1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IncrediBar virus on my laptop-Please help!!!!

Discussion in 'Virus & Other Malware Removal' started by ajpnsld, Apr 10, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. ajpnsld

    ajpnsld Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    30
    The incredibar virus problem is still there.
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,616
    Where are you seeing it?
     
  3. ajpnsld

    ajpnsld Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    30
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,616
    Download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  5. ajpnsld

    ajpnsld Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    30
    "OTL.txt" log file is below:

    OTL logfile created on: 4/30/2012 9:36:29 PM - Run 1
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\pamarj1\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.56% Memory free
    4.22 Gb Paging File | 2.76 Gb Available in Paging File | 65.51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.50 Gb Total Space | 6.33 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
    Drive D: | 8.29 Gb Total Space | 1.83 Gb Free Space | 22.09% Space Free | Partition Type: NTFS

    Computer Name: PAMARJ1-PC | User Name: pamarj1 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2011/12/28 00:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
    PRC - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
    PRC - [2011/03/30 20:55:58 | 002,182,984 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
    PRC - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
    PRC - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
    PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    PRC - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdkcoms.exe
    PRC - [2007/03/09 12:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/02/07 09:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
    PRC - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    PRC - [2004/06/14 17:18:08 | 000,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/25 18:43:01 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2012/04/25 18:43:01 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2012/04/24 17:26:58 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2012/04/24 17:26:57 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2011/07/26 22:19:38 | 000,032,848 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    MOD - [2011/07/26 22:19:36 | 000,044,112 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
    MOD - [2011/07/26 22:19:36 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
    MOD - [2011/07/26 22:19:34 | 000,195,664 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    MOD - [2011/07/26 22:19:34 | 000,057,424 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
    MOD - [2011/07/26 22:19:32 | 000,841,296 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
    MOD - [2011/07/26 22:19:30 | 000,824,912 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
    MOD - [2011/07/26 22:19:30 | 000,049,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
    MOD - [2011/07/26 22:19:28 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
    MOD - [2011/07/26 22:19:26 | 000,365,648 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
    MOD - [2011/07/26 22:19:26 | 000,131,152 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_elementtree.pyd
    MOD - [2011/07/26 22:19:24 | 000,093,776 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
    MOD - [2011/07/26 22:19:22 | 000,589,904 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
    MOD - [2011/07/26 22:19:22 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
    MOD - [2011/07/26 22:19:20 | 000,134,224 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
    MOD - [2011/07/26 22:19:00 | 000,173,136 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxslt.dll
    MOD - [2011/07/26 22:18:58 | 001,009,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxml2.dll
    MOD - [2011/07/26 22:18:56 | 000,063,056 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libexslt.dll
    MOD - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
    MOD - [2011/06/23 04:07:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
    MOD - [2011/06/23 04:02:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
    MOD - [2011/03/29 05:55:05 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2011/01/19 05:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2010/09/02 06:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSShellExt.dll
    MOD - [2009/03/01 21:08:04 | 000,003,584 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.102.211\LogicNP.PropSheetExtensionHelper.dll
    MOD - [2008/10/13 17:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2008/07/27 13:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2008/07/27 13:03:14 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2008/07/27 13:03:12 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/04/01 13:45:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
    SRV - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
    SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/06/23 14:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
    SRV - [2009/06/23 12:23:14 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
    SRV - [2009/06/18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
    SRV - [2009/06/18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
    SRV - [2009/06/18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
    SRV - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
    SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/06/04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
    SRV - [2009/06/03 11:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [Disabled | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
    SRV - [2008/10/31 15:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
    SRV - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdkcoms.exe -- (lxdk_device)
    SRV - [2007/06/14 08:15:24 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
    SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
    SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
    SRV - [2007/02/07 09:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
    SRV - [2007/01/14 08:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
    SRV - [2007/01/13 04:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
    SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
    SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2007/01/05 23:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
    SRV - [2006/06/22 02:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)
    SRV - [2006/03/24 16:34:04 | 001,294,336 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe -- (ANSYS FLEXlm license manager)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\pamarj1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abejrzfa)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/12/07 23:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
    DRV - [2011/12/07 23:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVENG.SYS -- (NAVENG)
    DRV - [2010/06/17 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/06/04 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/05/07 21:54:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2009/12/25 22:16:55 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2009/05/22 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
    DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2007/11/06 11:07:18 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071122.002\IDSvix86.sys -- (IDSvix86)
    DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2007/04/03 14:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
    DRV - [2007/03/28 11:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
    DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2007/03/01 07:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/01/16 23:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
    DRV - [2007/01/09 23:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
    DRV - [2007/01/09 23:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
    DRV - [2007/01/09 23:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
    DRV - [2007/01/09 23:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
    DRV - [2007/01/09 23:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
    DRV - [2007/01/09 23:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
    DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKLM\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
    IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C5 78 30 68 23 CD 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{102266F6-EE4B-4F61-B7CF-5CAD12A85595}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{1FDCD3CD-BAC0-4EFD-94CC-99CEE205D94F}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{4F4F3347-4DD6-4602-94EA-1614B7935E8C}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{61019A01-5835-47A7-93CF-BEAA83DDC44F}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKCU\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{9384583D-5916-4897-9F46-6C3D989C9917}: "URL" = http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{97181CDC-24B1-4748-9601-65BBAC502816}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKCU\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
    IE - HKCU\..\SearchScopes\{ADD6BEC9-F897-4477-9B4B-F56FF9288C2B}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8oCjuYer&i=26
    IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
    FF - prefs.js..extensions.enabledItems: [email protected]:7
    FF - prefs.js..extensions.enabledItems: [email protected]:1.4
    FF - prefs.js..extensions.enabledItems: {7AF6830F-D3D8-4973-BA4D-74783BE69F62}:1.9.1
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.5332
    FF - prefs.js..extensions.enabledItems: [email protected]:0.78.35
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\pamarj1\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/31 02:45:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/01 03:04:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions [2011/07/27 00:20:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/20 04:44:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\pamarj1\AppData\Roaming\Move Networks [2009/10/27 13:23:27 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\pamarj1\Program Files\DNA [2010/01/14 12:10:38 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}: C:\Users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62} [2010/10/12 19:24:04 | 000,000,000 | ---D | M]

    [2008/12/18 23:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Extensions
    [2012/04/28 23:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions
    [2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/10 11:48:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    [2007/12/07 22:03:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2012/04/01 14:01:22 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
    [2009/04/27 22:44:47 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
    [2009/03/17 18:58:47 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
    [2010/11/14 00:10:35 | 000,001,832 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\bing.xml
    [2012/04/01 13:34:03 | 000,002,203 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\MyStart Search.xml
    [2012/04/29 23:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/07/27 00:20:38 | 000,000,000 | ---D | M] (Splashtop Remote) -- C:\PROGRAM FILES\SPLASHTOP\SPLASHTOP REMOTE\SERVER\PLUGIN\FFEXTENSIONS
    [2008/12/20 04:44:19 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
    [2010/10/12 19:24:04 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\PAMARJ1\APPDATA\LOCAL\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
    [2009/10/27 13:23:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\PAMARJ1\APPDATA\ROAMING\MOVE NETWORKS
    [2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
    [2007/02/08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
    [2009/06/23 20:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
    [2011/11/01 16:55:05 | 000,001,692 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

