Topic 'Re: Is this PC infected?' in forum 'Security Cleanup' - dslreports.com http://www.dslreports.com/forum/Re-Is-this-PC-infected-27324023 en Sun, 19 May 2013 17:14:10 EDT Sun, 19 May 2013 17:14:10 EDT Re: Is this PC infected? http://www.dslreports.com/forum/Re-Is-this-PC-infected-27330967 http://www.dslreports.com/forum/Re-Is-this-PC-infected-27330967 Sun, 15 Jul 2012 13:18:19 EDT Re: Is this PC infected? http://www.dslreports.com/forum/Re-Is-this-PC-infected-27330835
Cleaning Up:

Delete TFC:
  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum]]> http://www.dslreports.com/forum/Re-Is-this-PC-infected-27330835 Sun, 15 Jul 2012 12:26:51 EDT Re: Is this PC infected? http://www.dslreports.com/forum/Re-Is-this-PC-infected-27330802
Anyway, here is the OTL log that I found by going into Notepad and finding it in the _OTL folder from C:.


 
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22 -5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208 F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser  Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B878 3A}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BED3930- 2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D4 55}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\ {5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D4 55}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: kim
->Temp folder emptied: 6827635 bytes
->Temporary Internet Files folder emptied: 13028382 bytes
->Java cache emptied: 12049796 bytes
->Google Chrome cache emptied: 6260932 bytes
->Flash cache emptied: 107215 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 851640 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Inte rnet Files folder emptied: 36045734 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 72.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: kim
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.53.1 log created on 07152012_085544
 
Files\Folders moved on Reboot...
File move failed. C:\Users\kim\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be m oved on reboot.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SN9D XSV9\ads[4].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SN9D XSV9\ddc[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J3B0 8Q6I\ads[2].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J3B0 8Q6I\ads[3].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT mov ed successfully.
File move failed. C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Lo w\SuggestedSites.dat scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
[2012/07/14 16:07:01 | 000,000,000 | ---- | M] () C:\Users\kim\AppData\Local\Temp\FXSAPIDe bugLogFile.txt : Unable to obtain MD5
File C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 \SN9DXSV9\ads[4].htm not found!
File C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 \SN9DXSV9\ddc[1].htm not found!
File C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 \J3B08Q6I\ads[2].htm not found!
File C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 \J3B08Q6I\ads[3].htm not found!
File C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DA T not found!
[2012/07/12 20:28:49 | 005,242,991 | ---- | M] () C:\Users\kim\AppData\Local\Microsoft\Win dows\Temporary Internet Files\Low\SuggestedSites.dat : Unable to obtain MD5
 
Registry entries deleted on Reboot...


--
He used to say that soul shine, is better than sunshine, better than moonshine, damn sure better than rain.

Debunking the 2012 hysteria. | Always looking for a new job | Begging the Wilpons to sell the Mets.]]> http://www.dslreports.com/forum/Re-Is-this-PC-infected-27330802 Sun, 15 Jul 2012 12:16:27 EDT Re: Is this PC infected? http://www.dslreports.com/forum/Re-Is-this-PC-infected-27329419
Run OTL

    [*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:


    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »toolbar.inbox.com/ search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = »toolbar.i nbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80110&lng=en
    O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\kim\AppDat a\Local\Temp\low\COUPON~1.DLL File not found
    O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\kim\ AppData\Local\Temp\low\CouponsBar.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C: \Users\kim\AppData\Local\Temp\low\CouponsBar.dll File not found

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


    [*]Then click the Run Fix button at the top
    [*]Let the program run unhindered, reboot the PC when it is done
    [*]Once you see a message box "Fix complete! Click OK to open the fix log."
    [*]Click the OK button
    [*]The log will open in Notepad (your default text editor).
    {*]Save the log. Post a copy of that log in your next reply.


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum]]> http://www.dslreports.com/forum/Re-Is-this-PC-infected-27329419 Sat, 14 Jul 2012 17:19:03 EDT Re: Is this PC infected? http://www.dslreports.com/forum/Re-Is-this-PC-infected-27329363

OTL logfile created on: 7/14/2012 4:10:41 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\kim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.43% Memory free
7.98 Gb Paging File | 6.30 Gb Available in Paging File | 79.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.72 Gb Total Space | 400.16 Gb Free Space | 88.20% Space Free | Partition Ty pe: NTFS
Drive D: | 11.95 Gb Total Space | 2.17 Gb Free Space | 18.19% Space Free | Partition Type: NTFS

