"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy

"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)

"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"2degrees Mobile Broadband" = 2degrees Mobile Broadband

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Akamai" = Akamai NetSession Interface Service

"AOL Toolbar" = AOL Toolbar 5.0

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"E.M. DVD Copy_is1" = E.M. DVD Copy 2.72

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MyScrapNook_12bar Uninstall" = My Scrap Nook Toolbar

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"PhotoScape" = PhotoScape

"Shop for HP Supplies" = Shop for HP Supplies

"VLC media player" = VLC media player 1.1.10

"WildTangent hp Master Uninstall" = HP Games

"WildTangent wildgames Master Uninstall" = WildTangent Games

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite" = Windows Live Essentials

"WTA-0143965a-0301-4927-80f3-e6598d4f9cca" = Cases of Stolen Beauty

"WTA-052daf4a-36ea-4fbb-a8d2-d087e008727e" = Whispered Stories: Sandman

"WTA-0579649b-99ce-41b6-860c-2c2acf07518e" = Adventure Chronicles

"WTA-154753da-babb-42fb-9898-5352fd5949ca" = Live Novels Jane Austin's Pride and Prejudice

"WTA-15aa00f7-3841-4ead-949a-07b577792c42" = The Fool

"WTA-6d39ef31-c1c7-45e7-b8ed-0bee6cad78ee" = Party Planner

"WTA-7cfc7247-ee5c-436e-9b46-6436ba3c3423" = Tornado

"WTA-84bdc6f4-3589-436e-859d-cf13c6d3afee" = Path to Success

"WTA-862e9836-47b2-4ee6-ae6f-f04a5d4ad8e3" = Natalie Brooks - Secrets of Treasure House

"WTA-9b984d42-3f10-4d9d-8d3c-18a7b6d507cf" = Department 42: The Mystery of the Nine

"WTA-a63e24ea-8a6d-46d6-bb0f-5883974c5bf7" = Temple of Life Collector's Edition

"WTA-af62553f-4327-4308-8859-508e86716ece" = Hotel Mogul

"WTA-ccad39db-0e4a-4194-8161-25adda9c5532" = Gardenscapes: Mansion Makeover

"WTA-cf22693d-cc50-4453-bf97-38b6afd632ca" = Rare Treasures: Dinnerware Trading Co.

"WTA-f175dd31-da81-49e6-8617-3fa1137a481b" = The Golden Years: Way Out West

"Yahoo! Companion" = Yahoo!Xtra Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3800679263-2657678675-3102809212-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Facebook Plug-In" = Facebook Plug-In

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/07/2012 2:43:52 a.m. | Computer Name = TiresaSio-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1846022

Error - 10/07/2012 2:43:53 a.m. | Computer Name = TiresaSio-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/07/2012 2:43:53 a.m. | Computer Name = TiresaSio-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1847426

Error - 10/07/2012 2:43:53 a.m. | Computer Name = TiresaSio-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1847426

Error - 10/07/2012 2:43:55 a.m. | Computer Name = TiresaSio-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/07/2012 2:43:55 a.m. | Computer Name = TiresaSio-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1848986

Error - 10/07/2012 2:43:55 a.m. | Computer Name = TiresaSio-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1848986

Error - 10/07/2012 3:16:44 a.m. | Computer Name = TiresaSio-PC | Source = Application Error | ID = 1000

Description = Faulting application AUDIODG.EXE, version 6.0.6002.18005, time stamp

0x49e02218, faulting module stapo.dll, version 1.0.6209.0, time stamp 0x4a26e359,

exception code 0xc0000005, fault offset 0x000926ae, process id 0x528, application

start time 0x01cd5c19c62ad036.

Error - 10/07/2012 6:03:34 a.m. | Computer Name = TiresaSio-PC | Source = WinMgmt | ID = 10

Description =

Error - 10/07/2012 6:07:22 a.m. | Computer Name = TiresaSio-PC | Source = Application Error | ID = 1000

Description = Faulting application hpqtra08.exe, version 100.0.170.0, time stamp

0x4712cda0, faulting module HpqCPTA.dll, version 12.0.0.243, time stamp 0x48a53ed2,

exception code 0xc0000005, fault offset 0x00009e07, process id 0xc9c, application

start time 0x01cd5e838948c92d.