    ========== Chrome ==========

    CHR - default_search_provider: MyStart Search (Enabled)
    CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
    CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
    CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
    CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
    CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Entanglement = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: Angry Birds = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
    CHR - Extension: Word Search Puzzle = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
    CHR - Extension: SKiD Racer = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno\0.0.0.37_0\
    CHR - Extension: WGT Golf Challenge = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
    CHR - Extension: Final Fight = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpegianedjonaeafilbagbcbcimjifai\0.0.0.1_0\
    CHR - Extension: AdBlock = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
    CHR - Extension: Monster Truck Racing = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjmcfmephihmhendkenhfmnkfoakedhi\1.0_0\
    CHR - Extension: Air Hockey = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\2.0_0\
    CHR - Extension: Codec-V = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.17.48_0\
    CHR - Extension: Steambirds: Survival = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn\1.0_0\
    CHR - Extension: WarTime = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkobmjibnppfleogmodpjgocgdbdiikp\1.23_0\
    CHR - Extension: Poppit = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: Google Play Books = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
    CHR - Extension: HP Product Detection Plugin = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
    CHR - Extension: Crusader Tank = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpegcjgnjllooimlcfdnphhccfnmhfem\1.2.0_0\
    CHR - Extension: Baseball (Deluxe) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbmhkhnoadhdceaokdofknafciecdea\2.1_0\

    O1 HOSTS File: ([2012/04/25 17:41:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
    O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
    O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnce: [!BingBar] C:\Program Files\Microsoft\BingBar\7.1.361.0\MUExe\7.1.361.0\BingBarSetup-Partner.EXE (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F5FC4A-1ADF-4AC4-8EB4-B213ADBF5159}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: DhcpNameServer = 68.87.72.134 68.87.77.134
    O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/05/23 07:05:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/30 21:35:22 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
    [2012/04/28 17:16:05 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\f-secure
    [2012/04/28 17:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
    [2012/04/25 23:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/04/25 18:38:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/25 17:46:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/25 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Local\temp
    [2012/04/25 17:33:46 | 000,000,000 | ---D | C] -- C:\puppy.exe
    [2012/04/25 17:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
    [2012/04/25 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
    [2012/04/24 17:26:26 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\SUPERAntiSpyware.com
    [2012/04/24 17:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/04/23 18:06:03 | 000,000,000 | ---D | C] -- C:\puppy.exe20967p
    [2012/04/19 19:13:41 | 004,468,852 | R--- | C] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
    [2012/04/12 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\Desktop\antivirus
    [2012/04/12 20:45:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe
    [2012/04/05 20:32:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/05 20:32:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/05 20:32:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/05 20:31:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/05 20:31:54 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/04/05 20:29:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/01 14:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
    [2012/04/01 14:01:22 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Local\Premiumplay Codec-C
    [2012/04/01 14:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Premiumplay Codec-C
    [2012/04/01 14:00:54 | 000,000,000 | ---D | C] -- C:\codec-info
    [2012/04/01 13:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/30 21:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
    [2012/04/30 21:43:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
    [2012/04/30 21:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
    [2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
    [2012/04/30 21:31:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/30 18:01:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
    [2012/04/30 17:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/30 17:15:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/29 23:02:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/29 23:02:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/29 03:08:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/04/29 03:07:00 | 000,609,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/04/29 03:07:00 | 000,106,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/04/29 00:01:03 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
    [2012/04/28 22:42:04 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
    [2012/04/28 19:17:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/26 20:00:02 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
    [2012/04/25 18:38:00 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/25 17:41:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/04/24 17:25:51 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/04/20 21:26:58 | 000,002,296 | ---- | M] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
    [2012/04/19 19:13:05 | 004,468,852 | R--- | M] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
    [2012/04/12 20:54:58 | 000,302,592 | ---- | M] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
    [2012/04/12 20:42:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe
    [2012/04/01 18:01:38 | 000,224,256 | ---- | M] () -- C:\Users\pamarj1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/29 03:08:10 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/04/24 17:25:51 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/04/20 21:29:20 | 000,002,296 | ---- | C] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
    [2012/04/12 20:58:41 | 000,302,592 | ---- | C] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
    [2012/04/05 20:32:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/05 20:32:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/05 20:32:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/05 20:32:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/05 20:32:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/02 19:35:35 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
    [2012/04/01 13:45:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2011/03/31 21:18:17 | 000,001,466 | -HS- | C] () -- C:\Users\pamarj1\AppData\Local\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
    [2011/03/31 21:18:17 | 000,001,466 | -HS- | C] () -- C:\ProgramData\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
    [2011/03/28 23:32:02 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2011/03/28 18:11:07 | 000,005,952 | -HS- | C] () -- C:\Users\pamarj1\AppData\Local\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u
    [2011/03/28 18:11:07 | 000,005,952 | -HS- | C] () -- C:\ProgramData\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u
    [2010/10/12 19:24:06 | 000,000,000 | ---- | C] () -- C:\Users\pamarj1\AppData\Local\Fguvamunu.bin
    [2010/10/12 19:24:05 | 000,000,120 | ---- | C] () -- C:\Users\pamarj1\AppData\Local\Fkawalutiholura.dat

    ========== LOP Check ==========

    [2010/01/12 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Ansys
    [2011/07/27 06:36:15 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS
    [2011/07/27 00:19:18 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS WebStorage
    [2011/07/27 09:14:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
    [2011/01/09 02:52:56 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent
    [2008/09/30 18:48:50 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent DNA
    [2011/01/28 01:21:10 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\calibre
    [2009/12/25 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DAEMON Tools Lite
    [2010/01/25 04:19:45 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DNA
    [2009/10/28 16:06:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DzSoft
    [2011/07/27 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\eCareme
    [2012/04/28 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\f-secure
    [2011/08/28 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\gtk-2.0
    [2009/05/28 08:53:19 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Lexmark Productivity Studio
    [2010/02/18 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\mjusbsp
    [2010/11/09 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Mobipocket
    [2011/07/27 09:14:54 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Outlook
    [2012/02/07 13:52:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Samsung
    [2012/03/10 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\SystemRequirementsLab
    [2008/08/02 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\WildTangent
    [2007/12/07 01:06:12 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
    [2012/04/29 00:01:03 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
    [2012/04/30 18:01:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
    [2010/05/20 18:32:20 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install.job
    [2012/04/25 18:35:08 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/04/30 21:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
    [2012/04/30 21:43:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job

    ========== Purity Check ==========



    < End of report >



    *****************************************************
    "Extras.txt" log file is below:


    OTL Extras logfile created on: 4/30/2012 9:36:29 PM - Run 1
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\pamarj1\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.56% Memory free
    4.22 Gb Paging File | 2.76 Gb Available in Paging File | 65.51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.50 Gb Total Space | 6.33 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
    Drive D: | 8.29 Gb Total Space | 1.83 Gb Free Space | 22.09% Space Free | Partition Type: NTFS

