Jump to content
jessekalim

Unable to remove infection - please help!

Recommended Posts

I've never found anything that Malwarebytes anti-malware can't remove - until now. I run it and it finds the virus and removes it, then I restart and if I run it again the virus is still there, a trojan.droppe.bcminer. It appears to redirect any web sites using security certificates - although only in chrome so far.

Anyway, attached are my dds.txt and attach.txt files. Thanks so much for any help you can provide. DDS.txt Attach.txt

Share this post


Link to post
Share on other sites

Hello jessekalim and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

OTL logfile created on: 7/28/2012 9:45:33 AM - Run 1

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jesse\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19120)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.85 Gb Available Physical Memory | 64.19% Memory free

12.19 Gb Paging File | 9.97 Gb Available in Paging File | 81.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581.10 Gb Total Space | 217.43 Gb Free Space | 37.42% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 5.71 Gb Free Space | 38.09% Space Free | Partition Type: NTFS

Drive F: | 607.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive K: | 2328.76 Gb Total Space | 1355.05 Gb Free Space | 58.19% Space Free | Partition Type: NTFS

Computer Name: JESSE-PC | User Name: Jesse | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/28 09:24:19 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jesse\Desktop\OTL.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/01/03 08:23:11 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/03/17 16:53:24 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe

PRC - [2010/02/09 22:16:56 | 000,615,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/07/01 12:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe

PRC - [2009/04/17 10:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2009/02/17 15:59:44 | 000,451,904 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/10/16 20:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe

PRC - [2008/10/16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe

PRC - [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

PRC - [2008/10/16 19:15:38 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe

PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2006/06/27 17:31:50 | 000,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/10 23:13:11 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll

MOD - [2011/08/10 23:12:27 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll

MOD - [2011/08/10 23:12:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll

MOD - [2011/08/10 23:12:09 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll

MOD - [2011/08/10 22:45:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll

MOD - [2011/08/10 22:45:39 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll

MOD - [2011/08/10 22:45:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll

MOD - [2011/08/10 22:44:58 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll

MOD - [2011/08/10 22:44:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll

MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

MOD - [2009/07/01 12:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe

MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2009/04/09 16:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/19 22:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/03/08 20:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV:64bit: - [2009/08/10 19:52:11 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2012/07/20 19:50:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)

SRV - [2010/06/20 20:11:45 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/09 22:16:56 | 000,615,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2009/08/10 19:49:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/04/17 10:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/02/17 15:59:44 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2008/10/16 19:31:12 | 000,906,752 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2008/10/16 19:29:40 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)

SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)

SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/04/19 22:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

DRV:64bit: - [2011/04/19 22:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011/04/19 22:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/19 21:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/30 14:46:30 | 000,111,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/06/20 20:02:32 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2010/04/27 14:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/02/09 22:03:08 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)

DRV:64bit: - [2010/01/24 19:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/09/21 19:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)

DRV:64bit: - [2008/12/18 01:43:24 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)

DRV:64bit: - [2008/12/15 04:37:38 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2008/12/15 01:09:30 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/12/11 04:58:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)

DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)

DRV:64bit: - [2007/02/16 15:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)

DRV - [2010/06/20 20:02:32 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-380697640-1169928113-4134231189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-380697640-1169928113-4134231189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-380697640-1169928113-4134231189-1000\..\SearchScopes,DefaultScope = {105E99FF-8B9A-4492-B155-06194B9056D2}

IE - HKU\S-1-5-21-380697640-1169928113-4134231189-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox

IE - HKU\S-1-5-21-380697640-1169928113-4134231189-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=DLCDF7&PC=MDDC&q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-380697640-1169928113-4134231189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-380697640-1169928113-4134231189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: {ab8568cd-1789-4fc8-a530-218e9eab17e2}:0.2.9

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/10 00:11:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 19:50:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/26 07:20:55 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/10 00:11:11 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{404A69BC-D149-11E1-8270-B8AC6F996F26}: C:\Users\Jesse\AppData\Local\{404A69BC-D149-11E1-8270-B8AC6F996F26}\ [2012/07/18 22:26:59 | 000,000,000 | ---D | M]

[2009/08/01 18:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jesse\AppData\Roaming\Mozilla\Extensions

[2012/04/07 23:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\r4iydhjb.default\extensions

[2011/05/17 21:15:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\r4iydhjb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/07/20 19:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/18 22:26:59 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JESSE\APPDATA\LOCAL\{404A69BC-D149-11E1-8270-B8AC6F996F26}

[2011/06/16 21:08:19 | 000,009,189 | ---- | M] () (No name found) -- C:\USERS\JESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4IYDHJB.DEFAULT\EXTENSIONS\{AB8568CD-1789-4FC8-A530-218E9EAB17E2}.XPI

[2012/04/07 23:41:19 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\JESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4IYDHJB.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI

[2012/07/20 19:50:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2009/09/03 18:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll

[2009/09/03 18:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll

[2012/07/20 19:50:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/07/20 19:50:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPSibelius.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll

CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Webpage Screenshot = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.9.9_0\

CHR - Extension: Google Search = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/12 10:57:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-380697640-1169928113-4134231189-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()

O4 - HKU\S-1-5-21-380697640-1169928113-4134231189-1000..\Run: [mdmsp] C:\Users\Jesse\AppData\Roaming\mdmsp.dll ()

O4 - HKU\S-1-5-21-380697640-1169928113-4134231189-1000..\Run: [qdsvwg] C:\Users\Jesse\AppData\Roaming\qdsvwg.dll (Andrea Electronics Corporation)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-380697640-1169928113-4134231189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-380697640-1169928113-4134231189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)