Computer Name: KIM-PC | User Name: kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/07/12 20:26:39 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Wi ndows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/11 21:46:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\kim\Desk top\OTL.exe
PRC - [2012/02/24 09:09:05 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x8 6)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Progr am Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/07/12 12:53:00 | 000,399,032 | ---- | M] (Cisco Systems, Inc.) -- C:\Program F iles (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Fil es (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Fil es (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86) \Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/06/03 15:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Progr am Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/05/26 04:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/03/17 04:26:16 | 000,759,728 | ---- | M] (Skinkers Communications) -- C:\Progr am Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/06/15 07:47:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms .ni.dll
MOD - [2012/06/14 08:25:17 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramewor k.ni.dll
MOD - [2012/06/14 08:25:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 08:24:57 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/12 09:54:36 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dl l
MOD - [2012/05/12 09:54:35 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll
MOD - [2012/05/12 09:49:50 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramewor k.Aero.ni.dll
MOD - [2012/05/12 09:49:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remot ing.ni.dll
MOD - [2012/05/12 09:49:36 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 09:49:11 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dl l
MOD - [2012/05/12 09:49:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 09:48:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 09:48:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration .ni.dll
MOD - [2012/05/12 09:48:55 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 09:48:50 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImage s_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/07 09:00:21 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP .ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common F iles\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common F iles\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\Syst em.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/06/30 00:12:54 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/06/30 00:12:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/06/30 00:12:42 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\MessagingServer.dll
MOD - [2010/06/30 00:12:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\MessagingClients.dll
MOD - [2010/06/30 00:12:40 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\RemotingClient.dll
MOD - [2010/06/30 00:12:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/06/30 00:12:36 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/06/30 00:12:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett- Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb4 0.dll
MOD - [2009/06/03 15:43:14 | 001,703,936 | ---- | M] () -- C:\Users\kim\AppData\Roaming\Pi ctureMover\EN-US\Presentation.dll
MOD - [2009/06/03 15:34:18 | 003,764,224 | ---- | M] () -- C:\Users\kim\AppData\Roaming\Pi ctureMover\Bin\Core.dll
MOD - [2009/05/26 04:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett- Packard\HP Remote Solution\HP_Remote_Solution.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/12 20:26:39 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Dema nd | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (Adobe FlashPlayerUpdateSvc)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Run ning] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- ( HP Support Assistant Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Runnin g] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Run ning] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe )
SRV - [2010/07/12 12:53:00 | 000,399,032 | ---- | M] (Cisco Systems, Inc.) [Auto | Running ] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopp ed] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4. 0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | S topped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization _v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stop ped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameCon soleService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/10 13:58:01 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEv ent)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [K ernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiW DM)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sy s -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\sr tsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.s ys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa6 4.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sy s -- (SymIRON)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Compan y) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 12:53:00 | 000,027,640 | ---- | M] (Cisco Systems, Inc.) [ Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\9DEE.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Ke rnel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/20 20:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\driv ers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kern el | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [K ernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/16 07:32:14 | 006,112,672 | ---- | M] (Intel Corporation) [Ke rnel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Wor ks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- ( hcw85cir)
DRV - [2012/06/18 20:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | Syst em | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.2 9\Definitions\BASHDefs\20120711.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/06/14 14:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | Syst em | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.2 9\Definitions\IPSDefs\20120713.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/05/31 08:06:57 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | Syst em | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/31 08:06:57 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_D emand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtil RebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 22:10:35 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_D emand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1. 0.29\Definitions\VirusDefs\20120713.035\ex64.sys -- (NAVEX15)
DRV - [2012/05/15 22:10:35 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_D emand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1. 0.29\Definitions\VirusDefs\20120713.035\eng64.sys -- (NAVENG)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.r edirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA99 90}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = ht tp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?} &ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = ht tp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = ht tp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ie.redirect. hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank .htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.redirect.hp.com /svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.googl e.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEnco ding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = »www.ask.c om/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = »www.bing. com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ie.redirect. hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »toolbar.inbox.com/ search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.redirect.hp.com /svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {E715678E-6F58-4CEF-AB9F-F1F4D371F022}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.googl e.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEnco ding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = »www.ask.c om/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = »www.ask.c om/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = »toolbar.i nbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80110&lng=en
IE - HKCU\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = »www.bing. com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = * .local


[color=#E56717]========== FireFox ==========[/color]

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Prog ram Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iT unes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Go ogle\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\b in\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86 )\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Fi les (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Fi les (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Re ader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-4176 4D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSF FPlgn\ [2012/05/04 11:50:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2 F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFF Plgn_2011_7_9_4 [2012/07/14 15:46:50 | 000,000,000 | ---D | M]