    Computer Name: PAMARJ1-PC | User Name: pamarj1 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .com [@ = ComFile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03FA4811-5678-49DB-99C1-4B6DB65C75A1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{102A3482-ACB3-40C3-AA52-67EB5D6890D4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{14301BC2-CA25-422E-AED8-644BD6515FB5}" = lport=138 | protocol=17 | dir=in | app=system |
    "{18669517-B8C0-401F-83C2-380038001647}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{1C5101CD-7160-4CAA-B2EA-584EFFDBF4AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{240570A3-FD05-4070-BA73-95369CAEE504}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{28C17E1A-0AA6-4D2E-A2D1-069CEE52612E}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2E4DE966-8A7A-4792-883A-2B2774A6A40B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{2EEF95CF-A77B-4ACA-9D1D-2813DD77B963}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{3130E10C-FEE4-4073-A8F9-83BD251A87FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{32E404CB-2E83-44C5-8942-BCC9DEE656D8}" = lport=445 | protocol=6 | dir=in | app=system |
    "{55128512-00E3-4514-8E1C-4F2BD6B2CA8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{60440D78-42D9-41F1-AB14-201B99E20781}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{62C7B954-90AF-4736-97F7-4629E6D2CBB5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{644FDE02-78A8-4F8F-949C-8C0699E615A8}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{670E78E3-8F02-443C-BC13-6BA3B40F4681}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{6F0780A7-33D2-49A4-A25C-E1FD4749908B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{745285CD-FEF3-4EAD-BF14-7A1636F92DA6}" = lport=139 | protocol=6 | dir=in | app=system |
    "{783A0DCA-A8AB-4718-A4BA-4FA3C14D4535}" = rport=138 | protocol=17 | dir=out | app=system |
    "{787B12FC-28CE-4E9C-A211-8B055F7E166B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{867FE2B2-E4B0-454B-8A9B-8AF4DBC5C275}" = rport=137 | protocol=17 | dir=out | app=system |
    "{89694E3D-CE1C-48DF-A71F-E85895ACC6AA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{903B4729-E070-4BD7-BB83-DAA0E16AE21E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{B810E45D-7DA4-4F25-8FAD-560ACBED044A}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BF7FCBC5-B3FD-4313-A48D-3BC55D5C613F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C8C24D02-6620-4F83-93FF-62AC6A094678}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{D69FDCBA-F7E0-454C-94C1-29E37EFA0F04}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D72D82DC-89B1-4E95-8724-96BC76125079}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{E45C3A3C-8BE3-4F3F-88F6-4D7FF75AC5C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E45C93D1-2E92-4E1C-AFF7-21BE96083B8E}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{EB09EBF3-58AE-4670-B4C8-051264256A15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{FA8AC27F-AF57-4C52-B0C2-8A092EB195FC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{FAB02698-FFC6-42A8-A823-C25560DC3A9F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{025CE4A3-1736-411D-B864-40348A333E72}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{059B9933-45D6-4E4A-ADE8-86D09F939866}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
    "{06E72E97-633D-41D9-89D2-98A69818C2B3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{07B5A946-E515-4FF6-AC91-D7FE948B06CA}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkamon.exe |
    "{09A3A996-F58B-4F09-B880-DFF84F755986}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{0CC078F5-04FA-48E2-B327-C31F4BBD211D}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "{0D83A6A4-70DF-4525-B2AD-2CF10586A76F}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
    "{10907164-AF40-40A8-915A-76802FDFA12E}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
    "{1254D1FB-C0BF-43B7-8458-E303C0D0BBD9}" = dir=in | app=c:\users\pamarj1\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{1562EBCF-CD87-4892-8928-01046A2BCE27}" = protocol=17 | dir=in | app=c:\users\pamarj1\program files\dna\dna.exe |
    "{1BFBEBCE-9AA5-4880-B85B-D414E380AE3E}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
    "{1E7221A5-791A-4380-AC49-B9D6503B168A}" = protocol=17 | dir=in | app=c:\windows\system32\lxdkcoms.exe |
    "{1F63ED1B-5223-4C07-8944-7C61470B2F89}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
    "{2174FFCF-3D1F-4F35-B159-F1DDF29B91C9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{3774E4F0-A63A-4742-BA0A-9D196AEC52F7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{38D4824F-5EAF-4FE0-B727-D948D8ABEA98}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{3A8BB367-4798-44EA-9B6C-F30ADC8B1769}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{3CADBD25-21AD-4F59-A06B-A3CA5445CC6E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{3FB305A1-F6B7-451A-BEBA-EABD736862A5}" = protocol=6 | dir=in | app=c:\windows\system32\lxdkcoms.exe |
    "{471E7F68-7D13-48D0-9A85-CA86BD73A2C5}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{479D7343-DC23-4249-875E-74BEEA5237BB}" = protocol=6 | dir=in | app=c:\users\pamarj1\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{4BB0F7DE-F73F-4DC8-BFF5-48E9D6F7B9D6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{51487CD1-3472-4067-A55E-E646388D2CD1}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
    "{51B48187-34A9-4783-8159-E32612B344CF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{52A54DDB-754E-48FD-8D8A-379AADA48C22}" = protocol=17 | dir=in | app=c:\users\pamarj1\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{533DA25F-0B66-456E-8FE5-623366CBEC4E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdktime.exe |
    "{5F2F8C1C-C481-4453-9223-889DCFAE2EFD}" = dir=in | app=c:\program files\plex\plex media server\plex media server.exe |
    "{62E3A001-1BE3-4D42-8437-9FE8C88A907F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{631C8A9A-3073-4C21-B8A8-CE14B6C112C5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{644D4E0A-39FB-40C3-9F02-9ECED320F825}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{6747EFDA-1B9B-47BF-B676-D1398C84AABE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{6A66CF3D-4B28-4CCF-9234-2B208D01C26C}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
    "{6D6E52F0-6502-4085-AC4D-21A60EC502C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{6E26E491-9CEA-4A4D-B782-E7A30045A69A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkjswx.exe |
    "{711A98ED-FA70-48F5-92D5-17F296BA190A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{763C0790-2931-4E22-BCB6-61BBFE1AE624}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
    "{7648068E-550E-4B8D-9EAF-E2AEC0F4030A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{78DF765B-B656-43F2-A497-72B283F57792}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
    "{7A3CB773-B63B-4FC7-8788-BC20B448BE0A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{7E3D098D-C873-4C49-B1E2-456D1A830EF0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{7F7EECC3-80E1-4DB9-8A0E-9391FFC0DC21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{865D670C-40B4-4239-BD61-93693E113739}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{91420161-BB7F-414F-B63E-005E07E8EC2C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{94184BB1-3D4D-42A1-B847-15E52AEFADFE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{A164A6A3-C647-46E0-9E51-442B658A4525}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
    "{A20CE091-93A6-40EA-AEB0-9C0550659D95}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{A6B70A5D-4195-4CBD-B44E-34A0677761B0}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkamon.exe |
    "{A6D127B8-129C-4796-87B0-21CBDD2295AF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{A7DF02F8-27EA-4671-B62D-2E6894908497}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A8A553A9-2A99-4C36-B82D-B372E4AFADE9}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{AAC934CC-5650-4415-BED6-54A2A9A44CD6}" = protocol=6 | dir=in | app=c:\users\pamarj1\program files\dna\dna.exe |
    "{AEB3A92E-E155-473A-80C5-4703E07BBF50}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{B0DB4182-1848-424E-8591-9A2D24DB3BFD}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{B0E300AD-8333-4799-81FF-E59C78A8EB6F}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{B35DBD9A-B194-4ACE-96F6-6D98D406F1BA}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
    "{B3C4B550-61BA-4E81-9604-FC5B7AB5E8F4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
    "{B4647ABE-FCCB-4FA0-B83F-9BE3EF1A0FCA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{BC6BA00C-935D-482A-BBC1-82B746ABB63A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