O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetupstatic.com/applet/MeetUploader_200909.cab (MeetUploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.iac.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6863580-6562-461D-9C1E-AAB0E60F0BFF}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jesse\Wallpapers\empire-state.bmp

O24 - Desktop BackupWallPaper: C:\Users\Jesse\Wallpapers\empire-state.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/08/17 16:29:09 | 001,049,968 | R--- | M] (Microsoft Corporation) - F:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2007/06/19 16:58:38 | 000,000,225 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 09:24:18 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Jesse\Desktop\OTL.exe

[2012/07/20 19:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/07/20 19:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/07/19 06:59:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/07/18 22:32:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/07/18 22:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\{404A69BC-D149-11E1-8270-B8AC6F996F26}

[2012/07/18 22:26:58 | 000,427,520 | ---- | C] (Andrea Electronics Corporation) -- C:\Users\Jesse\AppData\Roaming\qdsvwg.dll

[2012/06/30 00:41:45 | 000,000,000 | ---D | C] -- C:\Users\Jesse\Desktop\GovTribe

[2009/08/06 22:26:17 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Jesse\AppData\Roaming\DataSafeDotNet.exe

[10 C:\Users\Jesse\Desktop\*.tmp files -> C:\Users\Jesse\Desktop\*.tmp -> ]

[1 C:\Users\Jesse\*.tmp files -> C:\Users\Jesse\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/28 09:30:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/28 09:25:39 | 000,000,066 | ---- | M] () -- C:\Users\Jesse\Desktop\Battery Park City Parks Conservancy.URL

[2012/07/28 09:24:19 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jesse\Desktop\OTL.exe

[2012/07/28 08:50:05 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/28 08:50:05 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/28 04:30:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/27 18:56:56 | 000,703,214 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/27 18:56:56 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/27 18:56:56 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/27 18:50:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/27 18:49:49 | 2138,034,175 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/27 08:15:19 | 000,064,512 | ---- | M] () -- C:\Users\Jesse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/26 08:36:22 | 000,000,061 | ---- | M] () -- C:\Users\Jesse\Desktop\When should I re-format How should I reinstall Security DSLReports.com, ISP Information.URL

[2012/07/26 08:36:17 | 000,000,083 | ---- | M] () -- C:\Users\Jesse\Desktop\Unable to remove infection - please help! - Malwarebytes Forum.URL

[2012/07/23 23:18:37 | 000,000,081 | ---- | M] () -- C:\Users\Jesse\Desktop\I'm infected - What do I do now - Malwarebytes Forum.URL

[2012/07/23 22:45:51 | 000,000,680 | ---- | M] () -- C:\Users\Jesse\AppData\Local\d3d9caps.dat

[2012/07/23 08:36:03 | 000,436,736 | ---- | M] () -- C:\Users\Jesse\AppData\Roaming\mdmsp.dll

[2012/07/20 08:23:36 | 000,002,633 | ---- | M] () -- C:\Users\Jesse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk

[2012/07/11 08:25:04 | 000,002,675 | ---- | M] () -- C:\Users\Jesse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[10 C:\Users\Jesse\Desktop\*.tmp files -> C:\Users\Jesse\Desktop\*.tmp -> ]

[1 C:\Users\Jesse\*.tmp files -> C:\Users\Jesse\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/28 09:25:39 | 000,000,066 | ---- | C] () -- C:\Users\Jesse\Desktop\Battery Park City Parks Conservancy.URL

[2012/07/28 07:26:21 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\00000008.@

[2012/07/26 08:36:22 | 000,000,061 | ---- | C] () -- C:\Users\Jesse\Desktop\When should I re-format How should I reinstall Security DSLReports.com, ISP Information.URL

[2012/07/26 08:36:17 | 000,000,083 | ---- | C] () -- C:\Users\Jesse\Desktop\Unable to remove infection - please help! - Malwarebytes Forum.URL

[2012/07/23 23:18:37 | 000,000,081 | ---- | C] () -- C:\Users\Jesse\Desktop\I'm infected - What do I do now - Malwarebytes Forum.URL

[2012/07/23 08:36:02 | 000,436,736 | ---- | C] () -- C:\Users\Jesse\AppData\Roaming\mdmsp.dll

[2012/07/18 22:26:50 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\80000064.@

[2012/07/18 22:26:50 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\L\00000004.@

[2012/07/18 22:26:49 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\80000032.@

[2012/07/18 22:26:48 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\80000000.@

[2012/07/18 22:26:48 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\00000004.@

[2012/07/18 22:26:48 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\000000cb.@

[2012/06/09 18:52:43 | 000,000,049 | ---- | C] () -- C:\Users\Jesse\home - MeetingLife.url

[2012/04/24 19:56:15 | 000,461,734 | ---- | C] () -- C:\Users\Jesse\Scrum_Diagram.pdf

[2012/03/21 00:54:50 | 000,000,059 | ---- | C] () -- C:\Users\Jesse\A Good Company™.url

[2012/03/18 13:18:34 | 000,000,049 | ---- | C] () -- C:\Users\Jesse\Grind - Work Liquid - A workspace for free-range humans.url

[2012/03/10 19:34:49 | 000,000,074 | ---- | C] () -- C:\Users\Jesse\Uber - New York City.url

[2012/01/21 01:41:42 | 000,000,048 | ---- | C] () -- C:\Users\Jesse\JL Tree Services - Tree Removal, Tree Care, Experts, Trimming & Cutting VA MD DC.url