[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: »www.google.com/

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\dri vers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files ( x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\kim\AppDat a\Local\Temp\low\COUPON~1.DLL File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Pr ogram Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\ Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Fil es (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD 4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8 414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\kim\ AppData\Local\Temp\low\CouponsBar.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Progr am Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18 -009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C: \Users\kim\AppData\Local\Temp\low\CouponsBar.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corpora tion)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corpora tion)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corp oration)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\ SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [American Airlines DealFinder] C:\Program Files (x86)\American Airlines D ealFinder\American_Airlines_DealFinder.exe (Skinkers Communications)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application S upport\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Sol ution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.ex e (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technolo gy\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Onlin e Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITr ansfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChan ges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehavior Admin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehavior User = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Progr am Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A. )
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Techno logies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program File s\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\ mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} »access.ise.com/CACHE/stc/2/binar ies/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} »access.ise.com/CACHE/sdesktop/in stall/binaries/instweb.cab (CSD ActiveX Installer)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/Onl ineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinstal l-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinstal l-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinstal l-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlusP lus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.22 0.220 167.206.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAAA253F-3C4D-4C3F-BE1D-913601 7FB020}: DhcpNameServer = 208.67.222.222 208.67.220.220 167.206.254.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Pro gram Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S. A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Micro soft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Wind ows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windo ws\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microso ft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNativ e\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID va lue found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{708dab56-26f5-11e1-9dd6-90e6ba13fd8e}\Shell - "" = AutoRun
O33 - MountPoints2\{708dab56-26f5-11e1-9dd6-90e6ba13fd8e}\Shell\AutoRun\command - "" = J:\ TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/07/13 18:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start M enu\Programs\Sophos
[2012/07/13 18:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/12 20:26:39 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\ SysWow64\FlashPlayerApp.exe
[2012/07/11 21:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/11 21:50:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\mshtmled.dll
[2012/07/11 21:50:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWo w64\mshtmled.dll
[2012/07/11 21:50:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\ieui.dll
[2012/07/11 21:50:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\url.dll
[2012/07/11 21:50:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWo w64\url.dll
[2012/07/11 21:50:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWo w64\ieui.dll
[2012/07/11 21:50:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\ieUnatt.exe
[2012/07/11 21:50:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWo w64\ieUnatt.exe
[2012/07/11 21:50:13 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\jscript9.dll
[2012/07/11 21:50:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\inetcpl.cpl
[2012/07/11 21:50:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWo w64\inetcpl.cpl
[2012/07/11 21:50:13 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\jscript.dll
[2012/07/11 21:50:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWo w64\jscript.dll
[2012/07/11 21:46:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\kim\Desktop\OT L.exe
[2012/07/11 21:22:08 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Malwarebyte s
[2012/07/11 21:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start M enu\Programs\Malwarebytes' Anti-Malware
[2012/07/11 21:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/11 21:22:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\Sy sNative\drivers\mbam.sys
[2012/07/11 21:22:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Ant i-Malware
[2012/07/11 21:16:00 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\ncrypt.dll
[2012/07/11 21:15:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWo w64\msxml3r.dll
[2012/07/11 21:15:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\msxml3r.dll
[2012/07/11 21:15:53 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\cdosys.dll
[2012/07/11 21:15:53 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWo w64\cdosys.dll
[2012/07/02 09:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start M enu\Programs\QuickTime
[2012/06/21 07:42:05 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wucltux.dll
[2012/06/21 07:42:05 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wuauclt.exe
[2012/06/21 07:42:05 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wups2.dll
[2012/06/21 07:41:54 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wuapi.dll
[2012/06/21 07:41:54 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wudriver.dll
[2012/06/21 07:41:54 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wups.dll
[2012/06/21 07:41:43 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wuwebv.dll
[2012/06/21 07:41:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNa tive\wuapp.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/07/14 16:06:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMach ineCore.job
[2012/07/14 15:54:01 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-49 7e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 15:54:01 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-49 7e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 15:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMach ineUA.job
[2012/07/14 15:50:57 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup .INI
[2012/07/14 15:50:57 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/14 15:50:57 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/14 15:46:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/14 15:46:38 | 3213,537,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 15:45:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player U pdater.job
[2012/07/13 18:53:16 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2012/07/12 20:26:39 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\ SysWow64\FlashPlayerApp.exe
[2012/07/12 20:26:39 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\ SysWow64\FlashPlayerCPLApp.cpl
[2012/07/12 20:25:39 | 000,329,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 21:46:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\kim\Desktop\OT L.exe
[2012/07/11 21:44:59 | 000,001,180 | ---- | M] () -- C:\Users\kim\Desktop\My Pictures - Sh ortcut.lnk
[2012/07/11 21:44:55 | 000,001,153 | ---- | M] () -- C:\Users\kim\Desktop\My Music - Short cut.lnk
[2012/07/11 21:44:47 | 000,001,193 | ---- | M] () -- C:\Users\kim\Desktop\My Documents - S hortcut.lnk
[2012/07/11 21:22:03 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 21:21:43 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/04 10:11:21 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkim. job
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\Sy sNative\drivers\mbam.sys
[2012/07/02 09:34:24 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Pla yer.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/07/13 18:53:16 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2012/07/12 20:26:41 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player U pdater.job
[2012/07/11 21:44:59 | 000,001,180 | ---- | C] () -- C:\Users\kim\Desktop\My Pictures - Sh ortcut.lnk
[2012/07/11 21:44:55 | 000,001,153 | ---- | C] () -- C:\Users\kim\Desktop\My Music - Short cut.lnk
[2012/07/11 21:44:47 | 000,001,193 | ---- | C] () -- C:\Users\kim\Desktop\My Documents - S hortcut.lnk
[2012/07/11 21:22:03 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 21:21:12 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/11 21:21:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Star t Menu\Programs\Adobe Reader 9.lnk
[2012/07/02 09:34:24 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Pla yer.lnk
[2012/01/21 13:10:43 | 000,014,358 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZ ED_0120122136[1]_navi.JPG
[2012/01/21 13:10:30 | 000,029,401 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZ ED_0120122136[1].JPG
[2012/01/21 13:10:30 | 000,028,104 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZ ED_0120122136[1].0
[2011/11/13 21:08:36 | 001,939,766 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpM,ANNUA LHEALTHASSESS.0
[2011/11/13 21:08:36 | 000,407,504 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpM,ANNUA LHEALTHASSESS.JPG
[2011/05/15 22:10:07 | 000,001,854 | ---- | C] () -- C:\Users\kim\AppData\Roaming\GhostObj GAFix.xml
[2010/08/15 10:02:13 | 000,001,212 | ---- | C] () -- C:\Users\kim\AppData\Roaming\wklnhst. dat
[2009/11/08 10:14:39 | 000,129,173 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpHWEEN3[ 1].JPG

