Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

IncrediBar virus on my laptop-Please help!!!!

(In Progress)
(!)

ajpnsld's Avatar
ajpnsld ajpnsld is offline
Computer Specs
Member with 30 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
30-Apr-2012, 09:58 AM #31
The incredibar virus problem is still there.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,694 posts.
 
Join Date: Aug 2003
30-Apr-2012, 11:04 AM #32
Where are you seeing it?
ajpnsld's Avatar
ajpnsld ajpnsld is offline
Computer Specs
Member with 30 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
30-Apr-2012, 06:12 PM #33
Hi cookiegal

Thanks a lot for your help. The virus is cleared from firefox and internet explorer. It is still active in chrome. whenever i type any search string in the chrome browser

http://search.incredibar.com/?q=asdl...d=1&uloc=mb119

this is the site it redirects me to
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,694 posts.
 
Join Date: Aug 2003
30-Apr-2012, 06:22 PM #34
Download OTL to your Desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise instructed. The scan won't take long.
  • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy and paste the contents of both of these files here in your next reply.
__________________
Microsoft MVP - Consumer Security
ajpnsld's Avatar
ajpnsld ajpnsld is offline
Computer Specs
Member with 30 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
30-Apr-2012, 10:53 PM #35
"OTL.txt" log file is below:

OTL logfile created on: 4/30/2012 9:36:29 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\pamarj1\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.56% Memory free
4.22 Gb Paging File | 2.76 Gb Available in Paging File | 65.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.50 Gb Total Space | 6.33 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
Drive D: | 8.29 Gb Total Space | 1.83 Gb Free Space | 22.09% Space Free | Partition Type: NTFS

Computer Name: PAMARJ1-PC | User Name: pamarj1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/12/28 00:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/03/30 20:55:58 | 002,182,984 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdkcoms.exe
PRC - [2007/03/09 12:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/07 09:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
PRC - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2004/06/14 17:18:08 | 000,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/25 18:43:01 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/25 18:43:01 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/24 17:26:58 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/24 17:26:57 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/07/26 22:19:38 | 000,032,848 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2011/07/26 22:19:36 | 000,044,112 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2011/07/26 22:19:36 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2011/07/26 22:19:34 | 000,195,664 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2011/07/26 22:19:34 | 000,057,424 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2011/07/26 22:19:32 | 000,841,296 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2011/07/26 22:19:30 | 000,824,912 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2011/07/26 22:19:30 | 000,049,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2011/07/26 22:19:28 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2011/07/26 22:19:26 | 000,365,648 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2011/07/26 22:19:26 | 000,131,152 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_elementtree.pyd
MOD - [2011/07/26 22:19:24 | 000,093,776 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2011/07/26 22:19:22 | 000,589,904 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2011/07/26 22:19:22 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2011/07/26 22:19:20 | 000,134,224 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2011/07/26 22:19:00 | 000,173,136 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxslt.dll
MOD - [2011/07/26 22:18:58 | 001,009,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxml2.dll
MOD - [2011/07/26 22:18:56 | 000,063,056 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libexslt.dll
MOD - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2011/06/23 04:07:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd 75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/06/23 04:02:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9 cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/03/29 05:55:05 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll
MOD - [2011/01/19 05:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010/09/02 06:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSShellExt.dll
MOD - [2009/03/01 21:08:04 | 000,003,584 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.102.211\LogicNP.PropSheetExtensionHelper.dll
MOD - [2008/10/13 17:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xm l.dll
MOD - [2008/07/27 13:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll
MOD - [2008/07/27 13:03:14 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.Configuration.dll
MOD - [2008/07/27 13:03:12 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/01 13:45:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/23 14:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2009/06/23 12:23:14 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/06/04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/06/03 11:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [Disabled | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
SRV - [2008/10/31 15:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdkcoms.exe -- (lxdk_device)
SRV - [2007/06/14 08:15:24 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/07 09:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/14 08:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/13 04:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 23:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/06/22 02:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/03/24 16:34:04 | 001,294,336 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe -- (ANSYS FLEXlm license manager)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\pamarj1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abejrzfa)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/07 23:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/07 23:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/04 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/07 21:54:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/25 22:16:55 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/22 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/06 11:07:18 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071122.002\IDSvix86. sys -- (IDSvix86)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/03 14:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/03/28 11:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 07:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/16 23:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/09 23:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/01/09 23:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2007/01/09 23:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
DRV - [2007/01/09 23:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2007/01/09 23:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/01/09 23:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVD US7
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C5 78 30 68 23 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{102266F6-EE4B-4F61-B7CF-5CAD12A85595}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{1FDCD3CD-BAC0-4EFD-94CC-99CEE205D94F}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{4F4F3347-4DD6-4602-94EA-1614B7935E8C}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{61019A01-5835-47A7-93CF-BEAA83DDC44F}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{9384583D-5916-4897-9F46-6C3D989C9917}: "URL" = http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{97181CDC-24B1-4748-9601-65BBAC502816}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVD US7
IE - HKCU\..\SearchScopes\{ADD6BEC9-F897-4477-9B4B-F56FF9288C2B}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8oCjuYer&i=26
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {7AF6830F-D3D8-4973-BA4D-74783BE69F62}:1.9.1
FF - prefs.js..extensions.enabledItems: remotemode@splashtop.com:1.0.0.5332
FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.78.35
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\pamarj1\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling. dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/31 02:45:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/01 03:04:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\remotemode@splashto p.com: C:\Program Files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions [2011/07/27 00:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/20 04:44:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetwo rks.com: C:\Users\pamarj1\AppData\Roaming\Move Networks [2009/10/27 13:23:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\pamarj1\Program Files\DNA [2010/01/14 12:10:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}: C:\Users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62} [2010/10/12 19:24:04 | 000,000,000 | ---D | M]