[2012/01/04 10:07:55 | 000,000,046 | ---- | C] () -- C:\Users\Jesse\Tuts+ Premium - The best way to learn creative and technical skills..url

[2011/12/20 16:29:34 | 000,000,056 | ---- | C] () -- C:\Users\Jesse\Sleep No More.url

[2011/12/20 16:26:38 | 000,000,085 | ---- | C] () -- C:\Users\Jesse\Adobe - Support- Certify today — become an ACE.url

[2011/12/07 01:10:48 | 000,000,050 | ---- | C] () -- C:\Users\Jesse\joyburgerbar.com.url

[2011/11/14 10:23:37 | 000,000,054 | ---- | C] () -- C:\Users\Jesse\Comics Experience with Andy Schmidt.url

[2011/11/05 09:15:15 | 000,000,051 | ---- | C] () -- C:\Users\Jesse\Storm King Art Center.URL

[2011/11/05 09:15:05 | 000,008,469 | ---- | C] () -- C:\Users\Jesse\41598

[2011/10/15 22:20:04 | 000,100,808 | ---- | C] () -- C:\Users\Jesse\vistaprint.JPG

[2011/10/13 08:02:14 | 000,000,108 | ---- | C] () -- C:\Users\Jesse\FearLess Revolution - FearLess Blog - A Field Guide to Closing Your Bank Account.url

[2011/09/10 18:53:01 | 000,077,496 | ---- | C] () -- C:\Users\Jesse\adwords-error2.JPG

[2011/09/10 18:52:18 | 000,074,636 | ---- | C] () -- C:\Users\Jesse\adwords-error1.JPG

[2011/06/30 21:11:47 | 002,861,439 | ---- | C] () -- C:\Users\Jesse\puzzle2.jpg

[2011/06/30 21:11:47 | 001,496,052 | ---- | C] () -- C:\Users\Jesse\puzzle1.jpg

[2011/06/30 21:11:45 | 000,000,073 | ---- | C] () -- C:\Users\Jesse\Fancy Hands - Subscribe.URL

[2011/06/30 21:11:45 | 000,000,044 | ---- | C] () -- C:\Users\Jesse\Flattr.URL

[2011/06/30 21:09:05 | 000,000,065 | ---- | C] () -- C:\Users\Jesse\Narrowing the Social Web, Remember when the web was small Not anymore. Overwhelmed users are now looking for ways to curate .URL

[2011/06/13 14:23:16 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/06/13 14:23:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/06/13 14:23:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/06/13 14:23:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/06/13 14:23:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/05/26 17:22:33 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\@

[2011/05/26 17:22:33 | 000,002,048 | -HS- | C] () -- C:\Users\Jesse\AppData\Local\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\@

[2011/05/17 19:37:57 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~42196728r

[2011/05/17 19:37:57 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~42196728

[2011/05/17 19:37:18 | 000,000,392 | -H-- | C] () -- C:\ProgramData\42196728

[2011/05/15 12:11:49 | 000,000,085 | ---- | C] () -- C:\Users\Jesse\Adobe Photoshop CS4 Keyboard Shortcuts.URL

[2011/05/05 01:28:10 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011/04/11 23:51:44 | 000,809,134 | ---- | C] () -- C:\Users\Jesse\ConciergeStandard.pdf

[2011/04/11 23:39:56 | 000,777,318 | ---- | C] () -- C:\Users\Jesse\Verizon1.pdf

[2011/03/30 00:00:55 | 000,000,064 | ---- | C] () -- C:\Users\Jesse\Way Basics Cubes, Way Basics Storage & Way Basics Table YLiving.URL

[2011/03/30 00:00:11 | 000,000,121 | ---- | C] () -- C:\Users\Jesse\Cube Plus Shelving, Cube Plus Bookcase & Way Basics Cube Plus YLiving.URL

[2011/03/29 23:59:59 | 000,000,143 | ---- | C] () -- C:\Users\Jesse\Amazon.com Way Basics Eco Storage Cube, Green Furniture & Decor.URL

[2011/03/29 23:59:50 | 000,000,077 | ---- | C] () -- C:\Users\Jesse\IKEA Living room storage Bookcases EXPEDIT Bookcase.URL

[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/03/06 19:47:41 | 000,000,069 | ---- | C] () -- C:\Users\Jesse\Current Exhibits MoCCA.URL

[2011/03/01 01:27:51 | 000,000,116 | ---- | C] () -- C:\Users\Jesse\Even dystopias have their perks 19 redeeming qualities for hellish futures Film Inventory The A.V. Club.URL

[2011/01/18 14:05:48 | 000,000,067 | ---- | C] () -- C:\Users\Jesse\nice logo portfolio.URL

[2011/01/08 21:54:12 | 000,591,381 | ---- | C] () -- C:\Users\Jesse\10.jpg

[2010/12/23 22:52:46 | 000,225,936 | ---- | C] () -- C:\Users\Jesse\worst-popup-ever.JPG

[2010/12/19 03:02:10 | 000,000,094 | ---- | C] () -- C:\Users\Jesse\180s Tec Touch Gloves.URL

[2010/11/11 08:43:39 | 000,000,072 | ---- | C] () -- C:\Users\Jesse\msnbc video WTF has Obama done so far.URL

[2010/08/12 18:33:29 | 000,065,958 | ---- | C] () -- C:\Users\Jesse\banner_takeaction.gif

[2010/07/18 03:35:24 | 000,000,049 | ---- | C] () -- C:\Users\Jesse\CollageWall - Turn your digital photos into a living work of art..URL

[2010/07/13 17:00:41 | 000,000,115 | ---- | C] () -- C:\Users\Jesse\Walking Off the Big Apple Connect the Dots A Self-Guided Walk to Public Art in Lower Manhattan.URL

