View Full Version : Fraud.WindowsProtectionSuite not able to remove
ShadowStar
2010-10-12, 05:25
I have run all the scans that the sticky asked and backed up my system. These two items are very stubborn and I can not get them removed. If anyone could help me I would be most appreciative.
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
4-open-davinci.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securitysoftwarepayments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
privatesecuredpayments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.privatesecuredpayments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
getantivirusplusnow.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getantivirusplusnow.com=74.125.45.100 (http://www.getantivirusplusnow.com=74.125.45.100)
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100 (http://www.secure-plus-payments.com=74.125.45.100)
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getavplusnow.com=74.125.45.100 (http://www.getavplusnow.com=74.125.45.100)
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
safebrowsing-cache.google.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
urs.microsoft.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100 (http://www.securesoftwarebill.com=74.125.45.100)
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
protected.maxisoftwaremart.com=74.125.45.100
Microsoft.Windows.RedirectedHosts: [SBI $B89FBA81] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100 (http://www.securesoftwarebill.com=74.125.45.100)
Microsoft.Windows.RedirectedHosts: [SBI $19781685] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100
Microsoft.Windows.RedirectedHosts: [SBI $CEFF52BA] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-10-07 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-08-24 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-09-22 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-27 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-08-31 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-10-05 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-05 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-27 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-09-28 Includes\TrojansC-02.sbi (*)
2010-07-28 Includes\TrojansC-03.sbi (*)
2010-09-28 Includes\TrojansC-04.sbi (*)
2010-10-05 Includes\TrojansC-05.sbi (*)
2010-09-13 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
dds Text Log
DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Angel at 22:01:01.00 on Mon 10/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2030 [GMT -4:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Starfield\offSyncService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Angel\AppData\Local\Starfield\starfieldupdate.exe
C:\Users\Angel\AppData\Local\Starfield\wben.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Common Files\Craftsman\CSU\CSUClient.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\agent\bin\bcont_nm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Angel\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
mWinlogon: Userinit=C:\Windows\system32\userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Orb] "C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe" /background
uRun: [Starfield Updater] "C:\Users\Angel\AppData\Local\Starfield\starfieldupdate.exe"
uRun: [wben] "C:\Users\Angel\AppData\Local\Starfield\wben.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HPCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Angel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CRAFTS~1.LNK - C:\Program Files (x86)\Common Files\Craftsman\CSU\CSUClient.exe
StartupFolder: C:\Users\Angel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Angel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
IFEO: image file execution options - svchost.exe
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
IFEO-X64: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: network.proxy.type - 4
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{8567a644-e36c-470c-86cf-9c5b4f37db81}\components\FFExternalAlert.dll
FF - component: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{8567a644-e36c-470c-86cf-9c5b4f37db81}\components\RadioWMPCore.dll
FF - component: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\FFExternalAlert.dll
FF - component: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Users\Angel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Angel\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\Angel\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\Angel\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\Angel\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falseC:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0402000.00C\symds64.sys [2010-10-6 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0402000.00C\symefa64.sys [2010-10-6 221232]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys [2010-10-2 954928]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0402000.00C\cchpx64.sys [2010-10-6 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101011.001\IDSviA64.sys [2010-9-15 476720]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0402000.00C\ironx64.sys [2010-10-6 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0402000.00C\symtdiv.sys [2010-10-6 451120]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/10 14:15:03];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-5-2 81072]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Starfield\offSyncService.exe [2010-7-16 1310960]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-2-26 30520]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [2010-10-6 126392]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-8 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-2-9 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-2-9 116096]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-8 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-6 132656]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-21 145496]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-2-10 26168]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-7 1153368]
S3 SureThing Labelflash service;SureThing Labelflash service;C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2010-4-1 74392]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-6 1255736]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [?]
S4 AntiVirService;Avira AntiVir Guard;"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [?]
=============== Created Last 30 ================
2010-10-11 22:19:34 -------- d-----w- C:\Program Files (x86)\Adobe Photoshop CS5 Extended Edition
2010-10-11 12:36:32 -------- d-----w- C:\PROGRA~3\FrontLine Registry Cleaner
2010-10-11 12:36:26 -------- d-----w- C:\Program Files (x86)\Frontline Registry Cleaner
2010-10-08 14:48:08 -------- d-----w- C:\Program Files (x86)\support.com
2010-10-08 00:48:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-10-08 00:48:38 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-10-06 21:41:29 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2010-10-06 14:11:40 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\symtdiv.sys
2010-10-06 14:11:40 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\symefa64.sys
2010-10-06 14:11:39 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\srtsp64.sys
2010-10-06 14:11:39 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0402000.00C\symds64.sys
2010-10-06 14:11:39 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\srtspx64.sys
2010-10-06 14:11:38 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\cchpx64.sys
2010-10-06 14:11:38 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0402000.00C\ironx64.sys
2010-10-06 14:10:57 -------- d-----w- C:\Windows\System32\drivers\N360x64\0402000.00C
2010-10-06 11:12:06 -------- d-----w- C:\PROGRA~3\39bdc
2010-10-06 11:10:09 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-10-06 11:10:09 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2010-10-06 11:10:09 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2010-10-06 11:10:06 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-10-06 11:09:49 -------- d-----w- C:\Program Files\Symantec
2010-10-06 11:09:49 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-10-06 11:09:05 -------- d-----w- C:\Windows\System32\drivers\N360x64
2010-10-06 11:09:04 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2010-10-06 11:07:25 -------- d-sh--w- C:\PROGRA~3\SMEFNILXS
2010-10-06 11:07:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2010-10-06 11:07:03 -------- d-sh--w- C:\PROGRA~3\39bdc8
2010-09-29 07:00:40 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 07:00:40 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-09-28 21:38:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 21:38:35 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 21:38:15 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 21:38:15 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-22 22:10:52 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 22:10:52 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2010-09-22 19:52:09 -------- d-----w- C:\Program Files (x86)\Comcast
2010-09-22 19:50:24 -------- d-----w- C:\Users\Angel\AppData\Local\SupportSoft
2010-09-22 19:50:13 -------- d-----w- C:\Program Files (x86)\ComcastUI
2010-09-16 01:04:18 -------- d-----w- C:\Program Files\Common Files\Intuit
2010-09-15 16:16:03 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll
2010-09-15 16:13:03 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll
2010-09-15 16:10:37 880640 ----a-w- C:\Windows\System32\hposwia_p02c.dll
2010-09-15 16:10:37 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2010-09-15 16:10:37 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2010-09-15 16:10:36 515072 ----a-w- C:\Windows\System32\hposc_p02a.dll
2010-09-15 16:10:36 1403904 ----a-w- C:\Windows\System32\hpost_p02c.dll
2010-09-14 21:12:17 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-09-13 20:56:43 -------- d-----w- C:\Users\Angel\AppData\Local\Craftsman
2010-09-13 20:53:58 -------- d-----w- C:\Program Files (x86)\Craftsman
2010-09-13 20:53:22 -------- d-----w- C:\Program Files (x86)\Common Files\Craftsman
2010-09-13 20:53:22 -------- d-----w- C:\PROGRA~3\Craftsman
==================== Find3M ====================
2010-08-10 09:15:58 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-07-17 09:00:04 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
============= FINISH: 22:02:07.04 ===============
Thank you in advance
ShadowStar
----------------------------------
Sorry to be a bother but I still require assistance on this and would love the additional help if someone could find the time please.