    "{C1638E06-4DC6-402E-973C-24CB190FE220}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{C32F8711-69AF-4494-9C55-7511E88408DF}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "{C80D4C90-5E77-44A6-9A69-A185124F697B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{C8122C95-73BC-4A04-9C46-C1617FC33AAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{C817561E-2DCC-472C-B628-DEA2C7510BBF}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkjswx.exe |
    "{C85D4720-969D-488C-8F81-258CE8CB6570}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
    "{CB22C0B5-84FB-460D-899D-B02235664480}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D616515C-B96F-4F27-9B3E-7C970621C150}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{D7277D7C-843B-4448-8D7C-EF7B9727875D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
    "{D9DBF6AB-1482-4C89-BA58-E364A68C61DD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
    "{DE062886-FC1D-462B-816C-043C32C0A76F}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
    "{E0CF7F8C-4A51-4D3D-B257-8DCAB4BC65A0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
    "{E8789A75-81AA-4213-BE11-CDF1F1EA67BB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdktime.exe |
    "{EAA9C718-64A0-458D-81C8-F4981FB52E03}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{EB5D78EB-A66E-4922-96DD-AF2AE556BDC3}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{EB7BEE18-B2BA-47EE-9661-73898F61A9AB}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
    "{EBEE1427-0DB4-4F8A-80AF-B949302555E5}" = dir=in | app=c:\program files\plex\plex media server\plexscripthost.exe |
    "{F710CF2F-8983-41F9-98CB-D00849B26DF6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{F8FE480B-B0D6-4593-8EAC-289A264E0456}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
    "{FCE0EF33-A11E-4038-8EA7-4AF5323179BE}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
    "{FE71E1F1-12CE-4A24-8696-33F048EBEDDD}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
    "{FFB01377-B897-4153-BBE8-5653C4A69999}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
    "TCP Query User{0079FE1C-29EC-4D90-84B7-6A0DA89CA921}C:\users\pamarj1\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\pamarj1\program files\bittorrent_dna\dna.exe |
    "TCP Query User{0494DB62-EA7E-4859-83BB-B465E51E7F68}G:\quake3\quake3.exe" = protocol=6 | dir=in | app=g:\quake3\quake3.exe |
    "TCP Query User{0922FF93-83F1-4B62-942F-DD0C7A65E063}C:\users\pamarj1\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\pamarj1\program files\dna\btdna.exe |
    "TCP Query User{27DF5B47-C50D-4720-91E6-E26C7229CE0F}C:\users\pamarj1\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\pamarj1\appdata\local\google\chrome\application\chrome.exe |
    "TCP Query User{311A1171-ED2B-4675-B814-DA88548C047A}C:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe |
    "TCP Query User{438BED51-D893-497D-9EC1-4AC182EC0EB1}C:\program files\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\program files\quake iii arena\quake3.exe |
    "TCP Query User{50339562-721D-4B1B-B537-427D38941A78}C:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
    "TCP Query User{9DDD5134-BE88-47EC-8DDF-FF10B1774E3F}C:\program files\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\program files\quake iii arena\quake3.exe |
    "TCP Query User{B386E723-82FA-4624-BBE5-9C6DB4CC8FF4}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{B6A6A5A0-29D9-484C-B7F2-40585AF4C97E}C:\program files\lexmark 5300 series\lxdkmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
    "TCP Query User{C9FF6511-3962-4D66-8133-ADFD334A109A}C:\program files\lexmark 5300 series\frun.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
    "TCP Query User{CA53107B-7174-45E9-9F53-9748B594EC2D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
    "TCP Query User{CAF1DA97-90EC-42F7-978D-6A8B84ECEA3C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{DD915B5F-55FF-4327-980A-3F308AF340B0}C:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe |
    "TCP Query User{EB640DFB-9958-4DBF-9E44-45FE589BD89F}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "TCP Query User{F1880E3D-434A-4037-A442-E28C34237190}C:\program files\asus\asus sync\asusupctloader.exe" = protocol=6 | dir=in | app=c:\program files\asus\asus sync\asusupctloader.exe |
    "UDP Query User{1BFC427B-E4A3-4C9F-B415-760747FE98D8}C:\users\pamarj1\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\pamarj1\appdata\local\google\chrome\application\chrome.exe |
    "UDP Query User{1D7C7F28-DEB8-4358-94C7-5D9F1484BD0D}C:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe |
    "UDP Query User{2021A4AD-012B-4C6E-B2E4-4A19D3F43FE2}C:\program files\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\program files\quake iii arena\quake3.exe |
    "UDP Query User{2CC78272-2D55-4817-BB70-030038583A27}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{367EC2E3-D941-47B2-A92A-AFB342D7CB0E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
    "UDP Query User{51FD48DE-E5F5-4B1C-8906-957BA0AC909F}C:\program files\asus\asus sync\asusupctloader.exe" = protocol=17 | dir=in | app=c:\program files\asus\asus sync\asusupctloader.exe |
    "UDP Query User{5FEE06E6-6BB5-4E1A-BDF0-DD4887AFA424}C:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe |
    "UDP Query User{68449D60-8856-4981-8259-2F83B5B6CE2A}C:\users\pamarj1\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\pamarj1\program files\dna\btdna.exe |
    "UDP Query User{8168E703-8089-49A8-9869-D3EDE205F84E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{8C1123D6-B770-4E11-BBD9-B7127B793B5C}C:\program files\lexmark 5300 series\lxdkmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe |
    "UDP Query User{8EBE8473-BC29-4A48-BB09-D9972294833C}C:\program files\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\program files\quake iii arena\quake3.exe |
    "UDP Query User{9D25E026-BF49-4565-83E9-A5EAE2068DDD}C:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe |
    "UDP Query User{A6D456E5-CE65-49ED-AF97-03F4AC08AA7D}C:\program files\lexmark 5300 series\frun.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe |
    "UDP Query User{B3DDCE4B-C351-4C84-8103-4BB63C72F6E0}C:\users\pamarj1\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\pamarj1\program files\bittorrent_dna\dna.exe |
    "UDP Query User{BDD3CF01-6B3F-42DC-91ED-A184A3FCABD7}G:\quake3\quake3.exe" = protocol=17 | dir=in | app=g:\quake3\quake3.exe |
    "UDP Query User{FF56BDC5-8C4F-49D4-B2C3-0BBFAAF44BCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{04B552B1-4EC5-4F1B-9F02-FD3DF5A71184}" = NI Assistant Framework
    "{04D66B46-4349-407C-9297-9B43648E4C84}" = NI LabVIEW Run-Time Engine Interop 2009
    "{05046BCC-5E64-4A85-8615-D84DE4C1D865}" = NI VC2005MSMs x86
    "{05A8E727-958F-4E2D-BB2F-E820EF1077AA}" = Amethyst CADwizz Ultra
    "{0657A4A0-91D4-4A64-9ADB-395EC190CF36}" = Symantec Real Time Storage Protection Component
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{07A99739-82EE-4537-AF2E-1607015D9992}" = NI Service Locator
    "{08133ED0-B6EB-49CD-B0EF-60502E41D15E}" = NI Xerces Delay Load 2.7.1
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{094621AC-72E7-4167-8A06-CCDDBEBC233F}" = NI LabVIEW 2009 Help File
    "{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
    "{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
    "{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
    "{118C3943-1683-42EF-824D-C22E70DB42E7}" = Comcast Desktop Software (v1.2.1)
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{127F1FD4-43BB-4428-8B2A-70539F4B6F1F}" = ANSYS Products 11.0
    "{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
    "{15FE4745-FF95-4746-A817-70CD06AAE8B8}" = Plex Media Server
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19C120B7-F7A6-4105-9D62-1F6305B2E2CF}" = NI DataSocket 4.7.0
    "{1B06E3AF-1CE2-4085-AE4E-DFEC369E86D3}" = NI Logos XT Support
    "{1D6F0B9D-F19E-43AB-9D8E-2E3653212C72}" = NI LabVIEW 2009 MeasAppChm File
    "{2108E50D-978D-4D62-A837-4F12A61ADF15}" = NI LabVIEW 2009 License
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{229A26F7-81A9-4A17-9D00-6CF4D08CEA44}" = NI LabVIEW 2009 WWW
    "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23940B09-32B3-4C36-88A9-E787862E2AE9}" = NI Variable Engine LabVIEW 2009 Support
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
    "{278AF4F9-DC1C-49DC-B871-C0BAEBD4F458}" = NI License Manager
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2A98DB42-3743-4022-ADFA-42AE811484AE}" = NI EULA Depot
    "{2AD5E818-E2EE-4BBF-A2BF-29022C6FC236}" = NI Assistant Framework LabVIEW 2009 Support
    "{2AE0B374-90DA-416C-9AF9-436585FD34DD}" = ASUS Sync
    "{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
    "{2D72E0EC-D695-4BFB-A246-F07BAAA91AA1}" = NI Remote Provider for MAX 4.6.0
    "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{307300E8-6D0E-48AD-AC4B-D41A9549DEEB}" = NI LabVIEW 2009 Examples
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
    "{3403CB31-D7C1-43F4-9D2F-579758C0CF09}" = Windows Live OneCare Family Safety
    "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