[2008/12/18 23:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Extensions
[2012/04/28 23:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions
[2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/10 11:48:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2007/12/07 22:03:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/04/01 14:01:22 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\crossriderapp435@crossrider.com
[2009/04/27 22:44:47 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\firefox@tvunetworks.com
[2009/03/17 18:58:47 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\searchrecs@veoh.com
[2010/11/14 00:10:35 | 000,001,832 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ searchplugins\bing.xml
[2012/04/01 13:34:03 | 000,002,203 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ searchplugins\MyStart Search.xml
[2012/04/29 23:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/27 00:20:38 | 000,000,000 | ---D | M] (Splashtop Remote) -- C:\PROGRAM FILES\SPLASHTOP\SPLASHTOP REMOTE\SERVER\PLUGIN\FFEXTENSIONS
[2008/12/20 04:44:19 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2010/10/12 19:24:04 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\PAMARJ1\APPDATA\LOCAL\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
[2009/10/27 13:23:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\PAMARJ1\APPDATA\ROAMING\MOVE NETWORKS
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2007/02/08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2009/06/23 20:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2011/11/01 16:55:05 | 000,001,692 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGo ogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf. dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcsw f32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling. dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Word Search Puzzle = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
CHR - Extension: SKiD Racer = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno\0.0.0.37_0\
CHR - Extension: WGT Golf Challenge = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
CHR - Extension: Final Fight = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpegianedjonaeafilbagbcbcimjifai\0.0.0.1_0\
CHR - Extension: AdBlock = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
CHR - Extension: Monster Truck Racing = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjmcfmephihmhendkenhfmnkfoakedhi\1.0_0\
CHR - Extension: Air Hockey = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\2.0_0\
CHR - Extension: Codec-V = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.17.48_0\
CHR - Extension: Steambirds: Survival = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn\1.0_0\
CHR - Extension: WarTime = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkobmjibnppfleogmodpjgocgdbdiikp\1.23_0\
CHR - Extension: Poppit = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Play Books = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: Crusader Tank = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpegcjgnjllooimlcfdnphhccfnmhfem\1.2.0_0\
CHR - Extension: Baseball (Deluxe) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbmhkhnoadhdceaokdofknafciecdea\2.1_0\

O1 HOSTS File: ([2012/04/25 17:41:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [!BingBar] C:\Program Files\Microsoft\BingBar\7.1.361.0\MUExe\7.1.361.0\BingBarSetup-Partner.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa...bs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F5FC4A-1ADF-4AC4-8EB4-B213ADBF5159}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/23 07:05:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 21:35:22 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
[2012/04/28 17:16:05 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\f-secure
[2012/04/28 17:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/04/25 23:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/25 18:38:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/25 17:46:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/25 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Local\temp
[2012/04/25 17:33:46 | 000,000,000 | ---D | C] -- C:\puppy.exe
[2012/04/25 17:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
[2012/04/25 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2012/04/24 17:26:26 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/24 17:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/23 18:06:03 | 000,000,000 | ---D | C] -- C:\puppy.exe20967p
[2012/04/19 19:13:41 | 004,468,852 | R--- | C] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
[2012/04/12 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\Desktop\antivirus
[2012/04/12 20:45:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe
[2012/04/05 20:32:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/05 20:32:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/05 20:32:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/05 20:31:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/05 20:31:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/05 20:29:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/01 14:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/04/01 14:01:22 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Local\Premiumplay Codec-C
[2012/04/01 14:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Premiumplay Codec-C
[2012/04/01 14:00:54 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/04/01 13:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 21:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
[2012/04/30 21:43:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
[2012/04/30 21:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
[2012/04/30 21:31:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 18:01:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2012/04/30 17:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 17:15:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/29 23:02:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 23:02:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 03:08:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/29 03:07:00 | 000,609,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/29 03:07:00 | 000,106,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/29 00:01:03 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/04/28 22:42:04 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/04/28 19:17:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 20:00:02 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
[2012/04/25 18:38:00 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 17:41:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/24 17:25:51 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/20 21:26:58 | 000,002,296 | ---- | M] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
[2012/04/19 19:13:05 | 004,468,852 | R--- | M] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
[2012/04/12 20:54:58 | 000,302,592 | ---- | M] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
[2012/04/12 20:42:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe
[2012/04/01 18:01:38 | 000,224,256 | ---- | M] () -- C:\Users\pamarj1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/29 03:08:10 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/24 17:25:51 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/20 21:29:20 | 000,002,296 | ---- | C] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
[2012/04/12 20:58:41 | 000,302,592 | ---- | C] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
[2012/04/05 20:32:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/05 20:32:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/05 20:32:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/05 20:32:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/05 20:32:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/02 19:35:35 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/01 13:45:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/03/31 21:18:17 | 000,001,466 | -HS- | C] () -- C:\Users\pamarj1\AppData\Local\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85 420
[2011/03/31 21:18:17 | 000,001,466 | -HS- | C] () -- C:\ProgramData\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
[2011/03/28 23:32:02 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/28 18:11:07 | 000,005,952 | -HS- | C] () -- C:\Users\pamarj1\AppData\Local\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t 6u
[2011/03/28 18:11:07 | 000,005,952 | -HS- | C] () -- C:\ProgramData\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u
[2010/10/12 19:24:06 | 000,000,000 | ---- | C] () -- C:\Users\pamarj1\AppData\Local\Fguvamunu.bin
[2010/10/12 19:24:05 | 000,000,120 | ---- | C] () -- C:\Users\pamarj1\AppData\Local\Fkawalutiholura.dat

========== LOP Check ==========

[2010/01/12 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Ansys
[2011/07/27 06:36:15 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS
[2011/07/27 00:19:18 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS WebStorage
[2011/07/27 09:14:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9 F1D.1
[2011/01/09 02:52:56 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent
[2008/09/30 18:48:50 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent DNA
[2011/01/28 01:21:10 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\calibre
[2009/12/25 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DAEMON Tools Lite
[2010/01/25 04:19:45 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DNA
[2009/10/28 16:06:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DzSoft
[2011/07/27 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\eCareme
[2012/04/28 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\f-secure
[2011/08/28 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\gtk-2.0
[2009/05/28 08:53:19 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Lexmark Productivity Studio
[2010/02/18 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\mjusbsp
[2010/11/09 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Mobipocket
[2011/07/27 09:14:54 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Outlook
[2012/02/07 13:52:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Samsung
[2012/03/10 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\SystemRequirementsLab
[2008/08/02 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\WildTangent
[2007/12/07 01:06:12 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2012/04/29 00:01:03 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/04/30 18:01:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2010/05/20 18:32:20 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2012/04/25 18:35:08 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/30 21:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
[2012/04/30 21:43:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job

========== Purity Check ==========



< End of report >



*****************************************************
"Extras.txt" log file is below:


OTL Extras logfile created on: 4/30/2012 9:36:29 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\pamarj1\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.56% Memory free
4.22 Gb Paging File | 2.76 Gb Available in Paging File | 65.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.50 Gb Total Space | 6.33 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
Drive D: | 8.29 Gb Total Space | 1.83 Gb Free Space | 22.09% Space Free | Partition Type: NTFS