----------------------------------
Edit
Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count, they look for topics with a 0 response[I]. "BEFORE you POST" (http://forums.spybot.info/showthread.php?t=288)
Waiting for help in the Malware Forum FOUR days or longer? (http://forums.spybot.info/showthread.php?t=1137)
:)
Hi,
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
ShadowStar
2010-10-14, 23:00
First off let me start by thanking you to take the time to help me with this problem. This is a nasty one that I am having a hard time removing. Here are the logs:
OTL logfile created on: 10/14/2010 2:41:20 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Angel\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.71 Gb Total Space | 263.77 Gb Free Space | 58.39% Space Free | Partition Type: NTFS
Drive D: | 14.05 Gb Total Space | 2.12 Gb Free Space | 15.11% Space Free | Partition Type: NTFS
Computer Name: ANGELS-BREATHE | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Angel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Angel\AppData\Local\Starfield\starfieldupdate.exe ()
PRC - C:\Program Files (x86)\Starfield\offSyncService.exe (Starfield Technologies, Inc.)
PRC - C:\Program Files (x86)\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
PRC - C:\Users\Angel\AppData\Local\Starfield\wben.exe (Starfield Technologies, Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\Angel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (File Backup) -- C:\Program Files (x86)\Starfield\offSyncService.exe (Starfield Technologies, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (athur) -- C:\Windows\SysNative\DRIVERS\athurx.sys File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101014.008\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101014.008\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101012.001\IDSviA64.sys (Symantec Corporation)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8567a644-e36c-470c-86cf-9c5b4f37db81}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {aac4043a-8832-4abe-9963-35377f30b8e6}:2.7.1.3
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {3A9F26B5-7451-4922-9E2F-CD83E7F454EF}:1.5
FF - prefs.js..keyword.URL: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 21:30:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/10/06 12:30:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/10/06 07:10:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/17 05:20:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/06 07:26:08 | 000,000,000 | ---D | M]
[2010/08/26 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Mozilla\Extensions
[2010/08/26 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/13 22:42:57 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions
[2010/02/23 23:37:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/02 00:32:37 | 000,000,000 | ---D | M] (GodofWar) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{3A9F26B5-7451-4922-9E2F-CD83E7F454EF}
[2010/03/09 11:55:02 | 000,000,000 | ---D | M] (Online Sharing Toolbar) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{8567a644-e36c-470c-86cf-9c5b4f37db81}
[2010/06/13 06:55:39 | 000,000,000 | ---D | M] (Castle Age Toolbar) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}
[2010/03/20 00:48:22 | 000,002,055 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\searchplugins\daemon-search.xml
[2010/08/18 18:02:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/24 21:36:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 18:02:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/02 08:59:38 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/05/19 10:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
Hosts file not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Orb] C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Starfield Updater] C:\Users\Angel\AppData\Local\Starfield\starfieldupdate.exe ()
O4 - HKCU..\Run: [wben] C:\Users\Angel\AppData\Local\Starfield\wben.exe (Starfield Technologies, Inc.)
O4 - Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Craftsman Software Update.lnk = C:\Program Files (x86)\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
O4 - Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop BackupWallPaper: C:\Users\Angel\My Documents\wiccan-badge-purple-sign.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010/10/14 14:35:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2010/10/14 06:50:22 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\CrashDumps
[2010/10/13 19:19:22 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 19:19:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 19:19:21 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 19:19:20 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/13 19:19:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 19:19:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 19:18:55 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/13 19:18:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/13 19:18:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/13 19:18:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/13 19:18:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/13 19:18:53 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/13 19:18:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/13 19:18:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/13 19:18:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/13 19:18:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/13 19:18:52 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/13 19:18:52 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/13 19:18:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/13 19:18:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/13 19:18:50 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 19:18:48 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 19:18:46 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 19:18:46 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 19:18:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/13 08:00:29 | 000,000,000 | ---D | C] -- C:\Users\Angel\Desktop\phone pics
[2010/10/12 06:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/11 21:59:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/11 18:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop CS5 Extended Edition
[2010/10/11 08:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\FrontLine Registry Cleaner
[2010/10/11 08:36:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Frontline Registry Cleaner
[2010/10/08 10:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\support.com
[2010/10/07 20:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/07 20:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/06 10:11:40 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys
[2010/10/06 10:11:40 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys
[2010/10/06 10:11:39 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys
[2010/10/06 10:11:39 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys
[2010/10/06 10:11:39 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys
[2010/10/06 10:11:38 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys
[2010/10/06 10:11:38 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys
[2010/10/06 10:10:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C
[2010/10/06 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\39bdc
[2010/10/06 07:10:09 | 000,126,312 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/10/06 07:10:09 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/10/06 07:10:09 | 000,034,152 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/10/06 07:10:06 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/06 07:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/10/06 07:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/06 07:09:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2010/10/06 07:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2010/10/06 07:07:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMEFNILXS
[2010/10/06 07:07:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\Documents\Symantec
[2010/10/06 07:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/10/06 07:07:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\39bdc8
[2010/09/22 15:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2010/09/22 15:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comcast
[2010/09/22 15:50:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\SupportSoft
[2010/09/22 15:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ComcastUI
[2010/09/15 23:45:08 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\InstallShield
[2010/09/15 21:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/09/15 12:13:03 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l70v.dll
[2010/09/15 12:10:37 | 000,880,640 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p02c.dll
[2010/09/15 12:10:37 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2010/09/15 12:10:37 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2010/09/15 12:10:36 | 001,403,904 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p02c.dll
[2010/09/15 12:10:36 | 000,515,072 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p02a.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/10/14 14:43:02 | 001,213,960 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/10/14 14:35:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2010/10/14 12:53:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/14 07:34:08 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/10/14 06:48:55 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/14 06:48:55 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/14 06:42:55 | 000,485,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 06:41:57 | 3018,190,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/14 06:23:01 | 000,753,848 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/14 06:23:01 | 000,632,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/14 06:23:01 | 000,110,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/12 06:58:08 | 000,002,097 | ---- | M] () -- C:\Users\Angel\Desktop\HijackThis.lnk
[2010/10/11 22:04:30 | 000,001,892 | ---- | M] () -- C:\Users\Angel\Desktop\DDS - Shortcut.lnk
[2010/10/11 22:04:00 | 000,001,945 | ---- | M] () -- C:\Users\Angel\Desktop\Attach - Shortcut.lnk
[2010/10/11 18:30:07 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Angel.job
[2010/10/11 18:17:12 | 000,293,032 | ---- | M] () -- C:\Users\Angel\Documents\Publication2.jpg
[2010/10/08 21:51:05 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAngel.job
[2010/10/08 11:15:09 | 000,000,136 | ---- | M] () -- C:\Users\Angel\Desktop\Comcast Security.url
[2010/10/08 11:15:09 | 000,000,117 | ---- | M] () -- C:\Users\Angel\Desktop\Comcast Email.url
[2010/10/08 11:13:55 | 000,001,107 | ---- | M] () -- C:\net_save.dna
[2010/10/07 20:48:45 | 000,001,286 | ---- | M] () -- C:\Users\Angel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/07 09:20:34 | 000,099,463 | ---- | M] () -- C:\Users\Angel\Documents\bill of sale.docx