[color=#E56717]========== LOP Check ==========[/color]

[2009/12/31 22:17:40 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\American Ai rlines DealFinder
[2011/07/31 11:13:04 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\com.adobe.m auby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/01 20:47:07 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\PictureMove r
[2010/08/15 10:02:14 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Template
[2009/11/16 17:47:14 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\WinBatch
[2012/05/01 07:55:50 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMainten ance.job
[2011/09/16 21:23:19 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]


End of report


--
He used to say that soul shine, is better than sunshine, better than moonshine, damn sure better than rain.

Debunking the 2012 hysteria. | Always looking for a new job | Begging the Wilpons to sell the Mets.]]> http://www.dslreports.com/forum/Re-Is-this-PC-infected-27329363 Sat, 14 Jul 2012 16:55:44 EDT Re: Is this PC infected? http://www.dslreports.com/forum/Re-Is-this-PC-infected-27328768
One more item to remove via Add/Remove Programs:
Inbox Toolbar

Once you have that removed, run OTL again, and post the new log in this thread. Note that there will not be a new Extras log.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum]]> http://www.dslreports.com/forum/Re-Is-this-PC-infected-27328768 Sat, 14 Jul 2012 11:19:32 EDT Re: Is this PC infected? http://www.dslreports.com/forum/Re-Is-this-PC-infected-27328738 said by LoPhatPhuud:

First:
Please use Add/Remove Programs to uninstall the programs listed below. All have adware and privacy issues.

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"TTB000001.TTB000001Toolbar" = CouponBar

Done.

said by LoPhatPhuud:

Second:
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications

Done.

I installed and ran Sophos Anti-Rootkit, but it would only let me check "Windows Registry" and "Local Hard Drives". The "Running Processes" box was greyed-out.


 
ophos Anti-Rootkit Version 1.5.4  (c) 2009 Sophos Plc
Started logging on 7/13/2012 at 18:55:01 PM
User "kim" on computer "KIM-PC"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info:	Starting registry scan.
Info:	Starting disk scan of C: (NTFS).
Hidden:	file C:\ProgramData\Norton\00000082\00000121\000005d6\cltLMS1.dat
Hidden:	file C:\ProgramData\Norton\00000082\00000121\000005d6\cltLMS2.dat
Hidden:	file C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\De finitions\VirusDefs\20120711.018\VersionInfo.dat
Hidden:	file C:\Windows\SysWOW64\en-US\osk.exe.mui
Hidden:	file C:\Windows\System32\nshipsec.dll
Info:	Starting disk scan of D: (NTFS).
Hidden:	file D:\hp\Apps\APP04585\src\ISSetup.dll
Hidden:	file D:\hp\Apps\APP04585\src\Power2Go.Gadget\images\audio\audio0001.png
Stopped logging on 7/14/2012 at 10:45:28 AM


(The scan didn't really take over-night, but I fell asleep and it looks like the PC went to sleep itself, and paused the scan.)

--
He used to say that soul shine, is better than sunshine, better than moonshine, damn sure better than rain.