Computer Name: PAMARJ1-PC | User Name: pamarj1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{03FA4811-5678-49DB-99C1-4B6DB65C75A1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{102A3482-ACB3-40C3-AA52-67EB5D6890D4}" = lport=137 | protocol=17 | dir=in | app=system |
"{14301BC2-CA25-422E-AED8-644BD6515FB5}" = lport=138 | protocol=17 | dir=in | app=system |
"{18669517-B8C0-401F-83C2-380038001647}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1C5101CD-7160-4CAA-B2EA-584EFFDBF4AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{240570A3-FD05-4070-BA73-95369CAEE504}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{28C17E1A-0AA6-4D2E-A2D1-069CEE52612E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E4DE966-8A7A-4792-883A-2B2774A6A40B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2EEF95CF-A77B-4ACA-9D1D-2813DD77B963}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3130E10C-FEE4-4073-A8F9-83BD251A87FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32E404CB-2E83-44C5-8942-BCC9DEE656D8}" = lport=445 | protocol=6 | dir=in | app=system |
"{55128512-00E3-4514-8E1C-4F2BD6B2CA8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{60440D78-42D9-41F1-AB14-201B99E20781}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62C7B954-90AF-4736-97F7-4629E6D2CBB5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{644FDE02-78A8-4F8F-949C-8C0699E615A8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{670E78E3-8F02-443C-BC13-6BA3B40F4681}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6F0780A7-33D2-49A4-A25C-E1FD4749908B}" = rport=445 | protocol=6 | dir=out | app=system |
"{745285CD-FEF3-4EAD-BF14-7A1636F92DA6}" = lport=139 | protocol=6 | dir=in | app=system |
"{783A0DCA-A8AB-4718-A4BA-4FA3C14D4535}" = rport=138 | protocol=17 | dir=out | app=system |
"{787B12FC-28CE-4E9C-A211-8B055F7E166B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{867FE2B2-E4B0-454B-8A9B-8AF4DBC5C275}" = rport=137 | protocol=17 | dir=out | app=system |
"{89694E3D-CE1C-48DF-A71F-E85895ACC6AA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{903B4729-E070-4BD7-BB83-DAA0E16AE21E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B810E45D-7DA4-4F25-8FAD-560ACBED044A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF7FCBC5-B3FD-4313-A48D-3BC55D5C613F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C8C24D02-6620-4F83-93FF-62AC6A094678}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D69FDCBA-F7E0-454C-94C1-29E37EFA0F04}" = rport=139 | protocol=6 | dir=out | app=system |
"{D72D82DC-89B1-4E95-8724-96BC76125079}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E45C3A3C-8BE3-4F3F-88F6-4D7FF75AC5C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E45C93D1-2E92-4E1C-AFF7-21BE96083B8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB09EBF3-58AE-4670-B4C8-051264256A15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FA8AC27F-AF57-4C52-B0C2-8A092EB195FC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FAB02698-FFC6-42A8-A823-C25560DC3A9F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{025CE4A3-1736-411D-B864-40348A333E72}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{059B9933-45D6-4E4A-ADE8-86D09F939866}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
"{06E72E97-633D-41D9-89D2-98A69818C2B3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{07B5A946-E515-4FF6-AC91-D7FE948B06CA}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkamon.exe |
"{09A3A996-F58B-4F09-B880-DFF84F755986}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0CC078F5-04FA-48E2-B327-C31F4BBD211D}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{0D83A6A4-70DF-4525-B2AD-2CF10586A76F}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{10907164-AF40-40A8-915A-76802FDFA12E}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
"{1254D1FB-C0BF-43B7-8458-E303C0D0BBD9}" = dir=in | app=c:\users\pamarj1\appdata\local\facebook\video\skype\facebookvideocallin g.exe |
"{1562EBCF-CD87-4892-8928-01046A2BCE27}" = protocol=17 | dir=in | app=c:\users\pamarj1\program files\dna\dna.exe |
"{1BFBEBCE-9AA5-4880-B85B-D414E380AE3E}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
"{1E7221A5-791A-4380-AC49-B9D6503B168A}" = protocol=17 | dir=in | app=c:\windows\system32\lxdkcoms.exe |
"{1F63ED1B-5223-4C07-8944-7C61470B2F89}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2174FFCF-3D1F-4F35-B159-F1DDF29B91C9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3774E4F0-A63A-4742-BA0A-9D196AEC52F7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{38D4824F-5EAF-4FE0-B727-D948D8ABEA98}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3A8BB367-4798-44EA-9B6C-F30ADC8B1769}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3CADBD25-21AD-4F59-A06B-A3CA5445CC6E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3FB305A1-F6B7-451A-BEBA-EABD736862A5}" = protocol=6 | dir=in | app=c:\windows\system32\lxdkcoms.exe |
"{471E7F68-7D13-48D0-9A85-CA86BD73A2C5}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{479D7343-DC23-4249-875E-74BEEA5237BB}" = protocol=6 | dir=in | app=c:\users\pamarj1\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4BB0F7DE-F73F-4DC8-BFF5-48E9D6F7B9D6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{51487CD1-3472-4067-A55E-E646388D2CD1}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{51B48187-34A9-4783-8159-E32612B344CF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52A54DDB-754E-48FD-8D8A-379AADA48C22}" = protocol=17 | dir=in | app=c:\users\pamarj1\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{533DA25F-0B66-456E-8FE5-623366CBEC4E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdktime.exe |
"{5F2F8C1C-C481-4453-9223-889DCFAE2EFD}" = dir=in | app=c:\program files\plex\plex media server\plex media server.exe |
"{62E3A001-1BE3-4D42-8437-9FE8C88A907F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{631C8A9A-3073-4C21-B8A8-CE14B6C112C5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{644D4E0A-39FB-40C3-9F02-9ECED320F825}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6747EFDA-1B9B-47BF-B676-D1398C84AABE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6A66CF3D-4B28-4CCF-9234-2B208D01C26C}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{6D6E52F0-6502-4085-AC4D-21A60EC502C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6E26E491-9CEA-4A4D-B782-E7A30045A69A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkjswx.exe |
"{711A98ED-FA70-48F5-92D5-17F296BA190A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{763C0790-2931-4E22-BCB6-61BBFE1AE624}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
"{7648068E-550E-4B8D-9EAF-E2AEC0F4030A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{78DF765B-B656-43F2-A497-72B283F57792}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
"{7A3CB773-B63B-4FC7-8788-BC20B448BE0A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E3D098D-C873-4C49-B1E2-456D1A830EF0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7F7EECC3-80E1-4DB9-8A0E-9391FFC0DC21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{865D670C-40B4-4239-BD61-93693E113739}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{91420161-BB7F-414F-B63E-005E07E8EC2C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{94184BB1-3D4D-42A1-B847-15E52AEFADFE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A164A6A3-C647-46E0-9E51-442B658A4525}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A20CE091-93A6-40EA-AEB0-9C0550659D95}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A6B70A5D-4195-4CBD-B44E-34A0677761B0}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkamon.exe |
"{A6D127B8-129C-4796-87B0-21CBDD2295AF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{A7DF02F8-27EA-4671-B62D-2E6894908497}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A8A553A9-2A99-4C36-B82D-B372E4AFADE9}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{AAC934CC-5650-4415-BED6-54A2A9A44CD6}" = protocol=6 | dir=in | app=c:\users\pamarj1\program files\dna\dna.exe |