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225502.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225501.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225500.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225459.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225458.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225457.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225456.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225455.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225454.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225453.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225452.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225451.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225445.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175657.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175636.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175635.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175634.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175632.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175512.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175511.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175510.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175509.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175508.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175507.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175506.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175505.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175504.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175503.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175502.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175501.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175500.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175457.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-033200.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032656.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032655.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032654.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032653.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032652.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032648.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032647.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032646.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032645.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032644.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032643.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032641.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031632.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031631.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031626.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031625.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031624.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031623.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031622.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031621.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031620.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031619.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031618.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031610.backup
[2010/10/06 07:09:49 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/06 07:09:49 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/06 07:09:49 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/30 19:05:42 | 000,099,645 | ---- | M] () -- C:\Users\Angel\Documents\home depot maney.docx
[2010/09/24 21:04:33 | 000,100,074 | ---- | M] () -- C:\Users\Angel\Documents\proposal.docx
[2010/09/23 17:03:39 | 000,228,459 | ---- | M] () -- C:\Users\Angel\Documents\Executive Summary.docx
[2010/09/21 21:40:43 | 000,146,432 | ---- | M] () -- C:\Users\Angel\Documents\Copy of 523_NZ_SetUpCosts.xls
[2010/09/21 20:50:48 | 000,022,318 | ---- | M] () -- C:\Users\Angel\Documents\form_finasst_cshflstmt3.xlsx
[2010/09/21 20:49:40 | 000,016,003 | ---- | M] () -- C:\Users\Angel\Documents\sba_010150-11.xlsx
[2010/09/21 20:49:23 | 000,013,227 | ---- | M] () -- C:\Users\Angel\Documents\form_finasst_incomestmt-11.xlsx
[2010/09/15 23:44:58 | 000,000,726 | ---- | M] () -- C:\Windows\SIERRA.INI
[2010/09/15 12:17:00 | 000,174,396 | ---- | M] () -- C:\Windows\hpoins43.dat
[2010/09/14 21:20:48 | 000,023,550 | ---- | M] () -- C:\Users\Angel\Documents\Residential Lease Agreement.docx
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/10/12 06:58:07 | 000,002,097 | ---- | C] () -- C:\Users\Angel\Desktop\HijackThis.lnk
[2010/10/11 22:04:30 | 000,001,892 | ---- | C] () -- C:\Users\Angel\Desktop\DDS - Shortcut.lnk
[2010/10/11 22:03:59 | 000,001,945 | ---- | C] () -- C:\Users\Angel\Desktop\Attach - Shortcut.lnk
[2010/10/11 18:16:29 | 000,293,032 | ---- | C] () -- C:\Users\Angel\Documents\Publication2.jpg
[2010/10/11 08:36:33 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Angel.job
[2010/10/08 10:51:30 | 000,000,136 | ---- | C] () -- C:\Users\Angel\Desktop\Comcast Security.url
[2010/10/08 10:51:30 | 000,000,117 | ---- | C] () -- C:\Users\Angel\Desktop\Comcast Email.url
[2010/10/08 10:51:28 | 000,015,086 | ---- | C] () -- C:\Windows\ComcastEmail.ico
[2010/10/08 10:51:28 | 000,007,982 | ---- | C] () -- C:\Windows\ComcastSecurity.ico
[2010/10/08 10:48:18 | 000,001,107 | ---- | C] () -- C:\net_save.dna
[2010/10/07 20:48:45 | 000,001,286 | ---- | C] () -- C:\Users\Angel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/07 09:20:34 | 000,099,463 | ---- | C] () -- C:\Users\Angel\Documents\bill of sale.docx
[2010/10/06 12:13:24 | 001,213,960 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/10/06 10:11:40 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat
[2010/10/06 10:11:40 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv64.cat
[2010/10/06 10:11:40 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet64.cat
[2010/10/06 10:11:40 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf
[2010/10/06 10:11:40 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf
[2010/10/06 10:11:39 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat
[2010/10/06 10:11:39 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.cat
[2010/10/06 10:11:39 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf
[2010/10/06 10:11:39 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds.inf
[2010/10/06 10:11:39 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf
[2010/10/06 10:11:38 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat
[2010/10/06 10:11:38 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat
[2010/10/06 10:11:38 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.cat
[2010/10/06 10:11:38 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.inf
[2010/10/06 10:11:38 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf
[2010/10/06 10:11:38 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf
[2010/10/06 10:10:57 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini
[2010/10/06 07:10:06 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/06 07:10:06 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/30 17:29:05 | 000,099,645 | ---- | C] () -- C:\Users\Angel\Documents\home depot maney.docx
[2010/09/24 21:04:33 | 000,100,074 | ---- | C] () -- C:\Users\Angel\Documents\proposal.docx
[2010/09/23 16:52:11 | 000,228,459 | ---- | C] () -- C:\Users\Angel\Documents\Executive Summary.docx
[2010/09/21 21:40:40 | 000,146,432 | ---- | C] () -- C:\Users\Angel\Documents\Copy of 523_NZ_SetUpCosts.xls
[2010/09/21 20:50:40 | 000,022,318 | ---- | C] () -- C:\Users\Angel\Documents\form_finasst_cshflstmt3.xlsx
[2010/09/21 20:49:39 | 000,016,003 | ---- | C] () -- C:\Users\Angel\Documents\sba_010150-11.xlsx
[2010/09/21 20:49:23 | 000,013,227 | ---- | C] () -- C:\Users\Angel\Documents\form_finasst_incomestmt-11.xlsx
[2010/09/15 12:10:51 | 000,174,396 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/09/15 12:10:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/09/14 21:20:48 | 000,023,550 | ---- | C] () -- C:\Users\Angel\Documents\Residential Lease Agreement.docx
[2010/04/02 10:37:22 | 000,000,093 | ---- | C] () -- C:\Users\Angel\AppData\Local\fusioncache.dat
[2010/04/02 10:25:19 | 000,743,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/13 02:12:44 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/02 12:44:47 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/02/27 13:35:26 | 000,002,267 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/24 00:17:23 | 000,000,282 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/02/24 00:16:46 | 000,000,000 | ---- | C] () -- C:\Users\Angel\AppData\Local\QSwitch.txt
[2010/02/24 00:16:46 | 000,000,000 | ---- | C] () -- C:\Users\Angel\AppData\Local\DSwitch.txt
[2010/02/24 00:16:46 | 000,000,000 | ---- | C] () -- C:\Users\Angel\AppData\Local\AtStart.txt
[2010/02/17 15:45:05 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/02/17 15:45:05 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/02/17 15:45:05 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/02/17 05:33:41 | 000,000,726 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/02/15 17:45:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007/03/26 13:45:18 | 000,071,208 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll
[2007/02/20 17:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/02/20 17:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/02/23 22:45:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/14 06:41:57 | 3018,190,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/01 12:52:23 | 000,000,346 | -H-- | M] () -- C:\IPH.PH
[2010/05/03 01:27:37 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2002/01/05 03:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2010/10/08 11:13:55 | 000,001,107 | ---- | M] () -- C:\net_save.dna
[2010/10/14 06:42:12 | 4024,258,560 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 160 bytes -> C:\Users\Angel\Documents\edd claim form.tif:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Angel\Documents\edd claim form.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5F538558
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:C2AD09C0
< End of report >
ShadowStar
2010-10-14, 23:01
The second log:
OTL Extras logfile created on: 10/14/2010 2:41:20 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Angel\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.71 Gb Total Space | 263.77 Gb Free Space | 58.39% Space Free | Partition Type: NTFS
Drive D: | 14.05 Gb Total Space | 2.12 Gb Free Space | 15.11% Space Free | Partition Type: NTFS
Computer Name: ANGELS-BREATHE | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B87BB2A8-5921-9B18-BBB5-D9A42F9CD3E1}" = ccc-utility64
"{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C6CFAF5A-12F9-485E-EAD7-7FA1D3E5B943}" = ATI Catalyst Install Manager
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Pharaoh and Cleopatra
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117398253}" = Build a Lot 4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85EBB283-65AF-4C53-9EBE-7C0A232762F7}" = AGEIA PhysX v7.03.21
"{878C1348-D498-4A31-9C16-DCEDC89EF593}" = Construction Contract Writer
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{96C39A4E-8636-439B-B439-02E908C05A2A}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E8B4FB-11E8-476A-B769-F7581A900492}" = Construction Contract Writer - National Edition
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D985CE15-3C2D-460F-9EFC-5BB6573F70CE}" = Craftsman Software Update
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"BitTorrent" = BitTorrent
"BizPlan Builder 8.1" = BizPlan Builder 8.1