[2010/07/13 16:59:57 | 000,000,112 | ---- | C] () -- C:\Users\Jesse\Walking Off the Big Apple Drawing Sessions The Walk-In Ateliers of New York.URL

[2010/07/13 16:58:55 | 000,000,112 | ---- | C] () -- C:\Users\Jesse\Walking Off the Big Apple After Walking, A Place to Sit Greenacre Park, E. 51st.URL

[2010/07/13 16:58:47 | 000,000,101 | ---- | C] () -- C:\Users\Jesse\Walking Off the Big Apple Inside the Daily Planet.URL

[2010/07/11 15:22:29 | 000,028,968 | ---- | C] () -- C:\Users\Jesse\Raarrrgh.jpg

[2010/06/25 09:46:25 | 000,000,052 | ---- | C] () -- C:\Users\Jesse\Ursus Books and Prints.URL

[2010/06/23 21:37:38 | 001,368,683 | ---- | C] () -- C:\Users\Jesse\Flickr-old-v-new.jpg

[2010/06/15 13:08:10 | 000,000,070 | ---- | C] () -- C:\Users\Jesse\Indie Store Finder IndieBound.URL

[2010/05/21 16:18:24 | 000,000,041 | ---- | C] () -- C:\Users\Jesse\Spot.us - Home.URL

[2010/04/03 17:28:13 | 000,005,115 | -H-- | C] () -- C:\ProgramData\kbkwknay.ayh

[2010/02/27 08:21:55 | 000,051,999 | ---- | C] () -- C:\Users\Jesse\14638_179311891327_670461327_2938440_6890109_n.jpg

[2010/01/18 14:27:38 | 000,000,115 | ---- | C] () -- C:\Users\Jesse\Name Badge Labels 3-38 x 2-13 Name Tag Labelsl. Blank labels for inkjet and laser printers - By Size.URL

[2010/01/10 02:51:42 | 000,000,098 | ---- | C] () -- C:\Users\Jesse\Urban Center Books.URL

[2009/12/07 09:37:26 | 000,000,055 | ---- | C] () -- C:\Users\Jesse\Your Blogging Assistant Zemanta Ltd..URL

[2009/11/29 20:05:08 | 000,000,064 | ---- | C] () -- C:\Users\Jesse\Puzzle Order Form.URL

[2009/11/27 14:38:12 | 000,425,233 | ---- | C] () -- C:\Users\Jesse\clusternews1209.PDF

[2009/11/22 17:20:17 | 000,000,087 | ---- | C] () -- C:\Users\Jesse\Add Comments to Website.URL

[2009/11/02 20:42:59 | 000,000,600 | ---- | C] () -- C:\Users\Jesse\AppData\Local\PUTTY.RND

[2009/11/02 02:45:30 | 000,000,680 | ---- | C] () -- C:\Users\Jesse\AppData\Local\d3d9caps.dat

[2009/10/23 07:06:48 | 000,233,181 | ---- | C] () -- C:\Users\Jesse\tumblr_krxs6iS2CL1qzukvb.htm

[2009/08/25 21:38:19 | 000,000,063 | ---- | C] () -- C:\Users\Jesse\Winamp Media Player Features and Other Winamp Releases - Download Winamp Media Player for Free.URL

[2009/08/15 23:04:54 | 000,000,056 | ---- | C] () -- C:\Users\Jesse\Manhattan books.URL

[2009/08/12 00:18:09 | 000,000,103 | ---- | C] () -- C:\Users\Jesse\FontSeeker.ini

[2009/08/12 00:17:19 | 000,207,872 | ---- | C] () -- C:\Program Files\FontSeeker.exe

[2009/08/01 16:47:27 | 000,064,512 | ---- | C] () -- C:\Users\Jesse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/01 16:25:23 | 000,000,068 | ---- | C] () -- C:\Users\Jesse\YouTube - M4K '08 DOCUMENTARY.URL

[2009/08/01 16:25:22 | 008,573,822 | ---- | C] () -- C:\Users\Jesse\webtrendmap2008A3.pdf

[2009/08/01 16:25:21 | 003,174,165 | ---- | C] () -- C:\Users\Jesse\voice.zip

[2009/08/01 16:25:20 | 000,106,072 | ---- | C] () -- C:\Users\Jesse\url.htm

[2009/08/01 16:25:19 | 000,000,180 | ---- | C] () -- C:\Users\Jesse\tt0808399.url

[2009/08/01 16:25:19 | 000,000,092 | ---- | C] () -- C:\Users\Jesse\Tubearoo - The World's Video Network.URL

[2009/08/01 16:25:17 | 000,000,387 | ---- | C] () -- C:\Users\Jesse\SkyMall - Cool gifts, gadgets, & home innovations from the airline catalog.url

[2009/08/01 16:25:17 | 000,000,058 | ---- | C] () -- C:\Users\Jesse\SketchCrawl ! - drawing marathons from around the world.URL

[2009/08/01 16:25:13 | 001,768,092 | ---- | C] () -- C:\Users\Jesse\posterSILK2.pdf

[2009/08/01 16:25:13 | 000,048,026 | ---- | C] () -- C:\Users\Jesse\SafeRedirect.aspx

[2009/08/01 16:25:13 | 000,000,063 | ---- | C] () -- C:\Users\Jesse\ROXIK PICTAPS.URL

[2009/08/01 16:25:12 | 000,000,065 | ---- | C] () -- C:\Users\Jesse\New York CityMap.URL