"{AEB3A92E-E155-473A-80C5-4703E07BBF50}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B0DB4182-1848-424E-8591-9A2D24DB3BFD}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B0E300AD-8333-4799-81FF-E59C78A8EB6F}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B35DBD9A-B194-4ACE-96F6-6D98D406F1BA}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{B3C4B550-61BA-4E81-9604-FC5B7AB5E8F4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B4647ABE-FCCB-4FA0-B83F-9BE3EF1A0FCA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BC6BA00C-935D-482A-BBC1-82B746ABB63A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C1638E06-4DC6-402E-973C-24CB190FE220}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C32F8711-69AF-4494-9C55-7511E88408DF}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{C80D4C90-5E77-44A6-9A69-A185124F697B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C8122C95-73BC-4A04-9C46-C1617FC33AAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C817561E-2DCC-472C-B628-DEA2C7510BBF}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkjswx.exe |
"{C85D4720-969D-488C-8F81-258CE8CB6570}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CB22C0B5-84FB-460D-899D-B02235664480}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D616515C-B96F-4F27-9B3E-7C970621C150}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D7277D7C-843B-4448-8D7C-EF7B9727875D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
"{D9DBF6AB-1482-4C89-BA58-E364A68C61DD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DE062886-FC1D-462B-816C-043C32C0A76F}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{E0CF7F8C-4A51-4D3D-B257-8DCAB4BC65A0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E8789A75-81AA-4213-BE11-CDF1F1EA67BB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdktime.exe |
"{EAA9C718-64A0-458D-81C8-F4981FB52E03}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{EB5D78EB-A66E-4922-96DD-AF2AE556BDC3}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{EB7BEE18-B2BA-47EE-9661-73898F61A9AB}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{EBEE1427-0DB4-4F8A-80AF-B949302555E5}" = dir=in | app=c:\program files\plex\plex media server\plexscripthost.exe |
"{F710CF2F-8983-41F9-98CB-D00849B26DF6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F8FE480B-B0D6-4593-8EAC-289A264E0456}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{FCE0EF33-A11E-4038-8EA7-4AF5323179BE}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{FE71E1F1-12CE-4A24-8696-33F048EBEDDD}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{FFB01377-B897-4153-BBE8-5653C4A69999}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"TCP Query User{0079FE1C-29EC-4D90-84B7-6A0DA89CA921}C:\users\pamarj1\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\pamarj1\program files\bittorrent_dna\dna.exe |
"TCP Query User{0494DB62-EA7E-4859-83BB-B465E51E7F68}G:\quake3\quake3.exe" = protocol=6 | dir=in | app=g:\quake3\quake3.exe |
"TCP Query User{0922FF93-83F1-4B62-942F-DD0C7A65E063}C:\users\pamarj1\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\pamarj1\program files\dna\btdna.exe |
"TCP Query User{27DF5B47-C50D-4720-91E6-E26C7229CE0F}C:\users\pamarj1\appdata\local\google\chrome\application\chrom e.exe" = protocol=6 | dir=in | app=c:\users\pamarj1\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{311A1171-ED2B-4675-B814-DA88548C047A}C:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe |
"TCP Query User{438BED51-D893-497D-9EC1-4AC182EC0EB1}C:\program files\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\program files\quake iii arena\quake3.exe |
"TCP Query User{50339562-721D-4B1B-B537-427D38941A78}C:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
"TCP Query User{9DDD5134-BE88-47EC-8DDF-FF10B1774E3F}C:\program files\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\program files\quake iii arena\quake3.exe |
"TCP Query User{B386E723-82FA-4624-BBE5-9C6DB4CC8FF4}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B6A6A5A0-29D9-484C-B7F2-40585AF4C97E}C:\program files\lexmark 5300 series\lxdkmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
"TCP Query User{C9FF6511-3962-4D66-8133-ADFD334A109A}C:\program files\lexmark 5300 series\frun.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
"TCP Query User{CA53107B-7174-45E9-9F53-9748B594EC2D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{CAF1DA97-90EC-42F7-978D-6A8B84ECEA3C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DD915B5F-55FF-4327-980A-3F308AF340B0}C:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe |
"TCP Query User{EB640DFB-9958-4DBF-9E44-45FE589BD89F}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{F1880E3D-434A-4037-A442-E28C34237190}C:\program files\asus\asus sync\asusupctloader.exe" = protocol=6 | dir=in | app=c:\program files\asus\asus sync\asusupctloader.exe |
"UDP Query User{1BFC427B-E4A3-4C9F-B415-760747FE98D8}C:\users\pamarj1\appdata\local\google\chrome\application\chrom e.exe" = protocol=17 | dir=in | app=c:\users\pamarj1\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{1D7C7F28-DEB8-4358-94C7-5D9F1484BD0D}C:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe |
"UDP Query User{2021A4AD-012B-4C6E-B2E4-4A19D3F43FE2}C:\program files\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\program files\quake iii arena\quake3.exe |
"UDP Query User{2CC78272-2D55-4817-BB70-030038583A27}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{367EC2E3-D941-47B2-A92A-AFB342D7CB0E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{51FD48DE-E5F5-4B1C-8906-957BA0AC909F}C:\program files\asus\asus sync\asusupctloader.exe" = protocol=17 | dir=in | app=c:\program files\asus\asus sync\asusupctloader.exe |
"UDP Query User{5FEE06E6-6BB5-4E1A-BDF0-DD4887AFA424}C:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe |
"UDP Query User{68449D60-8856-4981-8259-2F83B5B6CE2A}C:\users\pamarj1\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\pamarj1\program files\dna\btdna.exe |
"UDP Query User{8168E703-8089-49A8-9869-D3EDE205F84E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{8C1123D6-B770-4E11-BBD9-B7127B793B5C}C:\program files\lexmark 5300 series\lxdkmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
"UDP Query User{8EBE8473-BC29-4A48-BB09-D9972294833C}C:\program files\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\program files\quake iii arena\quake3.exe |
"UDP Query User{9D25E026-BF49-4565-83E9-A5EAE2068DDD}C:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
"UDP Query User{A6D456E5-CE65-49ED-AF97-03F4AC08AA7D}C:\program files\lexmark 5300 series\frun.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
"UDP Query User{B3DDCE4B-C351-4C84-8103-4BB63C72F6E0}C:\users\pamarj1\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\pamarj1\program files\bittorrent_dna\dna.exe |
"UDP Query User{BDD3CF01-6B3F-42DC-91ED-A184A3FCABD7}G:\quake3\quake3.exe" = protocol=17 | dir=in | app=g:\quake3\quake3.exe |
"UDP Query User{FF56BDC5-8C4F-49D4-B2C3-0BBFAAF44BCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04B552B1-4EC5-4F1B-9F02-FD3DF5A71184}" = NI Assistant Framework
"{04D66B46-4349-407C-9297-9B43648E4C84}" = NI LabVIEW Run-Time Engine Interop 2009
"{05046BCC-5E64-4A85-8615-D84DE4C1D865}" = NI VC2005MSMs x86
"{05A8E727-958F-4E2D-BB2F-E820EF1077AA}" = Amethyst CADwizz Ultra
"{0657A4A0-91D4-4A64-9ADB-395EC190CF36}" = Symantec Real Time Storage Protection Component
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07A99739-82EE-4537-AF2E-1607015D9992}" = NI Service Locator
"{08133ED0-B6EB-49CD-B0EF-60502E41D15E}" = NI Xerces Delay Load 2.7.1
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{094621AC-72E7-4167-8A06-CCDDBEBC233F}" = NI LabVIEW 2009 Help File
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{118C3943-1683-42EF-824D-C22E70DB42E7}" = Comcast Desktop Software (v1.2.1)
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{127F1FD4-43BB-4428-8B2A-70539F4B6F1F}" = ANSYS Products 11.0
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{15FE4745-FF95-4746-A817-70CD06AAE8B8}" = Plex Media Server
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19C120B7-F7A6-4105-9D62-1F6305B2E2CF}" = NI DataSocket 4.7.0
"{1B06E3AF-1CE2-4085-AE4E-DFEC369E86D3}" = NI Logos XT Support