"Build a Lot 5 Elizabethan Era1.0" = Build a Lot 5 Elizabethan Era
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"JA2 Unfinished Business" = JA2 Unfinished Business
"LimeWire" = LimeWire 5.5.14
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"N360" = Norton Security Suite
"Orb" = Winamp Remote
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT083273" = Amazing Heists - Dillinger
"WT085947" = Where's Waldo The Fantastic Journey
"Yahoo! Messenger" = Yahoo! Messenger
"Zeus" = Zeus
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
"workspacedesktop" = Workspace Desktop
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Again, thank you
Shadow Star
Hi again,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitTorrent
LimeWire
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
After that:
Let's run OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..keyword.URL: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225502.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225501.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225500.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225459.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225458.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225457.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225456.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225455.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225454.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225453.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225452.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225451.backup
[2010/10/06 07:11:55 | 000,002,762 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101013-225445.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175657.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175636.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175635.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175634.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175632.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175512.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175511.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175510.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175509.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175508.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175507.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175506.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175505.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175504.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175503.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175502.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175501.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175500.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101011-175457.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-033200.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032656.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032655.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032654.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032653.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032652.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032648.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032647.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032646.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032645.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032644.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032643.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-032641.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031632.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031631.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031626.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031625.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031624.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031623.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031622.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031621.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031620.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031619.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031618.backup
[2010/10/06 07:11:55 | 000,002,762 | -HS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101008-031610.backup
:Files
C:\Windows\SysNative\drivers\etc\hosts
C:\Program Files (x86)\LimeWire
:Commands
[emptytemp]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post result log
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 22 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report & a fresh OTL.txt log.
ShadowStar
2010-10-16, 05:13
All processes killed
========== OTL ==========
Prefs.js: "Search" removed from browser.search.defaultenginename
Prefs.js: "http://flvdirect.iamwired.net/websearch.php?src=tops&search=" removed from browser.search.defaulturl
Prefs.js: "http://flvdirect.iamwired.net/websearch.php?src=tops&search=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
File move failed. C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk scheduled to be moved on reboot.
File C:\Program Files (x86)\LimeWire\LimeWire.exe not found.
C:\Windows\SysNative\drivers\etc\hosts.old moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225502.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225501.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225500.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225459.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225458.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225457.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225456.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225455.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225454.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225453.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225452.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225451.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101013-225445.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175657.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175636.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175635.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175634.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175632.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175512.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175511.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175510.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175509.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175508.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175507.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175506.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175505.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175504.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175503.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175502.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175501.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175500.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101011-175457.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-033200.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032656.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032655.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032654.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032653.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032652.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032648.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032647.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032646.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032645.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032644.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032643.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-032641.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031632.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031631.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031626.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031625.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031624.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031623.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031622.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031621.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031620.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031619.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031618.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20101008-031610.backup moved successfully.
========== FILES ==========
File\Folder C:\Windows\SysNative\drivers\etc\hosts not found.
C:\Program Files (x86)\LimeWire folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Angel
->Temp folder emptied: 16358211 bytes
->Temporary Internet Files folder emptied: 2671501 bytes
->Java cache emptied: 33425515 bytes
->FireFox cache emptied: 49366161 bytes
->Flash cache emptied: 46569 bytes
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1591808 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56046 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84726 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 99.00 mb
OTL by OldTimer - Version 3.2.15.2 log created on 10152010_171436
Files\Folders moved on Reboot...
File\Folder C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk not found!
C:\Users\Angel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Good. Shall wait for those other logs before the next set of instructions :)
ShadowStar
2010-10-17, 14:21
Sorry this took so long but it seems that Kaps needed to take forever just to update and I ran a computer scan which took hours so after all this I have the following report
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 17, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 16, 2010 21:56:30
Records in database: 4180942
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
Scan statistics
Objects scanned 209805
Threats found 1
Infected objects found 3
Suspicious objects found 0
Scan duration 08:21:05
File name Threat Threats count
C:\Program Files (x86)\Trend Micro\HijackThis\backups\backup-20101012-070927-502 Infected: Trojan.Win32.FraudPack.rdo 1
C:\Users\Angel\AppData\Local\VirtualStore\Program Files (x86)\Trend Micro\HijackThis\backups\backup-20101012-230721-816 Infected: Trojan.Win32.FraudPack.rdo 1
C:\Users\Angel\AppData\Local\VirtualStore\Program Files (x86)\Trend Micro\HijackThis\backups\backup-20101013-003944-396 Infected: Trojan.Win32.FraudPack.rdo 1
Selected area has been scanned.
I thank you for this..help
Please post fresh OTL.txt too.
ShadowStar
2010-10-18, 02:56
OTL logfile created on: 10/17/2010 7:43:36 PM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Angel\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.71 Gb Total Space | 269.62 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 14.05 Gb Total Space | 2.12 Gb Free Space | 15.11% Space Free | Partition Type: NTFS
Computer Name: ANGELS-BREATHE | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Angel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Users\Angel\AppData\Local\Starfield\starfieldupdate.exe ()
PRC - C:\Program Files (x86)\Starfield\offSyncService.exe (Starfield Technologies, Inc.)