[2009/08/01 16:25:05 | 000,585,728 | ---- | C] () -- C:\Users\Jesse\Library.indl

[2009/08/01 16:25:05 | 000,000,140 | ---- | C] () -- C:\Users\Jesse\Life Drawing in New York City at Spring Studio-Figure Drawing Classes-Sketch Sessions.url

[2009/08/01 16:25:04 | 000,050,551 | ---- | C] () -- C:\Users\Jesse\ia66r6Az42OSSVSQTTOQPVUPRPR.htm

[2009/08/01 16:25:04 | 000,000,147 | ---- | C] () -- C:\Users\Jesse\Independent Bookstores in New York (Bookstores in New York).url

[2009/08/01 16:25:01 | 000,000,316 | ---- | C] () -- C:\Users\Jesse\GandhiServe Foundation - Mahatma Gandhi Store CD-ROMS 0201.url

[2009/08/01 16:24:59 | 000,001,743 | ---- | C] () -- C:\Users\Jesse\cover.gif

[2009/08/01 16:24:59 | 000,000,297 | ---- | C] () -- C:\Users\Jesse\Cliff Pieces.url

[2009/08/01 16:24:56 | 006,808,658 | ---- | C] () -- C:\Users\Jesse\border.zip

[[2009/08/01 16:24:56 | 000,000,189 | ---- | C] () -- C:\Users\Jesse\BookCourt.url

[2009/08/01 16:24:55 | 000,000,737 | ---- | C] () -- C:\Users\Jesse\Avidemux 2.4 Qt4.lnk

[2009/08/01 16:24:45 | 000,090,038 | ---- | C] () -- C:\Users\Jesse\13webcover395.1

[2008/09/24 12:41:38 | 000,000,166 | ---- | C] () -- C:\Users\Jesse\Wordle - Create.url

[2008/03/14 11:01:32 | 000,000,182 | ---- | C] () -- C:\Users\Jesse\UNdata.url

========== LOP Check ==========

[2012/03/26 23:56:04 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\.purple

[2009/08/05 20:40:52 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\acccore

[2009/08/29 14:46:57 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\Amazon

[2010/04/03 17:18:41 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\AnvSoft

[2009/10/14 01:55:37 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\Any Video Converter

[2010/04/18 19:28:37 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\Auslogics

[2009/11/29 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\avidemux

[2012/03/03 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1

[2012/06/16 17:56:15 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\CCS64

[2011/05/19 22:31:43 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\com.amazon.music.uploader

[2011/05/17 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\gtk-2.0

[2010/09/03 08:24:45 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\Juniper Networks

[2010/04/03 17:28:15 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\MOVAVI

[2009/08/30 01:44:22 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\NCH Swift Sound

[2009/08/12 07:33:04 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\STOIK

[2011/05/17 21:15:01 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\TechWizard

[2011/06/20 22:04:50 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\uTorrent

[2012/07/27 08:39:41 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

OTL Extras logfile created on: 7/28/2012 9:45:33 AM - Run 1

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jesse\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19120)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.85 Gb Available Physical Memory | 64.19% Memory free

12.19 Gb Paging File | 9.97 Gb Available in Paging File | 81.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581.10 Gb Total Space | 217.43 Gb Free Space | 37.42% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 5.71 Gb Free Space | 38.09% Space Free | Partition Type: NTFS

Drive F: | 607.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive K: | 2328.76 Gb Total Space | 1355.05 Gb Free Space | 58.19% Space Free | Partition Type: NTFS

Computer Name: JESSE-PC | User Name: Jesse | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-380697640-1169928113-4134231189-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse in Ember] -- C:\Program Files (x86)\Firehand Technologies\Ember\Ember.exe %1 (Firehand Technologies Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse in Ember] -- C:\Program Files (x86)\Firehand Technologies\Ember\Ember.exe %1 (Firehand Technologies Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 00 10 42 60 E2 90 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1ABF311C-6AA8-B234-196A-6DEE5A43E34A}" = ccc-utility64

"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java 6 Update 13 (64-bit)

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{4044201A-8576-2999-1166-96C5593F3CFF}" = ATI Catalyst Install Manager

"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{68451E5C-0A9C-4D5C-8D06-6E296242E908}" = 64 Bit HP CIO Components Installer

"{6AE1CCC4-E49F-4107-BBCA-7B5984F47AE1}" = Network64

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64

"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes

"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4

"{E4C229B2-51E3-49E7-3A42-A3B695B4E56E}" = ccc-utility64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock

"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series

"HP Document Manager" = HP Document Manager 2.0

"HP Imaging Device Functions" = HP Imaging Device Functions 12.0

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0

"HPOCR" = OCR Software by I.R.I.S. 12.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{04D5E56E-F323-27F2-C075-EF1AE9A3CF2B}" = Catalyst Control Center Graphics Light

"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{07288267-318E-9B78-B04E-984F9149EE24}" = Catalyst Control Center Graphics Previews Common

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0B23ACC5-88A6-FEE4-0131-8777A1BA0B68}" = Catalyst Control Center Graphics Previews Vista

"{0CD81D7E-94E2-D230-E37E-C9B16E90D01C}" = CCC Help Italian

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{150493B7-B59F-C677-F3AD-67C7E97CAAAF}" = Adobe Help Viewer 2

"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16A7FAD8-EE4F-C413-8359-833A3B2D39FB}" = CCC Help Portuguese

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{18364179-C5E5-F826-E2FC-D99D575AF997}" = Catalyst Control Center Localization All

"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding

"{19C7BF26-FF3F-4B74-ACA0-57F223928E01}_is1" = Wondershare PDF Converter (Build 2.6.0)