"{1D6F0B9D-F19E-43AB-9D8E-2E3653212C72}" = NI LabVIEW 2009 MeasAppChm File
"{2108E50D-978D-4D62-A837-4F12A61ADF15}" = NI LabVIEW 2009 License
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{229A26F7-81A9-4A17-9D00-6CF4D08CEA44}" = NI LabVIEW 2009 WWW
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23940B09-32B3-4C36-88A9-E787862E2AE9}" = NI Variable Engine LabVIEW 2009 Support
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{278AF4F9-DC1C-49DC-B871-C0BAEBD4F458}" = NI License Manager
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2A98DB42-3743-4022-ADFA-42AE811484AE}" = NI EULA Depot
"{2AD5E818-E2EE-4BBF-A2BF-29022C6FC236}" = NI Assistant Framework LabVIEW 2009 Support
"{2AE0B374-90DA-416C-9AF9-436585FD34DD}" = ASUS Sync
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2D72E0EC-D695-4BFB-A246-F07BAAA91AA1}" = NI Remote Provider for MAX 4.6.0
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{307300E8-6D0E-48AD-AC4B-D41A9549DEEB}" = NI LabVIEW 2009 Examples
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{3403CB31-D7C1-43F4-9D2F-579758C0CF09}" = Windows Live OneCare Family Safety
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34EE2F0F-D6EA-4C36-8315-41107048D48D}" = NI-DAQmx - LabVIEW shared documentation
"{35872655-EA55-4A90-8DAA-AD2B777B8CAC}" = NI LabVIEW 2009 Applibs
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{383AD0A2-FD79-4CF0-B823-C695E32BD08D}" = NI LabVIEW Run-Time Engine Web Services
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3F188640-B4F5-44D5-BBF3-DAB70CF5629B}" = NI LabVIEW Compare Utility 9.0.0
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40D9D764-7FD7-4036-B565-6D94DEEBD4A5}" = NI LabVIEW Merge Utility 9.0.0
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{45A5461A-7D1D-4A91-B033-0B85E7AB25C2}" = NI MXS 4.6.0f0 for LabVIEW Real-Time
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4BE3B1FB-31C9-4FA4-B7FE-37025785FCE9}" = calibre
"{4D581C40-11D0-476B-A943-76506924B722}" = NI Distributed System Manager 2009
"{4E049CBB-01EE-4859-B4C8-26E42263CEE4}" = NI LabVIEW Run-Time Engine 2009
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{50F9A1FC-39D8-46E8-8234-1A1A68A4033E}" = NI Variable Engine 2.3.0
"{51E23D68-FE69-4728-A8EE-F12856B046C7}" = NI LabVIEW 2009 User.lib
"{52C3DD72-17E5-4E0D-83A8-FB42FCE3A8EF}" = NI-RPC 4.1.1f0 for Phar Lap ETS
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0
"{57F37CA1-6FA3-46D2-8F01-AD3A26FA4E9B}" = NI Assistant Framework LabVIEW Code Generator 2009
"{596C11D1-2285-4057-99F6-735B50EB87E1}" = NI System API RT
"{5A70FCD2-C019-4723-868F-07CD6C7755FF}" = NI Logos 5.1
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{5E2E0DF8-75EC-47E2-9583-3229A4CF5C95}" = NI LabVIEW 2009 Project
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6447FE3A-8B2C-41DB-9791-322B8445B3E9}" = NI LabVIEW Deployable License 2009
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F5CBE0-D208-46E5-8593-C07D3FDF8454}" = NI LabVIEW 2009 CINtools
"{7559B6F5-180B-479A-A8CD-2175EFBC61F8}" = NI LabVIEW 2009 Deployment Framework
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77B1B7C6-4C2F-4D0C-A807-F1A2910B7AC4}" = NI LabVIEW 2009 Resource
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7ACFB216-29F7-4331-A5ED-2563AEB51F21}" = NI Trace Engine
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7E7A035C-9DC5-40B0-B873-002B14CCE3B8}" = NI-RPC 4.1.1f0
"{82B8F87D-C75E-4270-B030-49ECDAFF1B53}" = NI MAX Remote Configuration Installer 4.6
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{88D1DA3C-09FA-4CA7-BB6B-2CEACCFA95D5}" = NI System State Publisher
"{89A7BD8C-0FC3-49EF-9072-5C8371C0A4D6}" = NI LabVIEW Web Services Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5D448D-FBA1-40B6-9131-03659BC83319}" = NI LabVIEW 2009 Menus
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF869D1-F416-4855-8177-EB75D73CC992}" = NI LabVIEW 2009 Web Server
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9033A0BF-9B8A-4C27-812B-40BA10855E2D}" = NI LabVIEW 2009 Simulation
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{92769F9C-453B-40C9-B129-6E8E52586C8E}" = NI LabVIEW Broker
"{927C1DDA-61DC-4B95-A138-8A1377E33A9A}" = NI Portable Configuration 4.6.0
"{93B8921B-2AC6-4A58-A87C-19B633DB6860}" = NI Software Provider for MAX 4.6.0
"{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}" = Splashtop Remote
"{96094CE5-7920-47FD-8A02-68A7B5B1785F}" = NI System API Windows 32-bit
"{9862682B-2CDB-4D67-9D8B-EC3CDA85F1CB}" = NI LabVIEW 2009 VI.lib
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9B79CE5E-ECAA-4D23-9924-0BF5A3F440F0}" = NI LabVIEW 2009 gMath
"{9D2795DC-59E3-4E75-B59D-D23A6A18CE9C}" = ASUS Android USB Drivers
"{9F7DBC83-611C-4407-8817-8FD63E149288}" = NI SSL LabVIEW 2009 Support
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96395DA-AFC5-459E-A374-CE10E84FEEB2}" = NI TDM Excel Add-In 2.1
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AE9AA575-DE74-4711-B3B3-2977D76CC1BB}" = NI TDMS
"{AF32BE73-E284-444E-B310-7EE80192949B}" = NI LabWindows/CVI DLL Builder for LabVIEW
"{AFEDF70D-8DC3-40CB-93A0-F276E64BDF9C}" = NI VC2008MSMs x86
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B6D62D-9BDF-48A6-AE95-E4F730369D26}" = NI Logos LabVIEW 2009 Support
"{B5BD3DA8-1A63-4042-90FA-B26C361382C9}" = NI Remote PXI Provider for MAX 4.6.0
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B8E65E0D-30D8-49BD-B92C-0E77A09545D6}" = NI MAX LabVIEW Support 4.6.0
"{B963C648-249B-4145-BC14-56488262E9A9}" = NI MDF Support
"{BA0C85C1-E5CC-4F58-84FB-8DA29F3412F0}" = NI Uninstaller
"{C57A08DC-0D4B-41E1-82A3-6290292E5B87}" = NI LabVIEW 2009 Instr.lib
"{C6BF965C-5A8C-498E-A6AD-B594D583F7B3}" = NI LabVIEW 2009
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDA69AF-DD7A-42A8-B6D3-65BA0592D34E}" = NI Instrument IO Assistant for LabVIEW 9.0 32
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D5BD34F2-A261-450D-81D1-581613580320}" = NI LabVIEW 2009 Manuals
"{D72AB2C1-D24D-4F17-B3DB-AF51223F293E}" = NI SSL Support
"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19E2B0A-2249-45DA-92DB-0CE0DEB8E8A4}" = NI OPC Support
"{F417A147-5CCC-452D-9C6F-4C91FD5C7916}" = NI LabVIEW 2009 Help
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F723A248-6AAC-4514-AFFB-7414BE02D95B}" = NI LabWindows/CVI 9.0 Run-Time Engine
"{F827F574-36ED-4D97-820A-AD6F74E02D0D}" = NI MXS 4.6.0
"{F853DF00-73BD-400D-AE67-A41012E06D20}" = NI LabVIEW Real-Time NBFifo
"{F8D407B1-B9A0-4128-8E79-17A6F9433F6C}" = NI Measurement & Automation Explorer 4.6.0
"{FA131BE1-8946-4969-B16F-CF5C928ABAAB}" = NI LabVIEW 2009 Templates
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FB84287D-6425-4867-89AE-6221FCDE2976}" = NI LabWindows/CVI Code Generator
"{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage
"Audacity_is1" = Audacity 1.2.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dia" = Dia (remove only)
"doPDF 6 printer_is1" = doPDF 6.2 printer
"DzSoftWebPhotoResizer_is1" = Quick Photo Resizer 2.5.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2083] [2008-08-21]
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}" = Splashtop Remote
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark 5300 Series" = Lexmark 5300 Series
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"NI Uninstaller" = National Instruments Software
"Picasa 3" = Picasa 3
"Premiumplay Codec-C" = Premiumplay Codec-C
"PrimoPDF4.1.0.9" = PrimoPDF
"Prism" = Prism Video File Converter
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SopCast" = SopCast 1.1.2
"ST6UNST #1" = HQ2K1
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TVUPlayer" = TVUPlayer 2.3.3.2
"TVWiz" = Intel(R) TV Wizard
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VLC media player 1.1.11
"WildTangent hplaptop Master Uninstall" = My HP Games
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Live Toolbar" = Windows Live Toolbar
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR archiver
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Extras" = Yahoo! Browser Services