PRC - C:\Users\Angel\AppData\Local\Starfield\wben.exe (Starfield Technologies, Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\agent\bin\bcont_nm.exe (SupportSoft, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\Angel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (File Backup) -- C:\Program Files (x86)\Starfield\offSyncService.exe (Starfield Technologies, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (athur) -- C:\Windows\SysNative\DRIVERS\athurx.sys File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101015.003\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101017.003\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101017.003\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys (Symantec Corporation)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {8567a644-e36c-470c-86cf-9c5b4f37db81}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {aac4043a-8832-4abe-9963-35377f30b8e6}:2.7.1.3
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3A9F26B5-7451-4922-9E2F-CD83E7F454EF}:1.5
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 21:30:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/10/06 12:30:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/10/06 07:10:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/17 05:20:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/06 07:26:08 | 000,000,000 | ---D | M]
[2010/08/26 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Mozilla\Extensions
[2010/08/26 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/16 20:17:56 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions
[2010/02/23 23:37:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/02 00:32:37 | 000,000,000 | ---D | M] (GodofWar) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{3A9F26B5-7451-4922-9E2F-CD83E7F454EF}
[2010/03/09 11:55:02 | 000,000,000 | ---D | M] (Online Sharing Toolbar) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{8567a644-e36c-470c-86cf-9c5b4f37db81}
[2010/06/13 06:55:39 | 000,000,000 | ---D | M] (Castle Age Toolbar) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}
[2010/03/20 00:48:22 | 000,002,055 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\searchplugins\daemon-search.xml
[2010/10/16 06:46:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/24 21:36:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/16 06:46:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/16 06:46:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/02 08:59:38 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/05/19 10:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
Hosts file not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Orb] C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Starfield Updater] C:\Users\Angel\AppData\Local\Starfield\StarfieldUpdate.exe ()
O4 - HKCU..\Run: [wben] C:\Users\Angel\AppData\Local\Starfield\wben.exe (Starfield Technologies, Inc.)
O4 - Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Craftsman Software Update.lnk = C:\Program Files (x86)\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop BackupWallPaper: C:\Users\Angel\My Documents\wiccan-badge-purple-sign.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/10/16 19:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2010/10/16 06:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/16 06:46:24 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/16 06:46:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/16 06:46:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/16 06:45:06 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Angel\Desktop\jre-6u22-windows-i586.exe
[2010/10/15 17:14:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/15 15:33:22 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/10/15 15:33:22 | 000,189,216 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/10/15 15:33:22 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/10/15 15:33:21 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/10/15 15:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/15 11:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/10/14 22:56:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Palo Alto Software
[2010/10/14 22:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2010/10/14 22:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Palo Alto Software
[2010/10/14 22:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Palo Alto Software
[2010/10/14 22:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Palo Alto Software
[2010/10/14 22:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PAS
[2010/10/14 14:35:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2010/10/14 06:50:22 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\CrashDumps
[2010/10/13 19:19:22 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 19:19:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 19:19:21 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 19:19:20 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/13 19:19:18 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 19:19:03 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/13 19:19:03 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 19:19:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 19:19:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 19:18:55 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/13 19:18:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/13 19:18:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/13 19:18:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/13 19:18:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/13 19:18:53 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/13 19:18:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/13 19:18:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/13 19:18:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/13 19:18:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/13 19:18:52 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/13 19:18:52 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/13 19:18:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/13 19:18:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/13 19:18:50 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 19:18:48 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 19:18:46 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 19:18:46 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 19:18:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/13 08:00:29 | 000,000,000 | ---D | C] -- C:\Users\Angel\Desktop\phone pics
[2010/10/12 06:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/11 21:59:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/11 18:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop CS5 Extended Edition
[2010/10/11 08:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\FrontLine Registry Cleaner
[2010/10/11 08:36:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Frontline Registry Cleaner
[2010/10/08 10:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\support.com
[2010/10/07 20:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/07 20:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/06 10:11:40 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys
[2010/10/06 10:11:40 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys
[2010/10/06 10:11:39 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys
[2010/10/06 10:11:39 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys
[2010/10/06 10:11:39 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys
[2010/10/06 10:11:38 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys
[2010/10/06 10:11:38 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys
[2010/10/06 10:10:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C
[2010/10/06 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\39bdc
[2010/10/06 07:10:09 | 000,126,312 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/10/06 07:10:09 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/10/06 07:10:09 | 000,034,152 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/10/06 07:10:06 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/06 07:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/10/06 07:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/06 07:09:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2010/10/06 07:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2010/10/06 07:07:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMEFNILXS
[2010/10/06 07:07:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\Documents\Symantec
[2010/10/06 07:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/10/06 07:07:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\39bdc8
[2010/09/22 15:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2010/09/22 15:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comcast
[2010/09/22 15:50:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\SupportSoft
[2010/09/22 15:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ComcastUI
========== Files - Modified Within 30 Days ==========
[2010/10/17 19:42:14 | 000,685,568 | ---- | M] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc.1.doc
[2010/10/17 12:54:31 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/17 12:54:31 | 000,632,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/17 12:54:31 | 000,110,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/17 10:06:06 | 001,213,960 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/10/17 07:17:44 | 000,003,470 | ---- | M] () -- C:\Users\Angel\Desktop\kasp.html
[2010/10/17 03:00:01 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Angel.job
[2010/10/16 21:49:48 | 001,561,127 | ---- | M] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc..rtf