Debunking the 2012 hysteria. | Always looking for a new job | Begging the Wilpons to sell the Mets.]]> http://www.dslreports.com/forum/Re-Is-this-PC-infected-27328738 Sat, 14 Jul 2012 11:01:16 EDT Re: Is this PC infected? http://www.dslreports.com/forum/Re-Is-this-PC-infected-27325440
First:
Please use Add/Remove Programs to uninstall the programs listed below. All have adware and privacy issues.

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"TTB000001.TTB000001Toolbar" = CouponBar

Second:
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum]]> http://www.dslreports.com/forum/Re-Is-this-PC-infected-27325440 Fri, 13 Jul 2012 10:35:34 EDT Re: Is this PC infected? http://www.dslreports.com/forum/Re-Is-this-PC-infected-27324035 EXTRAS.TXT

OTL Extras logfile created on: 7/11/2012 9:47:31 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\kim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 45.12% Memory free
7.98 Gb Paging File | 6.00 Gb Available in Paging File | 75.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.72 Gb Total Space | 398.72 Gb Free Space | 87.88% Space Free | Partition Type: NTFS
Drive D: | 11.95 Gb Total Space | 2.17 Gb Free Space | 18.19% Space Free | Partition Type: NTFS

Computer Name: KIM-PC | User Name: kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)
"C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)
"C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0123D01B-9FDB-4D89-9182-7DD0186000EF}" = rport=139 | protocol=6 | dir=out | app=system |
"{1AF780D4-DC33-462D-857C-1158A8B4765E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3187C89F-BE6C-4115-A8E4-59256725AF24}" = rport=445 | protocol=6 | dir=out | app=system |
"{3327741C-E000-4024-B9A1-61B0BF775F15}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38713877-20EB-43E8-9D2E-9D325ADC7A85}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3ACB6018-B801-41CE-BF35-3D6A7B991B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{496A5525-8B11-4498-87E9-198D01897CA2}" = lport=445 | protocol=6 | dir=in | app=system |
"{543E0CFD-AF41-4D92-9045-B7C67250246E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{658F0FA4-63AD-4F28-BDC2-C1FC692F9430}" = rport=138 | protocol=17 | dir=out | app=system |
"{6B4AFB30-9429-479B-ADA3-A11993504559}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6FBB2945-F8B9-4617-AA0A-56DDEAF2E636}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7034A96B-027D-4B76-A20A-CF96EF7AB826}" = lport=138 | protocol=17 | dir=in | app=system |
"{7B6DBD1E-C3CB-4886-A1B0-F89FD4D1D3ED}" = lport=137 | protocol=17 | dir=in | app=system |
"{7BF04354-CA46-4753-93B8-D659B33B0A39}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A118F8F1-BB60-499F-8749-B2121CF4E0F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF30EA06-52D9-4E96-B520-9899AF0AEF49}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B2B7BB87-83BF-45D7-9ED0-DE06D37B6232}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C5426BD3-FA22-46D4-A188-080175D56FA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBEF0ED1-0258-4766-BDDF-A6B6F487CCCF}" = rport=137 | protocol=17 | dir=out | app=system |
"{D153C395-D1A8-4CFA-9069-D12A2FF12293}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5FB5BDA-7E8B-43DD-9B9D-D6D5C2E15A81}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D61D9534-B27C-4213-BA1E-16AE94F6262E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0BCBB61-DFB1-4CAB-B396-0DD412248B58}" = lport=139 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09465775-2867-42A9-935F-C31A01C89643}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{13A9AC43-A5A5-49FE-BF27-2851F5508CB7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{17626CE9-DE35-4555-86EA-9BECBB936462}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1995747A-A66A-4118-AA79-D53B5A615722}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1BAF501C-0C99-4217-BB6F-FB94AC9B9918}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25CC5245-A258-4FFA-96BC-4582E8258371}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{326FA30D-9501-4DD6-A89F-A19EEB058361}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{363E2750-E3FF-4F69-B927-FC104D6CB7E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F512A65-E71B-4455-9964-63DF18393931}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{4065D34D-3CBC-4FD1-B47C-236A970F649D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46A32259-CB4D-46DA-B7A7-D31394591A52}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{473723DE-5F21-4A49-8DDA-BD333B4B43D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{48B89C30-B9B7-4BE4-89E2-CBC3828750D4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A028820-CCF8-4F1F-8994-EE5D8F611C73}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{4B258193-1DCA-4409-8029-128D912F7A55}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{4BBC4292-49A4-4124-B874-FDC81866C7CE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{586CC949-E695-4BF3-BDC9-660B3A71AEBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A4BBCA3-C4FB-4AD6-8D03-8B665C1B9D30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CB216D6-80F9-4567-BF5E-B51AC379B6DC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{5EFC787D-53DB-407C-968D-65EAD107CC94}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{605789A6-2FB7-4A97-994B-7B6DCD0D3876}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62BB38EB-3714-446E-8C98-5F39130DB581}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{65FD7CD5-7EDA-493F-BB5C-BAE64B8EC91E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{7184B98C-BCE4-4415-AE77-829E01FA9198}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E9B213B-5C1B-4625-8E57-1897874680CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80855AD1-9519-476F-8964-5FE3756097BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8465BFCF-D3B9-4642-9033-9CFE4DC34240}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{85C9FA15-69BD-46B9-A243-3B83CD3B61FD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{88CD7623-3B49-4A66-B2F3-ED64478BEB12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{930B7BD4-711F-4D0D-B36C-620E0FB9C94D}" = protocol=6 | dir=out | app=system |
"{970E5F6C-8F82-4568-99FD-8A5E83BD3D2A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9DDC311C-99D3-411D-B339-AE42437975AB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F252303-670F-4898-9A3F-9C336CA334D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A05ED65F-1B57-40D6-84CA-E849E531EBF8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{B10B035F-5C23-4CB7-887D-D0CD852943F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA02F517-797F-4F47-9D8B-727370A43F5C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BE4B3CE7-7C5B-416D-890F-647DD0757D4D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{CA1A5CEF-84CC-48BA-9FFA-BD3CF020C4C5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{CBD5BA76-0B38-4CB2-9AA1-4D6B6E8EDC8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD31F8E9-3961-4E8C-AE33-6913C1F30C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB32928F-4DF1-4D44-940A-5B6CBDC1909E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{FC63B8ED-AAC5-4DD5-ADAD-50373268EADC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{FFD26CBB-A4CA-48EC-A2B3-3D3B4C9CD5B0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"TCP Query User{2AB5CF94-452E-45C3-873A-3F5177192F5E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{2540F9CC-366B-4374-BAEB-730A48E3D649}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{065717D4-B980-434B-B778-0F14FBDB4AC3}" = Cisco AnyConnect VPN Client
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"Adobe AIR" = Adobe AIR
"American Airlines DealFinder" = American Airlines DealFinder (remove only)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Homepage Protection" = Homepage Protection
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"N360" = Norton 360
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"TTB000001.TTB000001Toolbar" = CouponBar
"WildTangent hp Master Uninstall" = HP Games
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 6/25/2012 11:17:34 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4555