    "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
    "{34EE2F0F-D6EA-4C36-8315-41107048D48D}" = NI-DAQmx - LabVIEW shared documentation
    "{35872655-EA55-4A90-8DAA-AD2B777B8CAC}" = NI LabVIEW 2009 Applibs
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
    "{383AD0A2-FD79-4CF0-B823-C695E32BD08D}" = NI LabVIEW Run-Time Engine Web Services
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
    "{3F188640-B4F5-44D5-BBF3-DAB70CF5629B}" = NI LabVIEW Compare Utility 9.0.0
    "{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
    "{40D9D764-7FD7-4036-B565-6D94DEEBD4A5}" = NI LabVIEW Merge Utility 9.0.0
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
    "{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
    "{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
    "{45A5461A-7D1D-4A91-B033-0B85E7AB25C2}" = NI MXS 4.6.0f0 for LabVIEW Real-Time
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
    "{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
    "{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
    "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
    "{4BE3B1FB-31C9-4FA4-B7FE-37025785FCE9}" = calibre
    "{4D581C40-11D0-476B-A943-76506924B722}" = NI Distributed System Manager 2009
    "{4E049CBB-01EE-4859-B4C8-26E42263CEE4}" = NI LabVIEW Run-Time Engine 2009
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{50F9A1FC-39D8-46E8-8234-1A1A68A4033E}" = NI Variable Engine 2.3.0
    "{51E23D68-FE69-4728-A8EE-F12856B046C7}" = NI LabVIEW 2009 User.lib
    "{52C3DD72-17E5-4E0D-83A8-FB42FCE3A8EF}" = NI-RPC 4.1.1f0 for Phar Lap ETS
    "{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
    "{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0
    "{57F37CA1-6FA3-46D2-8F01-AD3A26FA4E9B}" = NI Assistant Framework LabVIEW Code Generator 2009
    "{596C11D1-2285-4057-99F6-735B50EB87E1}" = NI System API RT
    "{5A70FCD2-C019-4723-868F-07CD6C7755FF}" = NI Logos 5.1
    "{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
    "{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
    "{5E2E0DF8-75EC-47E2-9583-3229A4CF5C95}" = NI LabVIEW 2009 Project
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{6447FE3A-8B2C-41DB-9791-322B8445B3E9}" = NI LabVIEW Deployable License 2009
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F5CBE0-D208-46E5-8593-C07D3FDF8454}" = NI LabVIEW 2009 CINtools
    "{7559B6F5-180B-479A-A8CD-2175EFBC61F8}" = NI LabVIEW 2009 Deployment Framework
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
    "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
    "{77B1B7C6-4C2F-4D0C-A807-F1A2910B7AC4}" = NI LabVIEW 2009 Resource
    "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
    "{7ACFB216-29F7-4331-A5ED-2563AEB51F21}" = NI Trace Engine
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
    "{7E7A035C-9DC5-40B0-B873-002B14CCE3B8}" = NI-RPC 4.1.1f0
    "{82B8F87D-C75E-4270-B030-49ECDAFF1B53}" = NI MAX Remote Configuration Installer 4.6
    "{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{88D1DA3C-09FA-4CA7-BB6B-2CEACCFA95D5}" = NI System State Publisher
    "{89A7BD8C-0FC3-49EF-9072-5C8371C0A4D6}" = NI LabVIEW Web Services Runtime
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A5D448D-FBA1-40B6-9131-03659BC83319}" = NI LabVIEW 2009 Menus
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8AF869D1-F416-4855-8177-EB75D73CC992}" = NI LabVIEW 2009 Web Server
    "{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9033A0BF-9B8A-4C27-812B-40BA10855E2D}" = NI LabVIEW 2009 Simulation
    "{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
    "{92769F9C-453B-40C9-B129-6E8E52586C8E}" = NI LabVIEW Broker
    "{927C1DDA-61DC-4B95-A138-8A1377E33A9A}" = NI Portable Configuration 4.6.0
    "{93B8921B-2AC6-4A58-A87C-19B633DB6860}" = NI Software Provider for MAX 4.6.0
    "{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}" = Splashtop Remote
    "{96094CE5-7920-47FD-8A02-68A7B5B1785F}" = NI System API Windows 32-bit
    "{9862682B-2CDB-4D67-9D8B-EC3CDA85F1CB}" = NI LabVIEW 2009 VI.lib
    "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
    "{9B79CE5E-ECAA-4D23-9924-0BF5A3F440F0}" = NI LabVIEW 2009 gMath
    "{9D2795DC-59E3-4E75-B59D-D23A6A18CE9C}" = ASUS Android USB Drivers
    "{9F7DBC83-611C-4407-8817-8FD63E149288}" = NI SSL LabVIEW 2009 Support
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96395DA-AFC5-459E-A374-CE10E84FEEB2}" = NI TDM Excel Add-In 2.1
    "{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{AE9AA575-DE74-4711-B3B3-2977D76CC1BB}" = NI TDMS
    "{AF32BE73-E284-444E-B310-7EE80192949B}" = NI LabWindows/CVI DLL Builder for LabVIEW
    "{AFEDF70D-8DC3-40CB-93A0-F276E64BDF9C}" = NI VC2008MSMs x86
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4B6D62D-9BDF-48A6-AE95-E4F730369D26}" = NI Logos LabVIEW 2009 Support
    "{B5BD3DA8-1A63-4042-90FA-B26C361382C9}" = NI Remote PXI Provider for MAX 4.6.0
    "{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
    "{B8E65E0D-30D8-49BD-B92C-0E77A09545D6}" = NI MAX LabVIEW Support 4.6.0
    "{B963C648-249B-4145-BC14-56488262E9A9}" = NI MDF Support
    "{BA0C85C1-E5CC-4F58-84FB-8DA29F3412F0}" = NI Uninstaller
    "{C57A08DC-0D4B-41E1-82A3-6290292E5B87}" = NI LabVIEW 2009 Instr.lib
    "{C6BF965C-5A8C-498E-A6AD-B594D583F7B3}" = NI LabVIEW 2009
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEDA69AF-DD7A-42A8-B6D3-65BA0592D34E}" = NI Instrument IO Assistant for LabVIEW 9.0 32
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
    "{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
    "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
    "{D5BD34F2-A261-450D-81D1-581613580320}" = NI LabVIEW 2009 Manuals
    "{D72AB2C1-D24D-4F17-B3DB-AF51223F293E}" = NI SSL Support
    "{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard
    "{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
    "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
    "{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
    "{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
    "{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
    "{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0
    "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
    "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
    "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
    "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F19E2B0A-2249-45DA-92DB-0CE0DEB8E8A4}" = NI OPC Support
    "{F417A147-5CCC-452D-9C6F-4C91FD5C7916}" = NI LabVIEW 2009 Help
    "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
    "{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
    "{F723A248-6AAC-4514-AFFB-7414BE02D95B}" = NI LabWindows/CVI 9.0 Run-Time Engine
    "{F827F574-36ED-4D97-820A-AD6F74E02D0D}" = NI MXS 4.6.0
    "{F853DF00-73BD-400D-AE67-A41012E06D20}" = NI LabVIEW Real-Time NBFifo
    "{F8D407B1-B9A0-4128-8E79-17A6F9433F6C}" = NI Measurement & Automation Explorer 4.6.0
    "{FA131BE1-8946-4969-B16F-CF5C928ABAAB}" = NI LabVIEW 2009 Templates
    "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
    "{FB84287D-6425-4867-89AE-6221FCDE2976}" = NI LabWindows/CVI Code Generator
    "{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
    "{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ASUS WebStorage" = ASUS WebStorage
    "Audacity_is1" = Audacity 1.2.6
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dia" = Dia (remove only)
    "doPDF 6 printer_is1" = doPDF 6.2 printer
    "DzSoftWebPhotoResizer_is1" = Quick Photo Resizer 2.5.1
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "ffdshow_is1" = ffdshow [rev 2083] [2008-08-21]
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HitmanPro35" = Hitman Pro 3.5
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photosmart Essential" = HP Photosmart Essential 2.0
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}" = Splashtop Remote
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Lexmark 5300 Series" = Lexmark 5300 Series
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
    "NI Uninstaller" = National Instruments Software
    "Picasa 3" = Picasa 3
    "Premiumplay Codec-C" = Premiumplay Codec-C
    "PrimoPDF4.1.0.9" = PrimoPDF
    "Prism" = Prism Video File Converter
    "RealPlayer 6.0" = RealPlayer
    "Rhapsody" = Rhapsody
    "SMSERIAL" = Motorola SM56 Data Fax Modem
    "SopCast" = SopCast 1.1.2
    "ST6UNST #1" = HQ2K1
    "SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "SystemRequirementsLab" = System Requirements Lab
    "TVUPlayer" = TVUPlayer 2.3.3.2
    "TVWiz" = Intel(R) TV Wizard
    "Veoh Web Player Beta" = Veoh Web Player Beta
    "VLC media player" = VLC media player 1.1.11
    "WildTangent hplaptop Master Uninstall" = My HP Games
    "Winamp" = Winamp
    "Winamp Toolbar" = Winamp Toolbar
    "Windows Live Toolbar" = Windows Live Toolbar
    "WinMerge_is1" = WinMerge 2.12.4
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Applications" = AT&T Yahoo! Applications
    "Yahoo! Extras" = Yahoo! Browser Services