[2010/10/16 19:14:00 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2010/10/16 06:46:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/16 06:46:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/16 06:46:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/16 06:46:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/16 06:45:25 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Angel\Desktop\jre-6u22-windows-i586.exe
[2010/10/16 06:19:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/15 18:05:35 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 18:05:35 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 17:57:28 | 3018,190,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 15:32:59 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/10/15 15:32:59 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/10/15 15:32:59 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/10/15 15:32:59 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/10/15 13:05:25 | 000,210,659 | ---- | M] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc..doc
[2010/10/15 11:24:44 | 000,000,708 | -H-- | M] () -- C:\IPH.PH
[2010/10/15 11:24:41 | 000,001,941 | ---- | M] () -- C:\Users\Angel\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/10/14 22:55:28 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\Business Plan Pro 2007.lnk
[2010/10/14 22:55:25 | 000,002,283 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
[2010/10/14 14:35:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2010/10/14 07:34:08 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/10/14 06:42:55 | 000,485,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/11 18:17:12 | 000,293,032 | ---- | M] () -- C:\Users\Angel\Documents\Publication2.jpg
[2010/10/08 21:51:05 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAngel.job
[2010/10/08 11:15:09 | 000,000,136 | ---- | M] () -- C:\Users\Angel\Desktop\Comcast Security.url
[2010/10/08 11:15:09 | 000,000,117 | ---- | M] () -- C:\Users\Angel\Desktop\Comcast Email.url
[2010/10/08 11:13:55 | 000,001,107 | ---- | M] () -- C:\net_save.dna
[2010/10/07 20:48:45 | 000,001,286 | ---- | M] () -- C:\Users\Angel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/07 09:20:34 | 000,099,463 | ---- | M] () -- C:\Users\Angel\Documents\bill of sale.docx
[2010/10/06 07:09:49 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/06 07:09:49 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/06 07:09:49 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/30 19:05:42 | 000,099,645 | ---- | M] () -- C:\Users\Angel\Documents\home depot maney.docx
[2010/09/24 21:04:33 | 000,100,074 | ---- | M] () -- C:\Users\Angel\Documents\proposal.docx
[2010/09/23 17:03:39 | 000,228,459 | ---- | M] () -- C:\Users\Angel\Documents\Executive Summary.docx
[2010/09/21 21:40:43 | 000,146,432 | ---- | M] () -- C:\Users\Angel\Documents\Copy of 523_NZ_SetUpCosts.xls
[2010/09/21 20:50:48 | 000,022,318 | ---- | M] () -- C:\Users\Angel\Documents\form_finasst_cshflstmt3.xlsx
[2010/09/21 20:49:40 | 000,016,003 | ---- | M] () -- C:\Users\Angel\Documents\sba_010150-11.xlsx
[2010/09/21 20:49:23 | 000,013,227 | ---- | M] () -- C:\Users\Angel\Documents\form_finasst_incomestmt-11.xlsx
========== Files Created - No Company Name ==========
[2010/10/17 07:17:44 | 000,003,470 | ---- | C] () -- C:\Users\Angel\Desktop\kasp.html
[2010/10/16 22:08:42 | 000,685,568 | ---- | C] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc.1.doc
[2010/10/16 20:28:49 | 001,561,127 | ---- | C] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc..rtf
[2010/10/16 19:14:00 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2010/10/15 13:00:16 | 000,210,659 | ---- | C] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc..doc
[2010/10/14 22:55:26 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\Business Plan Pro 2007.lnk
[2010/10/14 22:55:24 | 000,002,283 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
[2010/10/11 18:16:29 | 000,293,032 | ---- | C] () -- C:\Users\Angel\Documents\Publication2.jpg
[2010/10/11 08:36:33 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Angel.job
[2010/10/08 10:51:30 | 000,000,136 | ---- | C] () -- C:\Users\Angel\Desktop\Comcast Security.url
[2010/10/08 10:51:30 | 000,000,117 | ---- | C] () -- C:\Users\Angel\Desktop\Comcast Email.url
[2010/10/08 10:51:28 | 000,015,086 | ---- | C] () -- C:\Windows\ComcastEmail.ico
[2010/10/08 10:51:28 | 000,007,982 | ---- | C] () -- C:\Windows\ComcastSecurity.ico
[2010/10/08 10:48:18 | 000,001,107 | ---- | C] () -- C:\net_save.dna
[2010/10/07 20:48:45 | 000,001,286 | ---- | C] () -- C:\Users\Angel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/07 09:20:34 | 000,099,463 | ---- | C] () -- C:\Users\Angel\Documents\bill of sale.docx
[2010/10/06 12:13:24 | 001,213,960 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/10/06 10:11:40 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat
[2010/10/06 10:11:40 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv64.cat
[2010/10/06 10:11:40 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet64.cat
[2010/10/06 10:11:40 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf
[2010/10/06 10:11:40 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf
[2010/10/06 10:11:39 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat
[2010/10/06 10:11:39 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.cat
[2010/10/06 10:11:39 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf
[2010/10/06 10:11:39 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds.inf
[2010/10/06 10:11:39 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf
[2010/10/06 10:11:38 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat
[2010/10/06 10:11:38 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat
[2010/10/06 10:11:38 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.cat
[2010/10/06 10:11:38 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.inf
[2010/10/06 10:11:38 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf
[2010/10/06 10:11:38 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf
[2010/10/06 10:10:57 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini
[2010/10/06 07:10:06 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/06 07:10:06 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/30 17:29:05 | 000,099,645 | ---- | C] () -- C:\Users\Angel\Documents\home depot maney.docx
[2010/09/24 21:04:33 | 000,100,074 | ---- | C] () -- C:\Users\Angel\Documents\proposal.docx
[2010/09/23 16:52:11 | 000,228,459 | ---- | C] () -- C:\Users\Angel\Documents\Executive Summary.docx
[2010/09/21 21:40:40 | 000,146,432 | ---- | C] () -- C:\Users\Angel\Documents\Copy of 523_NZ_SetUpCosts.xls
[2010/09/21 20:50:40 | 000,022,318 | ---- | C] () -- C:\Users\Angel\Documents\form_finasst_cshflstmt3.xlsx
[2010/09/21 20:49:39 | 000,016,003 | ---- | C] () -- C:\Users\Angel\Documents\sba_010150-11.xlsx
[2010/09/21 20:49:23 | 000,013,227 | ---- | C] () -- C:\Users\Angel\Documents\form_finasst_incomestmt-11.xlsx
[2010/04/02 10:37:22 | 000,000,093 | ---- | C] () -- C:\Users\Angel\AppData\Local\fusioncache.dat
[2010/04/02 10:25:19 | 000,743,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/13 02:12:44 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/02 12:44:47 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/02/27 13:35:26 | 000,002,267 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/24 00:17:23 | 000,000,189 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/02/24 00:16:46 | 000,000,000 | ---- | C] () -- C:\Users\Angel\AppData\Local\QSwitch.txt
[2010/02/24 00:16:46 | 000,000,000 | ---- | C] () -- C:\Users\Angel\AppData\Local\DSwitch.txt
[2010/02/24 00:16:46 | 000,000,000 | ---- | C] () -- C:\Users\Angel\AppData\Local\AtStart.txt
[2010/02/17 15:45:05 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/02/17 15:45:05 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/02/17 15:45:05 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/02/17 05:33:41 | 000,000,726 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/02/15 17:45:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007/03/26 13:45:18 | 000,071,208 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll
[2007/02/20 17:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/02/20 17:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 160 bytes -> C:\Users\Angel\Documents\edd claim form.tif:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Angel\Documents\edd claim form.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5F538558
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:C2AD09C0
< End of report >
Hi,
Start OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[RESETHOSTS]
[emptytemp]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post result log + fresh OTL.txt.
ShadowStar
2010-10-19, 04:23
All processes killed
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Angel
->Temp folder emptied: 109501367 bytes
->Temporary Internet Files folder emptied: 44544632 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 47591508 bytes
->Flash cache emptied: 1467 bytes
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59063 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 90894 bytes
Total Files Cleaned = 193.00 mb
OTL by OldTimer - Version 3.2.15.2 log created on 10182010_211612
Files\Folders moved on Reboot...
C:\Users\Angel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Please create fresh OTL.txt too. Any issues left?
ShadowStar
2010-10-19, 13:30
OTL logfile created on: 10/19/2010 6:20:31 AM - Run 3
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Angel\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.71 Gb Total Space | 269.82 Gb Free Space | 59.73% Space Free | Partition Type: NTFS
Drive D: | 14.05 Gb Total Space | 2.12 Gb Free Space | 15.11% Space Free | Partition Type: NTFS
Computer Name: ANGELS-BREATHE | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Angel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Users\Angel\AppData\Local\Starfield\starfieldupdate.exe ()
PRC - C:\Program Files (x86)\Starfield\offSyncService.exe (Starfield Technologies, Inc.)