Error - 6/25/2012 11:17:35 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/25/2012 11:17:35 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5553

Error - 6/25/2012 11:17:35 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5553

Error - 6/25/2012 11:17:36 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/25/2012 11:17:36 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6552

Error - 6/25/2012 11:17:36 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6552

Error - 6/25/2012 11:17:37 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/25/2012 11:17:37 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7550

Error - 6/25/2012 11:17:37 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7550

[ Hewlett-Packard Events ]
Error - 5/13/2012 3:14:40 PM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/16/2012 7:51:13 AM | Computer Name = kim-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 5/16/2012 7:54:31 AM | Computer Name = kim-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 5/16/2012 8:03:15 AM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/16/2012 8:03:15 AM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/21/2012 8:24:08 PM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/21/2012 8:24:09 PM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/27/2012 12:04:03 PM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/27/2012 12:04:03 PM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/3/2012 11:35:52 AM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 9/5/2011 11:00:52 AM | Computer Name = kim-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/6/2011 8:19:11 AM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 9/6/2011 8:20:15 AM | Computer Name = kim-PC | Source = DCOM | ID = 10010
Description =

Error - 9/28/2011 10:48:50 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 10/4/2011 8:01:57 AM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/4/2011 8:02:06 AM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/4/2011 8:03:06 AM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 10/15/2011 10:59:37 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 10/30/2011 10:32:29 AM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/30/2011 12:51:17 PM | Computer Name = kim-PC | Source = DCOM | ID = 10010
Description =