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "BitTorrent" = BitTorrent 6.0
    "BitTorrent DNA" = DNA
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/10/2010 1:11:59 PM | Computer Name = pamarj1-PC | Source = Symantec AntiVirus | ID = 16711726
    Description =

    Error - 1/10/2010 1:12:00 PM | Computer Name = pamarj1-PC | Source = Symantec AntiVirus | ID = 16711685
    Description =

    Error - 1/10/2010 1:12:09 PM | Computer Name = pamarj1-PC | Source = Symantec AntiVirus | ID = 16711731
    Description =

    Error - 1/12/2010 6:05:22 PM | Computer Name = pamarj1-PC | Source = Windows Installer 3.1 | ID = 921877
    Description =

    Error - 1/12/2010 6:07:03 PM | Computer Name = pamarj1-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 1/12/2010 6:07:52 PM | Computer Name = pamarj1-PC | Source = VSS | ID = 8194
    Description =

    Error - 1/12/2010 6:20:24 PM | Computer Name = pamarj1-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 1/13/2010 3:25:09 PM | Computer Name = pamarj1-PC | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 2c68 Start Time: 01ca91a935a7a440 Termination Time: 0

    Error - 1/14/2010 12:35:33 AM | Computer Name = pamarj1-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 1/14/2010 4:18:04 PM | Computer Name = pamarj1-PC | Source = Windows Search Service | ID = 3013
    Description =

    [ OSession Events ]
    Error - 10/25/2007 11:00:42 PM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2087
    seconds with 1500 seconds of active time. This session ended with a crash.

    Error - 6/15/2009 2:12:51 AM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 7/15/2009 1:18:11 AM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1074
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/25/2009 3:42:43 PM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/11/2010 1:04:30 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom10, is not ready for access yet.

    Error - 10/11/2010 1:04:31 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom10, is not ready for access yet.

    Error - 10/11/2010 1:04:32 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom10, is not ready for access yet.

    Error - 10/11/2010 1:04:33 AM | Computer Name = pamarj1-PC | Source = PlugPlayManager | ID = 12
    Description = The device 'TSSTcorp CD/DVDW TS-L632M ATA Device' (IDE\CdRomTSSTcorp_CD/DVDW_TS-L632M_______________0A17____\5&5b8f77b&0&0.0.0)
    disappeared from the system without first being prepared for removal.

    Error - 10/11/2010 1:04:33 AM | Computer Name = pamarj1-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 10/11/2010 1:04:33 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom10, is not ready for access yet.

    Error - 10/11/2010 7:55:16 PM | Computer Name = pamarj1-PC | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.

    Error - 10/12/2010 1:16:35 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom11, is not ready for access yet.

    Error - 10/12/2010 7:53:38 PM | Computer Name = pamarj1-PC | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 10/12/2010 7:54:53 PM | Computer Name = pamarj1-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:52:05 PM on 10/12/2010 was unexpected.

    [ VeriSoft Events ]
    Error - 7/20/2011 8:33:11 AM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
    Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 7/20/2011 8:33:15 AM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
    Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 11/10/2011 8:45:24 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
    Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 1/15/2012 9:30:44 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
    Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 4/12/2012 9:28:51 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
    Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 4/12/2012 9:29:00 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
    Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 4/12/2012 9:29:21 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
    Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 4/12/2012 9:29:26 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
    Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 4/12/2012 9:29:37 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
    Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.

    Error - 4/12/2012 9:33:28 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
    Description = The submitted credentials were rejected. User: pamarj1@PAMARJ1-PC
    Credentials:
    Password Error: (0xC516020B) The system could not log you on. Verify your user
    name and domain are correct and then type your password again. Letters in passwords
    must be typed using the correct case. Verify that Caps Lock is off.