PRC - C:\Program Files (x86)\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
PRC - C:\Users\Angel\AppData\Local\Starfield\wben.exe (Starfield Technologies, Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\Angel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (File Backup) -- C:\Program Files (x86)\Starfield\offSyncService.exe (Starfield Technologies, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (athur) -- C:\Windows\SysNative\DRIVERS\athurx.sys File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101015.005\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101018.002\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101018.002\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys (Symantec Corporation)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {8567a644-e36c-470c-86cf-9c5b4f37db81}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {aac4043a-8832-4abe-9963-35377f30b8e6}:2.7.1.3
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3A9F26B5-7451-4922-9E2F-CD83E7F454EF}:1.5
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 21:30:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/10/06 12:30:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/10/06 07:10:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/17 05:20:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/06 07:26:08 | 000,000,000 | ---D | M]
[2010/08/26 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Mozilla\Extensions
[2010/08/26 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/18 07:45:17 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions
[2010/02/23 23:37:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/02 00:32:37 | 000,000,000 | ---D | M] (GodofWar) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{3A9F26B5-7451-4922-9E2F-CD83E7F454EF}
[2010/03/09 11:55:02 | 000,000,000 | ---D | M] (Online Sharing Toolbar) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{8567a644-e36c-470c-86cf-9c5b4f37db81}
[2010/06/13 06:55:39 | 000,000,000 | ---D | M] (Castle Age Toolbar) -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}
[2010/03/20 00:48:22 | 000,002,055 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\0x0pbgjb.default\searchplugins\daemon-search.xml
[2010/10/16 06:46:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/24 21:36:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/16 06:46:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/16 06:46:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/02 08:59:38 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/05/19 10:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
O1 HOSTS File: ([2010/10/18 21:16:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Orb] C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Starfield Updater] C:\Users\Angel\AppData\Local\Starfield\StarfieldUpdate.exe ()
O4 - HKCU..\Run: [wben] C:\Users\Angel\AppData\Local\Starfield\wben.exe (Starfield Technologies, Inc.)
O4 - Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Craftsman Software Update.lnk = C:\Program Files (x86)\Common Files\Craftsman\CSU\CSUClient.exe (Craftsman Book Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop BackupWallPaper: C:\Users\Angel\My Documents\wiccan-badge-purple-sign.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/10/17 21:51:53 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\HPAppData
[2010/10/16 19:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2010/10/16 06:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/16 06:46:24 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/16 06:46:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/16 06:46:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/16 06:45:06 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Angel\Desktop\jre-6u22-windows-i586.exe
[2010/10/15 17:14:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/15 15:33:22 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/10/15 15:33:22 | 000,189,216 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/10/15 15:33:22 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/10/15 15:33:21 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/10/15 15:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/15 11:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/10/14 22:56:44 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Palo Alto Software
[2010/10/14 22:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2010/10/14 22:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Palo Alto Software
[2010/10/14 22:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Palo Alto Software
[2010/10/14 22:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Palo Alto Software
[2010/10/14 22:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PAS
[2010/10/14 14:35:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2010/10/14 06:50:22 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\CrashDumps
[2010/10/13 19:19:22 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 19:19:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 19:19:21 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 19:19:20 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/13 19:19:18 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 19:19:03 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/13 19:19:03 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 19:19:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 19:19:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 19:18:55 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/13 19:18:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/13 19:18:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/13 19:18:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/13 19:18:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/13 19:18:53 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/13 19:18:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/13 19:18:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/13 19:18:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/13 19:18:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/13 19:18:52 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/13 19:18:52 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/13 19:18:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/13 19:18:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/13 19:18:50 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 19:18:48 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 19:18:46 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 19:18:46 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 19:18:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/13 08:00:29 | 000,000,000 | ---D | C] -- C:\Users\Angel\Desktop\phone pics
[2010/10/12 06:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/11 21:59:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/11 18:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop CS5 Extended Edition
[2010/10/11 08:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\FrontLine Registry Cleaner
[2010/10/11 08:36:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Frontline Registry Cleaner
[2010/10/08 10:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\support.com
[2010/10/07 20:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/07 20:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/06 10:11:40 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys
[2010/10/06 10:11:40 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys
[2010/10/06 10:11:39 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys
[2010/10/06 10:11:39 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys
[2010/10/06 10:11:39 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys
[2010/10/06 10:11:38 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys
[2010/10/06 10:11:38 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys
[2010/10/06 10:10:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C
[2010/10/06 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\39bdc
[2010/10/06 07:10:09 | 000,126,312 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/10/06 07:10:09 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/10/06 07:10:09 | 000,034,152 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/10/06 07:10:06 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/06 07:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/10/06 07:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/06 07:09:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2010/10/06 07:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2010/10/06 07:07:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMEFNILXS
[2010/10/06 07:07:07 | 000,000,000 | ---D | C] -- C:\Users\Angel\Documents\Symantec
[2010/10/06 07:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/10/06 07:07:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\39bdc8
[2010/09/22 15:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2010/09/22 15:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comcast
[2010/09/22 15:50:24 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\SupportSoft
[2010/09/22 15:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ComcastUI
========== Files - Modified Within 30 Days ==========
[2010/10/19 06:21:43 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/19 06:21:43 | 000,632,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/19 06:21:43 | 000,110,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/19 06:19:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/18 21:26:56 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/18 21:26:56 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/18 21:18:40 | 3018,190,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/18 21:16:14 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/10/18 21:05:26 | 000,029,657 | ---- | M] () -- C:\Users\Angel\Documents\RES-Resume(2).docx
[2010/10/18 20:01:39 | 000,781,824 | ---- | M] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc.1.doc
[2010/10/18 10:02:45 | 000,103,469 | ---- | M] () -- C:\Users\Angel\Documents\15kproposal(1).docx