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"BitTorrent" = BitTorrent 6.0
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2010 1:11:59 PM | Computer Name = pamarj1-PC | Source = Symantec AntiVirus | ID = 16711726
Description =

Error - 1/10/2010 1:12:00 PM | Computer Name = pamarj1-PC | Source = Symantec AntiVirus | ID = 16711685
Description =

Error - 1/10/2010 1:12:09 PM | Computer Name = pamarj1-PC | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 1/12/2010 6:05:22 PM | Computer Name = pamarj1-PC | Source = Windows Installer 3.1 | ID = 921877
Description =

Error - 1/12/2010 6:07:03 PM | Computer Name = pamarj1-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 1/12/2010 6:07:52 PM | Computer Name = pamarj1-PC | Source = VSS | ID = 8194
Description =

Error - 1/12/2010 6:20:24 PM | Computer Name = pamarj1-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 1/13/2010 3:25:09 PM | Computer Name = pamarj1-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2c68 Start Time: 01ca91a935a7a440 Termination Time: 0

Error - 1/14/2010 12:35:33 AM | Computer Name = pamarj1-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/14/2010 4:18:04 PM | Computer Name = pamarj1-PC | Source = Windows Search Service | ID = 3013
Description =

[ OSession Events ]
Error - 10/25/2007 11:00:42 PM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2087
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 6/15/2009 2:12:51 AM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/15/2009 1:18:11 AM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1074
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/25/2009 3:42:43 PM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/11/2010 1:04:30 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom10, is not ready for access yet.

Error - 10/11/2010 1:04:31 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom10, is not ready for access yet.

Error - 10/11/2010 1:04:32 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom10, is not ready for access yet.

Error - 10/11/2010 1:04:33 AM | Computer Name = pamarj1-PC | Source = PlugPlayManager | ID = 12
Description = The device 'TSSTcorp CD/DVDW TS-L632M ATA Device' (IDE\CdRomTSSTcorp_CD/DVDW_TS-L632M_______________0A17____\5&5b8f77b&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 10/11/2010 1:04:33 AM | Computer Name = pamarj1-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 10/11/2010 1:04:33 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom10, is not ready for access yet.

Error - 10/11/2010 7:55:16 PM | Computer Name = pamarj1-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 10/12/2010 1:16:35 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom11, is not ready for access yet.

Error - 10/12/2010 7:53:38 PM | Computer Name = pamarj1-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 10/12/2010 7:54:53 PM | Computer Name = pamarj1-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:52:05 PM on 10/12/2010 was unexpected.

[ VeriSoft Events ]
Error - 7/20/2011 8:33:11 AM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7/20/2011 8:33:15 AM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11/10/2011 8:45:24 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 1/15/2012 9:30:44 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:28:51 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:29:00 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:29:21 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:29:26 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:29:37 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:33:28 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.


< End of report >
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,694 posts.
 