    < End of report >
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,616
    Run OTL again. Close all running applications other than OTL. Under the Custom Scans/Fixes box at the bottom, paste in the text in the code box that follows these instructions:
    • Click the Run Fix button at the top.
    • Let the program run unhindered. When finished, the system should reboot automatically. If it doesn't please reboot.
    • After the computer reboots and you log into your account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

    Code:
    :OTL
    CHR - default_search_provider: MyStart Search (Enabled)
    CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26
    
    :Files
    C:\Users\pamarj1\AppData\Local\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
    C:\ProgramData\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
    C:\Users\pamarj1\AppData\Local\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u
    C:\ProgramData\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u
    C:\Users\pamarj1\AppData\Local\Fguvamunu.bin
    C:\Users\pamarj1\AppData\Local\Fkawalutiholura.dat
    
    :Commands
    [Reboot]
    [emptytemp]
    [EMPTYFLASH]
     
  7. ajpnsld

    ajpnsld Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    30
    All processes killed
    ========== OTL ==========
    Unable to fix default_search_provider items.
    Unable to fix default_search_provider items.
    ========== FILES ==========
    File\Folder C:\Users\pamarj1\AppData\Local\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420 not found.
    File\Folder C:\ProgramData\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420 not found.
    File\Folder C:\Users\pamarj1\AppData\Local\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u not found.
    File\Folder C:\ProgramData\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u not found.
    File\Folder C:\Users\pamarj1\AppData\Local\Fguvamunu.bin not found.
    File\Folder C:\Users\pamarj1\AppData\Local\Fkawalutiholura.dat not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: 257
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: pamarj1
    ->Temp folder emptied: 172861 bytes
    ->Temporary Internet Files folder emptied: 78326565 bytes
    ->Java cache emptied: 74639981 bytes
    ->FireFox cache emptied: 70758447 bytes
    ->Google Chrome cache emptied: 223845819 bytes
    ->Flash cache emptied: 204289 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 123730 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 427.00 mb


    [EMPTYFLASH]

    User: 257
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: pamarj1
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.42.2 log created on 05012012_221742

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,616
    Please run OTL again the same as the first time and post the log.
     
  9. ajpnsld

    ajpnsld Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    30
    Hi cookiegal

    sorry for the delay. Here's the log

    OTL.TXT



    OTL logfile created on: 5/3/2012 5:19:46 PM - Run 2
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\pamarj1\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.32% Memory free
    4.22 Gb Paging File | 2.72 Gb Available in Paging File | 64.55% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.50 Gb Total Space | 10.06 Gb Free Space | 9.72% Space Free | Partition Type: NTFS
    Drive D: | 8.29 Gb Total Space | 1.83 Gb Free Space | 22.09% Space Free | Partition Type: NTFS

    Computer Name: PAMARJ1-PC | User Name: pamarj1 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
    PRC - [2011/12/28 00:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
    PRC - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
    PRC - [2011/03/30 20:55:58 | 002,182,984 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
    PRC - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
    PRC - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
    PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    PRC - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdkcoms.exe
    PRC - [2007/03/09 12:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/02/07 09:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
    PRC - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/01 22:35:09 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2012/05/01 22:35:09 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2012/04/24 17:26:58 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2012/04/24 17:26:57 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2011/07/26 22:19:38 | 000,032,848 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    MOD - [2011/07/26 22:19:36 | 000,044,112 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
    MOD - [2011/07/26 22:19:36 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
    MOD - [2011/07/26 22:19:34 | 000,195,664 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    MOD - [2011/07/26 22:19:34 | 000,057,424 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
    MOD - [2011/07/26 22:19:32 | 000,841,296 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
    MOD - [2011/07/26 22:19:30 | 000,824,912 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
    MOD - [2011/07/26 22:19:30 | 000,049,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
    MOD - [2011/07/26 22:19:28 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
    MOD - [2011/07/26 22:19:26 | 000,365,648 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
    MOD - [2011/07/26 22:19:26 | 000,131,152 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_elementtree.pyd
    MOD - [2011/07/26 22:19:24 | 000,093,776 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
    MOD - [2011/07/26 22:19:22 | 000,589,904 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
    MOD - [2011/07/26 22:19:22 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
    MOD - [2011/07/26 22:19:20 | 000,134,224 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
    MOD - [2011/07/26 22:19:00 | 000,173,136 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxslt.dll
    MOD - [2011/07/26 22:18:58 | 001,009,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxml2.dll
    MOD - [2011/07/26 22:18:56 | 000,063,056 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libexslt.dll
    MOD - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
    MOD - [2011/06/23 04:02:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
    MOD - [2011/01/19 05:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2010/09/02 06:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSShellExt.dll
    MOD - [2009/01/18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
    MOD - [2008/10/13 17:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2008/07/27 13:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2008/07/27 13:03:14 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2008/07/27 13:03:12 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    MOD - [2007/11/16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
    MOD - [2007/11/16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/04/01 13:45:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
    SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
    SRV - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
    SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/06/23 14:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
    SRV - [2009/06/23 12:23:14 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
    SRV - [2009/06/18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
    SRV - [2009/06/18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
    SRV - [2009/06/18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
    SRV - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
    SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/06/04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
    SRV - [2009/06/03 11:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [Disabled | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
    SRV - [2008/10/31 15:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
    SRV - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdkcoms.exe -- (lxdk_device)
    SRV - [2007/06/14 08:15:24 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
    SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
    SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
    SRV - [2007/02/07 09:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
    SRV - [2007/01/14 08:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
    SRV - [2007/01/13 04:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
    SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
    SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2007/01/05 23:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
    SRV - [2006/06/22 02:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)
    SRV - [2006/03/24 16:34:04 | 001,294,336 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe -- (ANSYS FLEXlm license manager)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\pamarj1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aget0x7k)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/12/07 23:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
    DRV - [2011/12/07 23:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVENG.SYS -- (NAVENG)
    DRV - [2010/06/17 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/06/04 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/05/07 21:54:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2009/12/25 22:16:55 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2009/05/22 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
    DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2007/11/06 11:07:18 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071122.002\IDSvix86.sys -- (IDSvix86)
    DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2007/04/03 14:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
    DRV - [2007/03/28 11:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
    DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2007/03/01 07:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/01/16 23:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
    DRV - [2007/01/09 23:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
    DRV - [2007/01/09 23:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
    DRV - [2007/01/09 23:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
    DRV - [2007/01/09 23:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
    DRV - [2007/01/09 23:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
    DRV - [2007/01/09 23:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
    DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKLM\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
    IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C5 78 30 68 23 CD 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{102266F6-EE4B-4F61-B7CF-5CAD12A85595}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{1FDCD3CD-BAC0-4EFD-94CC-99CEE205D94F}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{4F4F3347-4DD6-4602-94EA-1614B7935E8C}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{61019A01-5835-47A7-93CF-BEAA83DDC44F}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKCU\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{9384583D-5916-4897-9F46-6C3D989C9917}: "URL" = http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{97181CDC-24B1-4748-9601-65BBAC502816}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKCU\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
    IE - HKCU\..\SearchScopes\{ADD6BEC9-F897-4477-9B4B-F56FF9288C2B}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yessv
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8oCjuYer&i=26
    IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
    FF - prefs.js..extensions.enabledItems: [email protected]:7
    FF - prefs.js..extensions.enabledItems: [email protected]:1.4
    FF - prefs.js..extensions.enabledItems: {7AF6830F-D3D8-4973-BA4D-74783BE69F62}:1.9.1
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.5332
    FF - prefs.js..extensions.enabledItems: [email protected]:0.78.35
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\pamarj1\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions [2011/07/27 00:20:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/20 04:44:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\pamarj1\AppData\Roaming\Move Networks [2009/10/27 13:23:27 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\pamarj1\Program Files\DNA [2010/01/14 12:10:38 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}: C:\Users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62} [2010/10/12 19:24:04 | 000,000,000 | ---D | M]