[2010/10/18 09:21:18 | 001,213,960 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/10/18 07:28:47 | 000,848,896 | ---- | M] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc..xls
[2010/10/17 20:43:32 | 000,103,205 | ---- | M] () -- C:\Users\Angel\Documents\15kproposal.docx
[2010/10/17 03:00:01 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Angel.job
[2010/10/16 21:49:48 | 001,561,127 | ---- | M] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc..rtf
[2010/10/16 19:14:00 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2010/10/16 06:46:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/16 06:46:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/16 06:46:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/16 06:46:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/16 06:45:25 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Angel\Desktop\jre-6u22-windows-i586.exe
[2010/10/15 15:32:59 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/10/15 15:32:59 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/10/15 15:32:59 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/10/15 15:32:59 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/10/15 13:05:25 | 000,210,659 | ---- | M] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc..doc
[2010/10/15 11:24:44 | 000,000,708 | -H-- | M] () -- C:\IPH.PH
[2010/10/15 11:24:41 | 000,001,941 | ---- | M] () -- C:\Users\Angel\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/10/14 22:55:28 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\Business Plan Pro 2007.lnk
[2010/10/14 22:55:25 | 000,002,283 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
[2010/10/14 14:35:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2010/10/14 07:34:08 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/10/14 06:42:55 | 000,485,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/11 18:17:12 | 000,293,032 | ---- | M] () -- C:\Users\Angel\Documents\Publication2.jpg
[2010/10/08 21:51:05 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAngel.job
[2010/10/08 11:15:09 | 000,000,136 | ---- | M] () -- C:\Users\Angel\Desktop\Comcast Security.url
[2010/10/08 11:15:09 | 000,000,117 | ---- | M] () -- C:\Users\Angel\Desktop\Comcast Email.url
[2010/10/08 11:13:55 | 000,001,107 | ---- | M] () -- C:\net_save.dna
[2010/10/07 20:48:45 | 000,001,286 | ---- | M] () -- C:\Users\Angel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/07 09:20:34 | 000,099,463 | ---- | M] () -- C:\Users\Angel\Documents\bill of sale.docx
[2010/10/06 07:09:49 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/06 07:09:49 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/06 07:09:49 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/30 19:05:42 | 000,099,645 | ---- | M] () -- C:\Users\Angel\Documents\home depot maney.docx
[2010/09/24 21:04:33 | 000,100,074 | ---- | M] () -- C:\Users\Angel\Documents\proposal.docx
[2010/09/23 17:03:39 | 000,228,459 | ---- | M] () -- C:\Users\Angel\Documents\Executive Summary.docx
[2010/09/21 21:40:43 | 000,146,432 | ---- | M] () -- C:\Users\Angel\Documents\Copy of 523_NZ_SetUpCosts.xls
[2010/09/21 20:50:48 | 000,022,318 | ---- | M] () -- C:\Users\Angel\Documents\form_finasst_cshflstmt3.xlsx
[2010/09/21 20:49:40 | 000,016,003 | ---- | M] () -- C:\Users\Angel\Documents\sba_010150-11.xlsx
[2010/09/21 20:49:23 | 000,013,227 | ---- | M] () -- C:\Users\Angel\Documents\form_finasst_incomestmt-11.xlsx
========== Files Created - No Company Name ==========
[2010/10/18 21:05:25 | 000,029,657 | ---- | C] () -- C:\Users\Angel\Documents\RES-Resume(2).docx
[2010/10/18 07:28:44 | 000,848,896 | ---- | C] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc..xls
[2010/10/17 22:48:28 | 000,103,469 | ---- | C] () -- C:\Users\Angel\Documents\15kproposal(1).docx
[2010/10/17 20:08:10 | 000,103,205 | ---- | C] () -- C:\Users\Angel\Documents\15kproposal.docx
[2010/10/16 22:08:42 | 000,781,824 | ---- | C] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc.1.doc
[2010/10/16 20:28:49 | 001,561,127 | ---- | C] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc..rtf
[2010/10/16 19:14:00 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2010/10/15 13:00:16 | 000,210,659 | ---- | C] () -- C:\Users\Angel\Documents\Maney Enterprises, Inc..doc
[2010/10/14 22:55:26 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\Business Plan Pro 2007.lnk
[2010/10/14 22:55:24 | 000,002,283 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
[2010/10/11 18:16:29 | 000,293,032 | ---- | C] () -- C:\Users\Angel\Documents\Publication2.jpg
[2010/10/11 08:36:33 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Angel.job
[2010/10/08 10:51:30 | 000,000,136 | ---- | C] () -- C:\Users\Angel\Desktop\Comcast Security.url
[2010/10/08 10:51:30 | 000,000,117 | ---- | C] () -- C:\Users\Angel\Desktop\Comcast Email.url
[2010/10/08 10:51:28 | 000,015,086 | ---- | C] () -- C:\Windows\ComcastEmail.ico
[2010/10/08 10:51:28 | 000,007,982 | ---- | C] () -- C:\Windows\ComcastSecurity.ico
[2010/10/08 10:48:18 | 000,001,107 | ---- | C] () -- C:\net_save.dna
[2010/10/07 20:48:45 | 000,001,286 | ---- | C] () -- C:\Users\Angel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/07 09:20:34 | 000,099,463 | ---- | C] () -- C:\Users\Angel\Documents\bill of sale.docx
[2010/10/06 12:13:24 | 001,213,960 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/10/06 10:11:40 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat
[2010/10/06 10:11:40 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv64.cat
[2010/10/06 10:11:40 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet64.cat
[2010/10/06 10:11:40 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf
[2010/10/06 10:11:40 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf
[2010/10/06 10:11:39 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat
[2010/10/06 10:11:39 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.cat
[2010/10/06 10:11:39 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf
[2010/10/06 10:11:39 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds.inf
[2010/10/06 10:11:39 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf
[2010/10/06 10:11:38 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat
[2010/10/06 10:11:38 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat
[2010/10/06 10:11:38 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.cat
[2010/10/06 10:11:38 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.inf
[2010/10/06 10:11:38 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf
[2010/10/06 10:11:38 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf
[2010/10/06 10:10:57 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini
[2010/10/06 07:10:06 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/06 07:10:06 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/30 17:29:05 | 000,099,645 | ---- | C] () -- C:\Users\Angel\Documents\home depot maney.docx
[2010/09/24 21:04:33 | 000,100,074 | ---- | C] () -- C:\Users\Angel\Documents\proposal.docx
[2010/09/23 16:52:11 | 000,228,459 | ---- | C] () -- C:\Users\Angel\Documents\Executive Summary.docx
[2010/09/21 21:40:40 | 000,146,432 | ---- | C] () -- C:\Users\Angel\Documents\Copy of 523_NZ_SetUpCosts.xls
[2010/09/21 20:50:40 | 000,022,318 | ---- | C] () -- C:\Users\Angel\Documents\form_finasst_cshflstmt3.xlsx
[2010/09/21 20:49:39 | 000,016,003 | ---- | C] () -- C:\Users\Angel\Documents\sba_010150-11.xlsx
[2010/09/21 20:49:23 | 000,013,227 | ---- | C] () -- C:\Users\Angel\Documents\form_finasst_incomestmt-11.xlsx
[2010/04/02 10:37:22 | 000,000,093 | ---- | C] () -- C:\Users\Angel\AppData\Local\fusioncache.dat
[2010/04/02 10:25:19 | 000,743,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/13 02:12:44 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/02 12:44:47 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/02/27 13:35:26 | 000,002,267 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/24 00:17:23 | 000,000,188 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/02/24 00:16:46 | 000,000,000 | ---- | C] () -- C:\Users\Angel\AppData\Local\QSwitch.txt
[2010/02/24 00:16:46 | 000,000,000 | ---- | C] () -- C:\Users\Angel\AppData\Local\DSwitch.txt
[2010/02/24 00:16:46 | 000,000,000 | ---- | C] () -- C:\Users\Angel\AppData\Local\AtStart.txt
[2010/02/17 15:45:05 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/02/17 15:45:05 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/02/17 15:45:05 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/02/17 05:33:41 | 000,000,726 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/02/15 17:45:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007/03/26 13:45:18 | 000,071,208 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll
[2007/02/20 17:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/02/20 17:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/02/20 17:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 160 bytes -> C:\Users\Angel\Documents\edd claim form.tif:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Angel\Documents\edd claim form.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5F538558
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:C2AD09C0
< End of report >
I think everything is gone, per scans..but time will tell. Thank you for your time on this matter!
Good. Let's see the final steps then :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
ShadowStar
2010-10-24, 00:12
Just a quick update, everything is running wonderfully. I thank you with everything I have that you took the time to help me through this. I normally can get rid of pesky little things but this one was a doozy at least for me.
I do have a question though because I run automatic updates. Do I still need to get updates manually from the microsoft site? Or is everything done through auto update?
Again thank you for taking the time to respond to me. You have been wonderful. I will have to remember you on my christmas list and let santa know that you are fabulous and on the good side of things ;P
You're welcome :)
Having automatic updates enabled should be enough for Windows. To keep other programs updated too I recommend that Secunia Personal Software Inspector (PSI) program.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.