Join Date: Aug 2003
01-May-2012, 09:05 AM #36
Run OTL again. Close all running applications other than OTL. Under the Custom Scans/Fixes box at the bottom, paste in the text in the code box that follows these instructions:
  • Click the Run Fix button at the top.
  • Let the program run unhindered. When finished, the system should reboot automatically. If it doesn't please reboot.
  • After the computer reboots and you log into your account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

Code:
:OTL
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26

:Files
C:\Users\pamarj1\AppData\Local\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
C:\ProgramData\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
C:\Users\pamarj1\AppData\Local\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u
C:\ProgramData\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u
C:\Users\pamarj1\AppData\Local\Fguvamunu.bin
C:\Users\pamarj1\AppData\Local\Fkawalutiholura.dat

:Commands
[Reboot]
[emptytemp]
[EMPTYFLASH]
ajpnsld's Avatar
ajpnsld ajpnsld is offline
Computer Specs
Member with 30 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
01-May-2012, 11:35 PM #37
All processes killed
========== OTL ==========
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
========== FILES ==========
File\Folder C:\Users\pamarj1\AppData\Local\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85 420 not found.
File\Folder C:\ProgramData\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420 not found.
File\Folder C:\Users\pamarj1\AppData\Local\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t 6u not found.
File\Folder C:\ProgramData\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u not found.
File\Folder C:\Users\pamarj1\AppData\Local\Fguvamunu.bin not found.
File\Folder C:\Users\pamarj1\AppData\Local\Fkawalutiholura.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: 257
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: pamarj1
->Temp folder emptied: 172861 bytes
->Temporary Internet Files folder emptied: 78326565 bytes
->Java cache emptied: 74639981 bytes
->FireFox cache emptied: 70758447 bytes
->Google Chrome cache emptied: 223845819 bytes
->Flash cache emptied: 204289 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123730 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 427.00 mb


[EMPTYFLASH]

User: 257
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: pamarj1
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.42.2 log created on 05012012_221742

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,694 posts.
 
Join Date: Aug 2003
02-May-2012, 03:35 PM #38
Please run OTL again the same as the first time and post the log.
ajpnsld's Avatar
ajpnsld ajpnsld is offline
Computer Specs
Member with 30 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
03-May-2012, 07:02 PM #39
Hi cookiegal

sorry for the delay. Here's the log

OTL.TXT



OTL logfile created on: 5/3/2012 5:19:46 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\pamarj1\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.32% Memory free
4.22 Gb Paging File | 2.72 Gb Available in Paging File | 64.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.50 Gb Total Space | 10.06 Gb Free Space | 9.72% Space Free | Partition Type: NTFS
Drive D: | 8.29 Gb Total Space | 1.83 Gb Free Space | 22.09% Space Free | Partition Type: NTFS

Computer Name: PAMARJ1-PC | User Name: pamarj1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/12/28 00:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/03/30 20:55:58 | 002,182,984 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdkcoms.exe
PRC - [2007/03/09 12:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/07 09:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
PRC - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/01 22:35:09 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/01 22:35:09 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/24 17:26:58 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/24 17:26:57 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/07/26 22:19:38 | 000,032,848 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2011/07/26 22:19:36 | 000,044,112 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2011/07/26 22:19:36 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2011/07/26 22:19:34 | 000,195,664 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2011/07/26 22:19:34 | 000,057,424 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2011/07/26 22:19:32 | 000,841,296 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2011/07/26 22:19:30 | 000,824,912 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2011/07/26 22:19:30 | 000,049,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2011/07/26 22:19:28 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2011/07/26 22:19:26 | 000,365,648 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2011/07/26 22:19:26 | 000,131,152 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_elementtree.pyd
MOD - [2011/07/26 22:19:24 | 000,093,776 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2011/07/26 22:19:22 | 000,589,904 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2011/07/26 22:19:22 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2011/07/26 22:19:20 | 000,134,224 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2011/07/26 22:19:00 | 000,173,136 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxslt.dll
MOD - [2011/07/26 22:18:58 | 001,009,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxml2.dll
MOD - [2011/07/26 22:18:56 | 000,063,056 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libexslt.dll
MOD - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2011/06/23 04:02:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9 cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/01/19 05:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010/09/02 06:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSShellExt.dll
MOD - [2009/01/18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2008/10/13 17:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xm l.dll
MOD - [2008/07/27 13:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll
MOD - [2008/07/27 13:03:14 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.Configuration.dll
MOD - [2008/07/27 13:03:12 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll
MOD - [2007/11/16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007/11/16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/01 13:45:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/23 14:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2009/06/23 12:23:14 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/06/04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/06/03 11:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [Disabled | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
SRV - [2008/10/31 15:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdkcoms.exe -- (lxdk_device)
SRV - [2007/06/14 08:15:24 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/07 09:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/14 08:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/13 04:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 23:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/06/22 02:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/03/24 16:34:04 | 001,294,336 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe -- (ANSYS FLEXlm license manager)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\pamarj1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aget0x7k)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/07 23:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/07 23:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/04 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/07 21:54:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/25 22:16:55 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/22 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/06 11:07:18 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071122.002\IDSvix86. sys -- (IDSvix86)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/03 14:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/03/28 11:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 07:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/16 23:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/09 23:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/01/09 23:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2007/01/09 23:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
DRV - [2007/01/09 23:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2007/01/09 23:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/01/09 23:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVD US7
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C5 78 30 68 23 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{102266F6-EE4B-4F61-B7CF-5CAD12A85595}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{1FDCD3CD-BAC0-4EFD-94CC-99CEE205D94F}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{4F4F3347-4DD6-4602-94EA-1614B7935E8C}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{61019A01-5835-47A7-93CF-BEAA83DDC44F}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{9384583D-5916-4897-9F46-6C3D989C9917}: "URL" = http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{97181CDC-24B1-4748-9601-65BBAC502816}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVD US7
IE - HKCU\..\SearchScopes\{ADD6BEC9-F897-4477-9B4B-F56FF9288C2B}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8oCjuYer&i=26
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {7AF6830F-D3D8-4973-BA4D-74783BE69F62}:1.9.1
FF - prefs.js..extensions.enabledItems: remotemode@splashtop.com:1.0.0.5332
FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.78.35
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\pamarj1\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling. dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\remotemode@splashto p.com: C:\Program Files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions [2011/07/27 00:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/20 04:44:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetwo rks.com: C:\Users\pamarj1\AppData\Roaming\Move Networks [2009/10/27 13:23:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\pamarj1\Program Files\DNA [2010/01/14 12:10:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}: C:\Users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62} [2010/10/12 19:24:04 | 000,000,000 | ---D | M]