[ System Events ]

Error - 7/07/2012 4:25:18 a.m. | Computer Name = TiresaSio-PC | Source = Service Control Manager | ID = 7034

Description =

Error - 7/07/2012 11:02:51 a.m. | Computer Name = TiresaSio-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 8/07/2012 11:02:46 a.m. | Computer Name = TiresaSio-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 9/07/2012 11:03:15 a.m. | Computer Name = TiresaSio-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 10/07/2012 2:43:40 a.m. | Computer Name = TiresaSio-PC | Source = Service Control Manager | ID = 7011

Description =

Error - 10/07/2012 6:03:35 a.m. | Computer Name = TiresaSio-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 10/07/2012 6:03:35 a.m. | Computer Name = TiresaSio-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 10/07/2012 6:03:35 a.m. | Computer Name = TiresaSio-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 10/07/2012 6:05:02 a.m. | Computer Name = TiresaSio-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 10/07/2012 6:05:02 a.m. | Computer Name = TiresaSio-PC | Source = Service Control Manager | ID = 7034

Description =

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.chatzum.com/?q={searchTerms
    IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={9448C3E2-F37B-4890-AA30-C852B4425769}&mid=b122643086e447d0aca9d16fd8dfa08b-3883406bb633ce3b2f3c2d552f90146e8af4ad0f〈=en&ds=cv011&pr=sa&d=2012-04-28 14:55:26&v=11.0.0.9&sap=dsp&q={searchTerms}
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Scrapbook%20Paige/Images/stg_drm.ocx (SpinTop DRM Control)
    [2012/07/06 20:15:05 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\AppData\Local\Conduit
    [2010/05/23 02:18:49 | 000,000,016 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Roaming\qvjsge.dat

    :files
    C:\Program Files\Ask.com
    C:\Program Files\PricePeep
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Hi Maniac :)

Here is the OTL fix log.

All processes killed

Error: Unable to interpret <OTLIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.chatzum.com/?q={searchTermsIE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = PreserveIE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =IE - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={9448C3E2-F37B-4890-AA30-C852B4425769}&mid=b122643086e447d0aca9d16fd8dfa08b-3883406bb633ce3b2f3c2d552f90146e8af4ad0f〈=en&ds=cv011&pr=sa&d=2012-04-28 14:55:26&v=11.0.0.9&sap=dsp&q={searchTerms}O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not foundO2 - BHO: (PricePeep) - {FD6> in the current context!

Error: Unable to interpret <D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll File not foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.O3 - HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not foundO16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Scrapbook%20Paige/Images/stg_drm.ocx (SpinTop DRM Control)[2012/07/06 20:15:05 | 000,000,000 | ---D | C] -- C:\Users\Tiresa Sio\AppData\Local\Conduit[2010/05/23 02:18:49 | 000,000,016 | ---- | C] () -- C:\Users\Tiresa Sio\AppData\Roaming\qvjsge.dat:filesC:\Program Files\Ask.comC:\Program Files\PricePeepipconfig /flus> in the current context!

Error: Unable to interpret <hdns /c:Commands[emptytemp][clearallrestorepoints] > in the current context!

OTL by OldTimer - Version 3.2.53.1 log created on 07112012_124420

Link to post
Share on other sites

Forgot to add.....When OTL ran my AVAST blocked it then it rebooted, wasn't quick enough to allow it. Should I first disable Avast then try again? Or would that ruin what I've done?

Many thanks for your patience and help!!

Yes, please.

Your script was not activated, because every entrie should be on a new line. PLease repeat.

Link to post
Share on other sites

Hi, OTLC ran. Here is the file:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-3800679263-2657678675-3102809212-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3800679263-2657678675-3102809212-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.