"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server

"{1D643CD0-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004

"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4

"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{259E2290-D6AF-B47E-DF86-E2A7381DBA2E}" = Balsamiq Mockups For Desktop

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 29

"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack

"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar

"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{418D5410-7A7B-315F-0CF9-A76BC6C131DC}" = Catalyst Control Center InstallProxy

"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{47C72DA6-E7AC-984C-5475-15A65F9B41BE}" = Catalyst Control Center Graphics Full New

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4

"{4A918155-6399-4673-0D08-85A0DBEC1389}" = CCC Help Chinese Traditional

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant

"{537791BE-B032-D116-0C59-13541E17BFEA}" = CCC Help English

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{6201BACA-81B5-8AB0-3B93-0F76BB6F4389}" = CCC Help English

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{66DAE8D7-D5F7-462F-5815-102EE4B191C4}" = CCC Help Korean

"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini

"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers

"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{720E93BE-744E-225B-786F-227C2677352F}" = Catalyst Control Center Graphics Previews Common

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{73B72B3B-AD7D-EC96-26BA-03A80B98882A}" = FlipShare

"{763B809A-6874-5979-CD69-39491392262C}" = Catalyst Control Center InstallProxy

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en

"{7B63B2922B174135AFC0E1377DD81EC2}" =

"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7DE1AE26-8599-4378-9F17-328B5A3984A4}" = Sibelius Scorch (Firefox, Opera, Netscape only)

"{7FE440D8-8F16-24CA-81B6-7DEB4D6BF92D}" = CCC Help Hungarian

"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting

"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{88D3B829-DBA4-D839-33BF-9A5794CC21EB}" = CCC Help Chinese Standard

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack

"{8D59169D-E45E-4861-9CB4-211075665FDD}" = Movavi Video Converter 9

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement

"{9044B9A5-B7D7-3EA2-B20B-49A47853D62F}" = CCC Help Spanish

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007

"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter

"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One

"{9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}" = Amazon MP3 Uploader

"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan

"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant

"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC

"{A0524B49-9798-4EFB-A392-06C18BEC7432}" = Vz In Home Agent

"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup

"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding

"{A7F37935-A880-8657-79CE-F98BF3A358E1}" = CCC Help Turkish

"{A8DF8593-F619-47DE-AD27-BCABF233433A}" = STOIK Video Converter 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B297076F-905F-7E13-57EF-7D254EBB7589}" = CCC Help Japanese

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.9

"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer

"{D1B8C6AC-C4F8-E8AF-E157-AF3E16B97903}" = CCC Help French

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D7B96D96-D9F4-40B7-B913-3D50BDD87C6F}" = Suite Shared Configuration CS4

"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials

"{DC702FC1-4746-CD99-0578-02839474C2F8}" = Skins

"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs

"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E59145A6-2D21-9E5C-6551-ACA2539CDE50}" = ccc-core-static

"{E89371A0-2FCD-F518-EECB-09AB27724CEE}" = CCC Help German

"{E975F19C-C852-5DF8-BC76-E88359CB82DF}" = Catalyst Control Center

"{ED06F22F-DADB-E713-2E49-EEB154950285}" = Catalyst Control Center Graphics Full Existing

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{EE35B247-F872-4FFD-BCD1-1970C7E86C84}" = GPS Image Tracker

"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax

"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help

"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2

"{F6706DF9-B0B6-8496-F302-BF511197A32F}" = Catalyst Control Center Core Implementation

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4

"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery

"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5

"Any Video Converter_is1" = Any Video Converter 3.0.4

"Avidemux 2.5" = Avidemux 2.5

"BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop

"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"com.amazon.music.uploader" = Amazon MP3 Uploader

"Dell Video Chat" = Dell Video Chat

"Digital Editions" = Adobe Digital Editions

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup" = DivX Setup

"Firehand Ember" = Firehand Ember

"FlasKMPEG" = FlasKMPEG (remove only)

"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0

"Google Chrome" = Google Chrome

"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Pidgin" = Pidgin

"Switch" = Switch Sound File Converter

"Verizon Help and Support" = Verizon Help and Support Tool

"VISSTDR" = Microsoft Office Visio Standard 2007

"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 6.1

"Wacom Tablet Driver" = Wacom Tablet

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"Winamp" = Winamp

"WinLiveSuite_Wave3" = Windows Live Essentials

"Yahoo! Widget Engine" = Yahoo! Widgets

"YInstHelper" = Yahoo! Install Manager

"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-380697640-1169928113-4134231189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"309a46b1dc89b774" = Dell Driver Download Manager

"Amazon Kindle" = Amazon Kindle

"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/20/2012 7:49:48 PM | Computer Name = Jesse-PC | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp

0x47918b89, faulting module mshtml.dll, version 8.0.6001.19120, time stamp 0x4e2aaa35,

exception code 0xc00000fd, fault offset 0x0017f7d5, process id 0x1b9c, application

start time 0x01cd66d23558fe6f.

Error - 7/21/2012 2:10:56 AM | Computer Name = Jesse-PC | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp

0x47918b89, faulting module mshtml.dll, version 8.0.6001.19120, time stamp 0x4e2aaa35,

exception code 0xc00000fd, fault offset 0x001800f9, process id 0x16bc, application

start time 0x01cd6705a781059f.

Error - 7/22/2012 4:23:20 PM | Computer Name = Jesse-PC | Source = Application Error | ID = 1000

Description = Faulting application ins60E3.tmp, version 3.0.0.0, time stamp 0x40daa4fa,

faulting module ins60E3.tmp, version 3.0.0.0, time stamp 0x40daa4fa, exception

code 0xc0000005, fault offset 0x00058b9e, process id 0x600, application start time

0x01cd6847b6ab0380.