< End of report >

CHECKUP.TXT

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Enabled!
ESET Online Scanner v3
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Java(TM) 6 Update 26
[color=red]Out of date Java installed![/color]
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Norton ccSvcHst.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
``````````End of Log````````````

ESET ONLINE SCANNER(FOUND NOTHING)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
--
He used to say that soul shine, is better than sunshine, better than moonshine, damn sure better than rain.

Debunking the 2012 hysteria. | Always looking for a new job | Begging the Wilpons to sell the Mets.]]> http://www.dslreports.com/forum/Re-Is-this-PC-infected-27324035 Thu, 12 Jul 2012 20:48:20 EDT Is this PC infected? http://www.dslreports.com/forum/Is-this-PC-infected-27324023
A coworker asked me to checkout her PC, so I said yes. I'm a bit puzzled by this one, but here are the facts:

My coworker came to me and said that she clicked on an email from her friend. It was from her friend, but it was a spam message and my coworker didn't realize it. She clicked on the link within the email, and immediately something came on the screen telling her she's infected, buy this software to get rid of it, and she can't "open anything". I tell her, "yeah, just give me the PC, I'll fix it for you" because I've done a bunch of these for people; sometimes they're so bad, I just wipe and reload, but it's fixed and they're happy. At any rate...

I turned this machine on, and it booted right to the desktop with no problems. No popups, no obvious suspicious activity or applications. In short, I don't see a problem. At any rate, I peeked around a bit, still couldn't find anything, so I decided to do right by her and do a "tune up" of sorts. This is a ~3 year old nice HP desktop in excellent working order. At the same time, I wanted to check with you guys/gals here to make sure there isn't something I'm missing. My coworker is a very novice PC user, so I'm confident she saw what she saw. With that said, I can't find anything. :) So here we go:

The only curious thing I did find was that Norton Internet Security is installed, and as of 7/11 (2 days after giving me the machine) it has 365 days of protection left. I guess it's possible that she installed this and didn't tell me, and NIS removed the issue(s), but I could find nothing of value in the NIS quarantine logs.

I ran TFC as requested, and the machine rebooted. Following the rest of the mandatory steps, here goes:

MBAM LOG
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kim :: KIM-PC [administrator]

7/11/2012 10:18:01 PM
mbam-log-2012-07-11 (22-18-01).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 378467
Time elapsed: 1 hour(s), 29 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL.TXT

OTL logfile created on: 7/11/2012 9:47:31 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\kim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 45.12% Memory free
7.98 Gb Paging File | 6.00 Gb Available in Paging File | 75.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.72 Gb Total Space | 398.72 Gb Free Space | 87.88% Space Free | Partition Type: NTFS
Drive D: | 11.95 Gb Total Space | 2.17 Gb Free Space | 18.19% Space Free | Partition Type: NTFS

Computer Name: KIM-PC | User Name: kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/07/11 21:46:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.exe
PRC - [2012/02/24 09:09:05 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/12/10 14:46:28 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/08/09 15:25:36 | 000,885,216 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe
PRC - [2010/07/12 12:53:00 | 000,399,032 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/06/03 15:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/05/26 04:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/03/17 04:26:16 | 000,759,728 | ---- | M] (Skinkers Communications) -- C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/06/15 07:47:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:25:17 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 08:25:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 08:24:57 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/12 09:54:36 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 09:54:35 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll
MOD - [2012/05/12 09:49:50 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 09:49:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 09:49:36 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 09:49:11 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/12 09:49:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 09:48:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 09:48:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 09:48:55 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 09:48:50 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/07 09:00:21 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/08/09 15:25:36 | 000,885,216 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe
MOD - [2010/08/09 15:25:36 | 000,177,616 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SRebates.dll
MOD - [2010/06/30 00:12:54 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/06/30 00:12:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/06/30 00:12:42 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/06/30 00:12:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/06/30 00:12:40 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/06/30 00:12:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/06/30 00:12:36 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/06/30 00:12:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/03 15:43:14 | 001,703,936 | ---- | M] () -- C:\Users\kim\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2009/06/03 15:34:18 | 003,764,224 | ---- | M] () -- C:\Users\kim\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/05/26 04:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/12 12:53:00 | 000,399,032 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/10 13:58:01 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 12:53:00 | 000,027,640 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/20 20:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/16 07:32:14 | 006,112,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/18 20:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/06/14 14:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120711.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/05/31 08:06:57 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/31 08:06:57 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 22:10:35 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120711.018\ex64.sys -- (NAVEX15)
DRV - [2012/05/15 22:10:35 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120711.018\eng64.sys -- (NAVENG)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = »www.ask.com/web?q={searchterms}&···&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = »www.bing.com/search?q={searchTer···earchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7
IE - HKLM\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = »www.ask.com/web?q={searchterms}&···&o=ushpd
IE - HKLM\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = »www.bing.com/search?q={searchTer···earchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »toolbar.inbox.com/search/dispatc···language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »ie.redirect.hp.com/svs/rdr?TYPE=···&pf=cndt
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {E715678E-6F58-4CEF-AB9F-F1F4D371F022}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···7ADRA_en
IE - HKCU\..\SearchScopes\{A8ED5BDF-C010-494C-B6B3-DD198D35270D}: "URL" = »www.ask.com/web?q={searchterms}&···&o=ushpd
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = »www.ask.com/web?q={SEARCHTERMS}&···US&ver=5