[2008/12/18 23:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Extensions
[2012/05/02 17:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions
[2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/10 11:48:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2007/12/07 22:03:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/04/01 14:01:22 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\crossriderapp435@crossrider.com
[2009/04/27 22:44:47 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\firefox@tvunetworks.com
[2009/03/17 18:58:47 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ extensions\searchrecs@veoh.com
[2010/11/14 00:10:35 | 000,001,832 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ searchplugins\bing.xml
[2012/04/01 13:34:03 | 000,002,203 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\ searchplugins\MyStart Search.xml
[2012/04/29 23:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/27 00:20:38 | 000,000,000 | ---D | M] (Splashtop Remote) -- C:\PROGRAM FILES\SPLASHTOP\SPLASHTOP REMOTE\SERVER\PLUGIN\FFEXTENSIONS
[2008/12/20 04:44:19 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2010/10/12 19:24:04 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\PAMARJ1\APPDATA\LOCAL\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
[2009/10/27 13:23:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\PAMARJ1\APPDATA\ROAMING\MOVE NETWORKS
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2007/02/08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2009/06/23 20:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2011/11/01 16:55:05 | 000,001,692 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGo ogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf. dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling. dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Word Search Puzzle = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
CHR - Extension: SKiD Racer = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno\0.0.0.37_0\
CHR - Extension: WGT Golf Challenge = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
CHR - Extension: Final Fight = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpegianedjonaeafilbagbcbcimjifai\0.0.0.1_0\
CHR - Extension: AdBlock = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
CHR - Extension: Monster Truck Racing = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjmcfmephihmhendkenhfmnkfoakedhi\1.0_0\
CHR - Extension: Air Hockey = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\2.0_0\
CHR - Extension: Codec-V = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.17.48_0\
CHR - Extension: Steambirds: Survival = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn\1.0_0\
CHR - Extension: WarTime = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkobmjibnppfleogmodpjgocgdbdiikp\1.23_0\
CHR - Extension: Poppit = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Play Books = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: Crusader Tank = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpegcjgnjllooimlcfdnphhccfnmhfem\1.2.0_0\
CHR - Extension: Baseball (Deluxe) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbmhkhnoadhdceaokdofknafciecdea\2.1_0\

O1 HOSTS File: ([2012/04/25 17:41:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa...bs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F5FC4A-1ADF-4AC4-8EB4-B213ADBF5159}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/23 07:05:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 20:11:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/30 21:35:22 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
[2012/04/28 17:16:05 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\f-secure
[2012/04/28 17:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/04/25 23:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/25 18:38:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/25 17:46:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/25 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Local\temp
[2012/04/25 17:33:46 | 000,000,000 | ---D | C] -- C:\puppy.exe
[2012/04/25 17:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
[2012/04/25 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2012/04/24 17:26:26 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/24 17:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/23 18:06:03 | 000,000,000 | ---D | C] -- C:\puppy.exe20967p
[2012/04/19 19:13:41 | 004,468,852 | R--- | C] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
[2012/04/12 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\Desktop\antivirus
[2012/04/12 20:45:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe
[2012/04/05 20:32:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/05 20:32:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/05 20:32:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/05 20:31:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/05 20:31:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/05 20:29:48 | 000,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 30 Days ==========

[2012/05/03 17:35:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
[2012/05/03 17:33:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
[2012/05/03 17:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/03 17:16:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/03 17:16:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 17:16:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 00:15:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/03 00:01:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2012/05/03 00:01:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/05/02 23:42:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2012/05/02 22:42:03 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/05/02 19:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/01 22:29:58 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
[2012/04/29 03:08:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/29 03:07:00 | 000,609,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/29 03:07:00 | 000,106,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/26 20:00:02 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
[2012/04/25 17:41:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/24 17:25:51 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/20 21:26:58 | 000,002,296 | ---- | M] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
[2012/04/19 19:13:05 | 004,468,852 | R--- | M] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
[2012/04/12 20:54:58 | 000,302,592 | ---- | M] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
[2012/04/12 20:42:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe

========== Files Created - No Company Name ==========

[2012/04/29 03:08:10 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/24 17:25:51 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/20 21:29:20 | 000,002,296 | ---- | C] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
[2012/04/12 20:58:41 | 000,302,592 | ---- | C] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
[2012/04/05 20:32:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/05 20:32:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/05 20:32:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/05 20:32:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/05 20:32:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/03/28 23:32:02 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

========== LOP Check ==========

[2010/01/12 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Ansys
[2011/07/27 06:36:15 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS
[2011/07/27 00:19:18 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS WebStorage
[2011/07/27 09:14:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9 F1D.1
[2011/01/09 02:52:56 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent
[2008/09/30 18:48:50 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent DNA
[2011/01/28 01:21:10 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\calibre
[2009/12/25 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DAEMON Tools Lite
[2010/01/25 04:19:45 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DNA
[2009/10/28 16:06:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DzSoft
[2011/07/27 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\eCareme
[2012/04/28 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\f-secure
[2011/08/28 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\gtk-2.0
[2009/05/28 08:53:19 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Lexmark Productivity Studio
[2010/02/18 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\mjusbsp
[2010/11/09 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Mobipocket
[2011/07/27 09:14:54 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Outlook
[2012/02/07 13:52:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Samsung
[2012/03/10 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\SystemRequirementsLab
[2008/08/02 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\WildTangent
[2007/12/07 01:06:12 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2012/05/03 00:01:02 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/05/03 00:01:04 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2010/05/20 18:32:20 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2012/05/01 22:27:17 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/03 17:35:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
[2012/05/03 17:33:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job

========== Purity Check ==========



< End of report >
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,694 posts.
 
Join Date: Aug 2003
04-May-2012, 12:01 PM #40
Run OTL again and under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8oCjuYer&i=26
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26
Click Run Fix and then post the log please.
ajpnsld's Avatar
ajpnsld ajpnsld is offline
Computer Specs
Member with 30 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
04-May-2012, 07:17 PM #41
Hi Cookigal,

Following is the log after running OTL with your script.


========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.

OTL by OldTimer - Version 3.2.42.2 log created on 05042012_181636
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,694 posts.
 
Join Date: Aug 2003
05-May-2012, 12:01 PM #42
In Chrome, please change the default search provider to Google (or something else other than IncrediBar).
ajpnsld's Avatar
ajpnsld ajpnsld is offline
Computer Specs
Member with 30 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
05-May-2012, 02:31 PM #43
Hi cookigal

I changed the search engine and the search is going thru google. But the incredibar option still shows in the pull down menu in the options section of chrome. how do I delete that?
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,694 posts.
 
Join Date: Aug 2003
05-May-2012, 02:55 PM #44
In that same area, click on "Manage Search Engines" and remove the other option releated to Incredibar. Then exit Chrome and restart the browser and let me if it's gone.
ajpnsld's Avatar
ajpnsld ajpnsld is offline
Computer Specs
Member with 30 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Beginner
05-May-2012, 03:12 PM #45
After modifying "manage search engines", incredibar is not appearing.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
combofix, incredibar, windows vista 32-bit

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