Error - 7/23/2012 3:41:15 AM | Computer Name = Jesse-PC | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp

0x47918b89, faulting module mshtml.dll, version 8.0.6001.19120, time stamp 0x4e2aaa35,

exception code 0xc00000fd, fault offset 0x00181ae8, process id 0x1808, application

start time 0x01cd68a66ffb4350.

Error - 7/23/2012 8:14:33 AM | Computer Name = Jesse-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/23/2012 8:33:47 AM | Computer Name = Jesse-PC | Source = SideBySide | ID = 16842830

Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat

9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 7/23/2012 8:35:35 AM | Computer Name = Jesse-PC | Source = MsiInstaller | ID = 11706

Description =

Error - 7/23/2012 8:35:39 AM | Computer Name = Jesse-PC | Source = MsiInstaller | ID = 11706

Description =

Error - 7/23/2012 8:35:47 AM | Computer Name = Jesse-PC | Source = MsiInstaller | ID = 11706

Description =

Error - 7/23/2012 8:35:48 AM | Computer Name = Jesse-PC | Source = MsiInstaller | ID = 11706

Description =

[ System Events ]

Error - 7/28/2012 9:43:02 AM | Computer Name = Jesse-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 7/28/2012 9:43:19 AM | Computer Name = Jesse-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 7/28/2012 9:43:25 AM | Computer Name = Jesse-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 7/28/2012 9:43:31 AM | Computer Name = Jesse-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 7/28/2012 9:44:04 AM | Computer Name = Jesse-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 7/28/2012 9:44:36 AM | Computer Name = Jesse-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 7/28/2012 9:44:41 AM | Computer Name = Jesse-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 7/28/2012 9:45:23 AM | Computer Name = Jesse-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 7/28/2012 9:46:34 AM | Computer Name = Jesse-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 7/28/2012 9:52:58 AM | Computer Name = Jesse-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk1\DR1, has a bad block.

< End of report >

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKU\S-1-5-21-380697640-1169928113-4134231189-1000..\Run: [mdmsp] C:\Users\Jesse\AppData\Roaming\mdmsp.dll ()
    O4 - HKU\S-1-5-21-380697640-1169928113-4134231189-1000..\Run: [qdsvwg] C:\Users\Jesse\AppData\Roaming\qdsvwg.dll (Andrea Electronics Corporation)
    [2012/07/23 08:36:03 | 000,436,736 | ---- | M] () -- C:\Users\Jesse\AppData\Roaming\mdmsp.dll
    [2012/07/28 07:26:21 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\00000008.@
    [2012/07/18 22:26:50 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\80000064.@
    [2012/07/18 22:26:50 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\L\00000004.@
    [2012/07/18 22:26:49 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\80000032.@
    [2012/07/18 22:26:48 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\80000000.@
    [2012/07/18 22:26:48 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\00000004.@
    [2012/07/18 22:26:48 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\000000cb.@
    [2011/05/26 17:22:33 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\@
    [2011/05/26 17:22:33 | 000,002,048 | -HS- | C] () -- C:\Users\Jesse\AppData\Local\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\@
    [2011/05/17 19:37:57 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~42196728r
    [2011/05/17 19:37:57 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~42196728
    [2011/05/17 19:37:18 | 000,000,392 | -H-- | C] () -- C:\ProgramData\42196728
    [2010/04/03 17:28:13 | 000,005,115 | -H-- | C] () -- C:\ProgramData\kbkwknay.ayh

    :files
    C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}
    C:\Users\Jesse\AppData\Local\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}
    C:\Users\Jesse\AppData\Roaming\mdmsp.dll
    C:\Users\Jesse\AppData\Roaming\qdsvwg.dll
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-380697640-1169928113-4134231189-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mdmsp deleted successfully.

C:\Users\Jesse\AppData\Roaming\mdmsp.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-380697640-1169928113-4134231189-1000\Software\Microsoft\Windows\CurrentVersion\Run\\qdsvwg deleted successfully.

C:\Users\Jesse\AppData\Roaming\qdsvwg.dll moved successfully.

File C:\Users\Jesse\AppData\Roaming\mdmsp.dll not found.

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\00000008.@ moved successfully.

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\80000064.@ moved successfully.

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\L\00000004.@ moved successfully.

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\80000032.@ moved successfully.

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\80000000.@ moved successfully.

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\00000004.@ moved successfully.

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\@ moved successfully.

C:\Users\Jesse\AppData\Local\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\@ moved successfully.

C:\ProgramData\~42196728r moved successfully.

C:\ProgramData\~42196728 moved successfully.

C:\ProgramData\42196728 moved successfully.

C:\ProgramData\kbkwknay.ayh moved successfully.

========== FILES ==========

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U folder moved successfully.

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a} scheduled to be moved on reboot.

C:\Users\Jesse\AppData\Local\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U folder moved successfully.

C:\Users\Jesse\AppData\Local\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\L folder moved successfully.

C:\Users\Jesse\AppData\Local\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a} folder moved successfully.

File\Folder C:\Users\Jesse\AppData\Roaming\mdmsp.dll not found.

File\Folder C:\Users\Jesse\AppData\Roaming\qdsvwg.dll not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Jesse\Desktop\cmd.bat deleted successfully.