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = »toolbar.inbox.com/search/dispatc···0&lng=en
IE - HKCU\..\SearchScopes\{E715678E-6F58-4CEF-AB9F-F1F4D371F022}: "URL" = »www.bing.com/search?q={searchTer···earchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/05/04 11:50:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_9_4 [2012/07/11 21:10:17 | 000,000,000 | ---D | M]


[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: »www.google.com/

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\kim\AppData\Local\Temp\low\COUPON~1.DLL File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\kim\AppData\Local\Temp\low\CouponsBar.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\kim\AppData\Local\Temp\low\CouponsBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [American Airlines DealFinder] C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe (Skinkers Communications)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} »access.ise.com/CACHE/stc/2/binar···nweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} »access.ise.com/CACHE/sdesktop/in···tweb.cab (CSD ActiveX Installer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 167.206.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAAA253F-3C4D-4C3F-BE1D-9136017FB020}: DhcpNameServer = 208.67.222.222 208.67.220.220 167.206.254.1
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{708dab56-26f5-11e1-9dd6-90e6ba13fd8e}\Shell - "" = AutoRun
O33 - MountPoints2\{708dab56-26f5-11e1-9dd6-90e6ba13fd8e}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/07/11 21:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/11 21:54:08 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/07/11 21:46:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.exe
[2012/07/11 21:22:08 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Malwarebytes
[2012/07/11 21:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/11 21:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/11 21:22:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/11 21:22:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/11 21:15:53 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 21:15:53 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/02 09:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/21 07:42:05 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 07:42:05 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 07:42:05 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 07:41:54 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 07:41:54 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 07:41:54 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 07:41:43 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 07:41:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/14 07:49:58 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/14 07:49:57 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 07:49:57 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 07:49:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 07:49:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 07:49:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/14 07:49:35 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/14 07:48:08 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/14 07:48:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 08:09:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 08:09:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 08:09:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 08:09:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 08:09:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 08:09:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 08:09:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 08:09:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 08:08:58 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 08:08:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 08:08:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 08:08:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 08:08:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/07/11 21:54:40 | 002,095,484 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Cat.DB
[2012/07/11 21:53:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/11 21:46:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.exe
[2012/07/11 21:44:59 | 000,001,180 | ---- | M] () -- C:\Users\kim\Desktop\My Pictures - Shortcut.lnk
[2012/07/11 21:44:55 | 000,001,153 | ---- | M] () -- C:\Users\kim\Desktop\My Music - Shortcut.lnk
[2012/07/11 21:44:47 | 000,001,193 | ---- | M] () -- C:\Users\kim\Desktop\My Documents - Shortcut.lnk
[2012/07/11 21:22:03 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 21:21:43 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/11 21:20:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/11 21:17:30 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 21:17:30 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 21:15:40 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/11 21:15:40 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/11 21:15:40 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/11 21:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/11 21:10:06 | 3213,537,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 10:11:21 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkim.job
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/02 09:34:24 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/15 07:47:11 | 000,329,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 19:17:36 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/07/11 21:44:59 | 000,001,180 | ---- | C] () -- C:\Users\kim\Desktop\My Pictures - Shortcut.lnk
[2012/07/11 21:44:55 | 000,001,153 | ---- | C] () -- C:\Users\kim\Desktop\My Music - Shortcut.lnk
[2012/07/11 21:44:47 | 000,001,193 | ---- | C] () -- C:\Users\kim\Desktop\My Documents - Shortcut.lnk
[2012/07/11 21:22:03 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 21:21:12 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/11 21:21:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/07/02 09:34:24 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/21 13:10:43 | 000,014,358 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZED_0120122136[1]_navi.JPG
[2012/01/21 13:10:30 | 000,029,401 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZED_0120122136[1].JPG
[2012/01/21 13:10:30 | 000,028,104 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpDOWNSIZED_0120122136[1].0
[2011/11/13 21:08:36 | 001,939,766 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpM,ANNUALHEALTHASSESS.0
[2011/11/13 21:08:36 | 000,407,504 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpM,ANNUALHEALTHASSESS.JPG
[2011/05/15 22:10:07 | 000,001,854 | ---- | C] () -- C:\Users\kim\AppData\Roaming\GhostObjGAFix.xml
[2010/08/15 10:02:13 | 000,001,212 | ---- | C] () -- C:\Users\kim\AppData\Roaming\wklnhst.dat
[2009/11/08 10:14:39 | 000,129,173 | ---- | C] () -- C:\Users\kim\AppData\Local\tmpHWEEN3[1].JPG

[color=#E56717]========== LOP Check ==========[/color]

[2009/12/31 22:17:40 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\American Airlines DealFinder
[2011/07/31 11:13:04 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/01 20:47:07 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\PictureMover
[2010/08/15 10:02:14 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Template
[2009/11/16 17:47:14 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\WinBatch
[2012/05/01 07:55:50 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/09/16 21:23:19 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >
--
He used to say that soul shine, is better than sunshine, better than moonshine, damn sure better than rain.

Debunking the 2012 hysteria. | Always looking for a new job | Begging the Wilpons to sell the Mets.]]> http://www.dslreports.com/forum/Is-this-PC-infected-27324023 Thu, 12 Jul 2012 20:46:24 EDT