    [2008/12/18 23:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Extensions
    [2012/05/02 17:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions
    [2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/10 11:48:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    [2007/12/07 22:03:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2012/04/01 14:01:22 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
    [2009/04/27 22:44:47 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
    [2009/03/17 18:58:47 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
    [2010/11/14 00:10:35 | 000,001,832 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\bing.xml
    [2012/04/01 13:34:03 | 000,002,203 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\MyStart Search.xml
    [2012/04/29 23:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/07/27 00:20:38 | 000,000,000 | ---D | M] (Splashtop Remote) -- C:\PROGRAM FILES\SPLASHTOP\SPLASHTOP REMOTE\SERVER\PLUGIN\FFEXTENSIONS
    [2008/12/20 04:44:19 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
    [2010/10/12 19:24:04 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\PAMARJ1\APPDATA\LOCAL\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
    [2009/10/27 13:23:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\PAMARJ1\APPDATA\ROAMING\MOVE NETWORKS
    [2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
    [2007/02/08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
    [2009/06/23 20:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
    [2011/11/01 16:55:05 | 000,001,692 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

    ========== Chrome ==========

    CHR - default_search_provider: MyStart Search (Enabled)
    CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
    CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
    CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
    CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
    CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Entanglement = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: Angry Birds = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
    CHR - Extension: Word Search Puzzle = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
    CHR - Extension: SKiD Racer = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno\0.0.0.37_0\
    CHR - Extension: WGT Golf Challenge = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
    CHR - Extension: Final Fight = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpegianedjonaeafilbagbcbcimjifai\0.0.0.1_0\
    CHR - Extension: AdBlock = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
    CHR - Extension: Monster Truck Racing = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjmcfmephihmhendkenhfmnkfoakedhi\1.0_0\
    CHR - Extension: Air Hockey = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\2.0_0\
    CHR - Extension: Codec-V = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.17.48_0\
    CHR - Extension: Steambirds: Survival = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn\1.0_0\
    CHR - Extension: WarTime = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkobmjibnppfleogmodpjgocgdbdiikp\1.23_0\
    CHR - Extension: Poppit = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: Google Play Books = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
    CHR - Extension: HP Product Detection Plugin = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
    CHR - Extension: Crusader Tank = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpegcjgnjllooimlcfdnphhccfnmhfem\1.2.0_0\
    CHR - Extension: Baseball (Deluxe) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbmhkhnoadhdceaokdofknafciecdea\2.1_0\

    O1 HOSTS File: ([2012/04/25 17:41:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
    O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
    O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F5FC4A-1ADF-4AC4-8EB4-B213ADBF5159}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: DhcpNameServer = 68.87.72.134 68.87.77.134
    O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/05/23 07:05:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/01 20:11:44 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/04/30 21:35:22 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
    [2012/04/28 17:16:05 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\f-secure
    [2012/04/28 17:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
    [2012/04/25 23:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/04/25 18:38:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/25 17:46:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/25 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Local\temp
    [2012/04/25 17:33:46 | 000,000,000 | ---D | C] -- C:\puppy.exe
    [2012/04/25 17:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
    [2012/04/25 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
    [2012/04/24 17:26:26 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\SUPERAntiSpyware.com
    [2012/04/24 17:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/04/23 18:06:03 | 000,000,000 | ---D | C] -- C:\puppy.exe20967p
    [2012/04/19 19:13:41 | 004,468,852 | R--- | C] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
    [2012/04/12 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\Desktop\antivirus
    [2012/04/12 20:45:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe
    [2012/04/05 20:32:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/05 20:32:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/05 20:32:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/05 20:31:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/05 20:31:54 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/04/05 20:29:48 | 000,000,000 | ---D | C] -- C:\Qoobox

    ========== Files - Modified Within 30 Days ==========

    [2012/05/03 17:35:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
    [2012/05/03 17:33:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
    [2012/05/03 17:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/05/03 17:16:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/05/03 17:16:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/03 17:16:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/03 00:15:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/03 00:01:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
    [2012/05/03 00:01:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
    [2012/05/02 23:42:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
    [2012/05/02 22:42:03 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
    [2012/05/02 19:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/01 22:29:58 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
    [2012/04/29 03:08:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/04/29 03:07:00 | 000,609,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/04/29 03:07:00 | 000,106,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/04/26 20:00:02 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
    [2012/04/25 17:41:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/04/24 17:25:51 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/04/20 21:26:58 | 000,002,296 | ---- | M] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
    [2012/04/19 19:13:05 | 004,468,852 | R--- | M] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
    [2012/04/12 20:54:58 | 000,302,592 | ---- | M] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
    [2012/04/12 20:42:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe

    ========== Files Created - No Company Name ==========

    [2012/04/29 03:08:10 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/04/24 17:25:51 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/04/20 21:29:20 | 000,002,296 | ---- | C] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
    [2012/04/12 20:58:41 | 000,302,592 | ---- | C] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
    [2012/04/05 20:32:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/05 20:32:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/05 20:32:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/05 20:32:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/05 20:32:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2011/03/28 23:32:02 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

    ========== LOP Check ==========

    [2010/01/12 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Ansys
    [2011/07/27 06:36:15 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS
    [2011/07/27 00:19:18 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS WebStorage
    [2011/07/27 09:14:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
    [2011/01/09 02:52:56 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent
    [2008/09/30 18:48:50 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent DNA
    [2011/01/28 01:21:10 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\calibre
    [2009/12/25 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DAEMON Tools Lite
    [2010/01/25 04:19:45 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DNA
    [2009/10/28 16:06:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DzSoft
    [2011/07/27 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\eCareme
    [2012/04/28 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\f-secure
    [2011/08/28 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\gtk-2.0
    [2009/05/28 08:53:19 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Lexmark Productivity Studio
    [2010/02/18 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\mjusbsp
    [2010/11/09 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Mobipocket
    [2011/07/27 09:14:54 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Outlook
    [2012/02/07 13:52:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Samsung
    [2012/03/10 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\SystemRequirementsLab
    [2008/08/02 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\WildTangent
    [2007/12/07 01:06:12 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
    [2012/05/03 00:01:02 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
    [2012/05/03 00:01:04 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
    [2010/05/20 18:32:20 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install.job
    [2012/05/01 22:27:17 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/05/03 17:35:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
    [2012/05/03 17:33:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job

    ========== Purity Check ==========



    < End of report >
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,616
    Run OTL again and under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8oCjuYer&i=26
    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    CHR - default_search_provider: MyStart Search (Enabled)
    CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26
    Click Run Fix and then post the log please.
     
  11. ajpnsld

    ajpnsld Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    30
    Hi Cookigal,

    Following is the log after running OTL with your script.


    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
    Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
    Unable to fix default_search_provider items.
    Unable to fix default_search_provider items.

    OTL by OldTimer - Version 3.2.42.2 log created on 05042012_181636
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,616
    In Chrome, please change the default search provider to Google (or something else other than IncrediBar).
     
  13. ajpnsld

    ajpnsld Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    30
    Hi cookigal

    I changed the search engine and the search is going thru google. But the incredibar option still shows in the pull down menu in the options section of chrome. how do I delete that?
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,616
    In that same area, click on "Manage Search Engines" and remove the other option releated to Incredibar. Then exit Chrome and restart the browser and let me if it's gone.
     
  15. ajpnsld

    ajpnsld Thread Starter

    Joined:
    Apr 10, 2012
    Messages:
    30
    After modifying "manage search engines", incredibar is not appearing.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1048809