C:\Users\Jesse\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jesse

->Temp folder emptied: 345589487 bytes

->Temporary Internet Files folder emptied: 2290170957 bytes

->Java cache emptied: 45142447 bytes

->FireFox cache emptied: 573212707 bytes

->Google Chrome cache emptied: 509919879 bytes

->Flash cache emptied: 2098598 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 299465295 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 388715 bytes

Total Files Cleaned = 3,878.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 07302012_065031

Files\Folders moved on Reboot...

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a}\U folder moved successfully.

C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a} folder moved successfully.

File\Folder C:\Windows\temp\fla32EC.tmp not found!

File\Folder C:\Windows\temp\flaDF6F.tmp not found!

PendingFileRenameOperations files...

File C:\Windows\Installer\{d1eb7405-c273-0c1d-2b4e-fa4adb4b1a2a} not found!

File C:\Windows\temp\fla32EC.tmp not found!

File C:\Windows\temp\flaDF6F.tmp not found!

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Great! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe | c:\windows\system32\services.exe

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 12-07-30.03 - Jesse 08/02/2012 7:39.3.8 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.3351 [GMT -4:00]

Running from: c:\users\Jesse\Desktop\ComboFix.exe

Command switches used :: c:\users\Jesse\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --> c:\windows\system32\services.exe

.

((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))

.

.

2012-08-02 11:48 . 2012-08-02 11:48 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-08-02 11:48 . 2012-08-02 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-19 10:59 . 2012-07-19 10:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-19 10:59 . 2012-07-19 10:59 -------- d-----w- c:\windows\system32\Macromed

2012-07-19 02:32 . 2012-07-19 02:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-19 02:26 . 2012-07-19 02:26 -------- d-----w- c:\users\Jesse\AppData\Local\{404A69BC-D149-11E1-8270-B8AC6F996F26}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-19 10:59 . 2011-05-26 21:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 17:46 . 2011-06-24 02:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:19 . 2012-06-22 12:35 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 12:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 12:35 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 12:35 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 12:35 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-02 22:19 . 2012-06-22 12:35 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-22 12:35 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-02 22:15 . 2012-06-22 12:35 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 12:35 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 22:12 . 2012-06-22 12:35 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-02 19:19 . 2012-06-22 12:35 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:19 . 2012-06-22 12:35 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 12:35 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 19:12 . 2012-06-22 12:35 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2009-08-12 04:17 . 2009-08-12 04:17 207872 ----a-w- c:\program files\FontSeeker.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2012-07-31_17.29.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 02:23 . 2012-08-02 11:53 64424 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2012-08-02 11:53 79152 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-08-01 06:30 . 2012-08-02 11:53 12524 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-380697640-1169928113-4134231189-1000_UserData.bin

- 2009-07-29 14:20 . 2012-07-31 13:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-29 14:20 . 2012-08-02 11:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-07-31 11:18 . 2012-07-31 13:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-07-31 11:18 . 2012-08-02 11:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-29 19:06 . 2012-07-31 13:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-29 19:06 . 2012-08-02 11:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-19 03:47 . 2012-08-02 11:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-19 03:47 . 2012-07-31 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-19 03:47 . 2012-08-02 11:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-19 03:47 . 2012-07-31 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-03-27 04:00 . 2012-07-31 13:03 3699 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat

+ 2012-03-27 04:00 . 2012-08-02 11:50 3699 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat

+ 2012-08-02 11:50 . 2012-08-02 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-31 13:03 . 2012-07-31 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-02 11:50 . 2012-08-02 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-31 13:03 . 2012-07-31 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-01-21 03:20 . 2012-07-31 13:03 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2012-08-02 11:50 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-06-01 02:05 . 2012-08-02 11:48 594920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-06-01 02:05 . 2012-07-31 13:01 594920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2008-01-21 03:20 . 2012-08-02 11:50 6242304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2012-07-31 13:03 6242304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2012-07-31 13:03 3751936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2012-08-02 11:50 3751936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-06-24 05:47 . 2012-08-02 11:48 23092064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-380697640-1169928113-4134231189-1000-8192.dat

- 2011-06-24 05:47 . 2012-07-31 13:01 23092064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-380697640-1169928113-4134231189-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-06-21 611712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-8-12 229376]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-06-21 288112]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 03:55]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 03:55]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 3432448]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\r4iydhjb.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-380697640-1169928113-4134231189-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED577914-FBB8-1996-70F3-94DD56F3DDBC}*]

"haaamfebfdpgejli"=hex:6a,61,67,6b,6e,63,66,66,69,66,68,6f,67,68,66,6a,67,6d,

68,64,00,00

"gahplheajbldbb"=hex:61,63,6d,6a,6e,67,6a,6c,70,6b,68,6c,6d,6b,6d,6f,67,70,6b,

6b,6c,61,67,6e,69,6b,63,6d,69,6c,66,6e,6b,6e,66,6e,61,6e,62,6f,6d,69,6a,67,\

"iagbkdcdjkjjkefjmg"=hex:6a,61,67,6b,6e,63,66,66,69,66,68,6f,67,68,66,6a,67,6d,

68,64,00,00

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Dell\DellDock\DockLogin.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe

c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe

c:\progra~2\HEWLET~1\DIGITA~1\PRODUC~1\bin\hprblog.exe

c:\windows\syswow64\MsiExec.exe

.

**************************************************************************

.

Completion time: 2012-08-02 08:00:59 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-02 12:00

ComboFix2.txt 2012-07-31 17:32

ComboFix3.txt 2011-06-13 18:49

.

Pre-Run: 235,422,879,744 bytes free

Post-Run: 235,692,605,440 bytes free

.

- - End Of File - - BB86133A763DE748711C0B9C41F278AB

Share this post


Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

The scanner said it found and removed 20 items. The log file was really short:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.