Registry value HKEY_USERS\S-1-5-21-3800679263-2657678675-3102809212-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.

Registry value HKEY_USERS\S-1-5-21-3800679263-2657678675-3102809212-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Starting removal of ActiveX control {138E6DC9-722B-4F4B-B09D-95D191869696}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{138E6DC9-722B-4F4B-B09D-95D191869696}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{138E6DC9-722B-4F4B-B09D-95D191869696}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{138E6DC9-722B-4F4B-B09D-95D191869696}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{138E6DC9-722B-4F4B-B09D-95D191869696}\ not found.

Folder C:\Users\Tiresa Sio\AppData\Local\Conduit\ not found.

File C:\Users\Tiresa Sio\AppData\Roaming\qvjsge.dat not found.

========== FILES ==========

File\Folder C:\Program Files\Ask.com not found.

File\Folder C:\Program Files\PricePeep not found.

< pconfig /flushdns /c >

C:\Users\Tiresa Sio\Desktop\cmd.bat deleted successfully.

C:\Users\Tiresa Sio\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Family Use

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: Tiresa Sio

->Temp folder emptied: 2193703 bytes

->Temporary Internet Files folder emptied: 280407298 bytes

->Java cache emptied: 8522850 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 1832960 bytes

->Flash cache emptied: 3147178 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1444577 bytes

RecycleBin emptied: 43076585 bytes

Total Files Cleaned = 325.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07122012_221258

Files\Folders moved on Reboot...

File\Folder C:\Users\Tiresa Sio\AppData\Local\Temp\OICE_BF7EE734-A0B8-4EA4-A54F-D9715496D24E.0\35BEB73E. not found!

File\Folder C:\Users\Tiresa Sio\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SLZYLEXA\hyaeWou8CirR0L04SJkF09bQNJu73bDpw_mPeeD9wbxwPShtCGvtVLsAjVNK3yH4jLUFEC1sCokKJYZoeRMVHcH5BMTQ2AZ7apqjlFSGg8uQ4TjqBO2dZ5i7mlcsmJEJBsfECpvlVbEolm6qvK_ojJrP-TB5ZfIRTSBI[1].gif not found!

File\Folder C:\Users\Tiresa Sio\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NPC5PCA4\ricstabs;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=F;kw=chris+brown+holla+at+me+instrumental;kgg=-1;kcr=nz;dc_dedup=1;kmyd=ad_creative_1;ord=5067802154097920[1].js not found!

C:\Users\Tiresa Sio\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Tiresa Sio\AppData\Local\Temp\OICE_BF7EE734-A0B8-4EA4-A54F-D9715496D24E.0\35BEB73E. not found!

File C:\Users\Tiresa Sio\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SLZYLEXA\hyaeWou8CirR0L04SJkF09bQNJu73bDpw_mPeeD9wbxwPShtCGvtVLsAjVNK3yH4jLUFEC1sCokKJYZoeRMVHcH5BMTQ2AZ7apqjlFSGg8uQ4TjqBO2dZ5i7mlcsmJEJBsfECpvlVbEolm6qvK_ojJrP-TB5ZfIRTSBI[1].gif not found!

File C:\Users\Tiresa Sio\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NPC5PCA4\ricstabs;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=F;kw=chris+brown+holla+at+me+instrumental;kgg=-1;kcr=nz;dc_dedup=1;kmyd=ad_creative_1;ord=5067802154097920[1].js not found!

File C:\Users\Tiresa Sio\AppData\Local\Temp\ehmsas.txt not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hi.

I use Internet Explorer 9 and my home start up page is set yahoo.com. When I go to type in the address bar for a search on something and press enter, it directs me to the chatzum search engine. Instead I now type what I'm trying to search in the address bar and click on the google icon.

I have noticed that my history was not deleted.

However on Chrome (which I've never used until today), theres no problems at all. I can type in the address bar and its goes to where I want it to go, which is to Google. So maybe uninstall internet explorer or dont use it all? Sorry Im not computer savvy.

Thanks

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.