Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Suspicious Event

Started by CdnNoodles , Jun 19 2012 11:39 PM

Please log in to reply

4 replies to this topic

#1 CdnNoodles

New Member

Member
2 posts

Posted 19 June 2012 - 11:39 PM

Hi,

About two days also, I started my computer, and found somethings amiss. My taskbar was changed to classic theme, some icons were running at the start that I did not recognize, and a program that I had uninstalled the previous day reappeared.

I had uninstalled IOBit's Smart Defrag the previous in order to install Defraggler (I like CCleaner a lot so I was going to try Defraggler out) and I had clearly deleted the file folder containing Smart Defrag, but the next day, the program was back and running at start up along with the other problems. The troubling bit was that when I went back to the Program files folder to see what was going on, the Smart Defrag folder had a creation date of the previous night. Sort of like haunt of the unloved software.

Another big issue is that my hard drive had been near full capacity with only 20 GBs of free space left over. It has been like this for months already. However, the morning I booted up my computer, I suddenly had 40GBs more of free space, for a total of 60GBs. Now, the previous night, I had ran avast scan, boot scan, MalwareBytes, CCleaner, and Defraggler, and I deleted a lot of stuff that was undesirable, but I am sure it was not 40GBs worth.

Anyways, I have "fixed" some of the issues; I have deleted Smart Defrag again and it hasn't come back yet. For the taskbar issue, I restarted the Theme service and changed it back to how it was before.

Now, I am finding that my computer occasionally freezes for varying amounts of time (a few seconds to a few minutes); I also have not been able to find a remedy or explanation for the sudden appearance of 40GBs on my harddrive.

Here are the logs:

MalewareBytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.19.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Harris :: HARRIS-PC [administrator]

6/19/2012 6:26:25 PM
mbam-log-2012-06-19 (18-26-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230375
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL

OTL logfile created on: 6/19/2012 6:50:55 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Harris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 58.49% Memory free
5.98 Gb Paging File | 4.82 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.94 Gb Total Space | 58.27 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 1.53 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Computer Name: HARRIS-PC | User Name: Harris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/19 03:54:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Harris\Desktop\OTL.exe
PRC - [2012/06/08 07:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/06/08 07:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Harris\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/21 17:22:20 | 000,139,264 | ---- | M] () -- C:\Program Files\Razer\Salmosa\razertra.exe
PRC - [2008/08/21 15:28:44 | 000,139,264 | ---- | M] () -- C:\Program Files\Razer\Salmosa\razerhid.exe
PRC - [2008/08/15 14:20:18 | 000,151,552 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Salmosa\razerofa.exe
PRC - [2008/04/01 11:24:57 | 000,590,504 | ---- | M] ( ) -- C:\Windows\System32\lmabcoms.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/18 11:59:07 | 000,115,137 | ---- | M] () -- C:\Users\Harris\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2012/06/14 04:41:11 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012/06/14 04:38:52 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012/06/14 04:38:37 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/06/14 04:11:25 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/06/14 04:11:06 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/06/14 04:10:49 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/06/14 04:10:46 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/06/14 04:10:36 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/06/14 04:10:32 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/06/14 04:10:29 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/06/14 04:10:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/06/14 04:10:24 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/06/14 04:10:19 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/06/14 04:10:09 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/06/08 07:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/08/21 17:22:20 | 000,139,264 | ---- | M] () -- C:\Program Files\Razer\Salmosa\razertra.exe
MOD - [2008/08/21 15:28:44 | 000,139,264 | ---- | M] () -- C:\Program Files\Razer\Salmosa\razerhid.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/05/22 23:15:33 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/07 16:21:22 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/28 21:01:50 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2009/03/16 15:37:00 | 002,849,844 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/04/01 11:24:57 | 000,590,504 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lmabcoms.exe -- (lmab_device)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva349.sys -- (XDva349)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\point32k.sys -- (Point32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Harris\AppData\Local\Temp\JJIAE9.tmp -- (GarenaPEngine)
DRV - [2012/05/30 22:54:50 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/26 21:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/10/26 21:25:54 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2010/07/09 13:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/01/17 01:12:07 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/06 15:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/06/06 15:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 10:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/22 05:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/03/20 16:59:08 | 000,009,344 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Salmosa.sys -- (Salmosa03)
DRV - [2008/02/12 11:27:34 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2008/02/12 11:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 11:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {160C2CF3-06A5-4099-8E6A-46EBCA05D43C}
IE - HKLM\..\SearchScopes\{160C2CF3-06A5-4099-8E6A-46EBCA05D43C}: "URL" = http://search.yahoo....e...&fr=hp-psdt
IE - HKLM\..\SearchScopes\{DCF3AC98-A906-487C-B473-9062A3EA757C}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000023542d89d5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000023542d89d5
IE - HKCU\..\SearchScopes\{160C2CF3-06A5-4099-8E6A-46EBCA05D43C}: "URL" = http://search.yahoo....e...&fr=hp-psdt
IE - HKCU\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwo...ferrer:source?}
IE - HKCU\..\SearchScopes\{90B09F36-716F-4911-A326-0A5394B0AD1D}: "URL" = http://fruttisearch....q={SearchTerms}
IE - HKCU\..\SearchScopes\{DCF3AC98-A906-487C-B473-9062A3EA757C}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\Yahoo!: "URL" = http://us.search.yah...;fr=iobit-trans
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/05/21 15:48:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/14 01:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 03:21:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/13 23:42:34 | 000,000,000 | ---D | M]

[2012/02/23 01:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Mozilla\Firefox\extensions
[2012/02/23 01:27:12 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/04/05 01:55:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/22 03:10:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/05 01:55:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/17 03:21:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/05 01:54:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/21 08:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012/02/05 23:55:31 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/03 18:41:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/03 18:41:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Skype Click to Call = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: ICE Quick Stream = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\5.3_0\
CHR - Extension: Awesome New Tab Page = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2012.105.106.100_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Astrid Shortcut Tile [aNTP] = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oppdagkdcbnafcckhoaailekoiaalajf\1.0.6_0\
CHR - Extension: Gmail = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Astrid Tasks = C:\Users\Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmjlnfgnkpknjgkpohcgoeiakkbofpjo\1.1.5_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Salmosa] C:\Program Files\Razer\Salmosa\razerhid.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Harris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Harris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A55840BE-89AE-4D7A-9A39-89F6EFCDF9EF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Harris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Harris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/27 16:30:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{370a05e1-9a42-11de-9ee7-0023542d89d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe index1.html
O33 - MountPoints2\{78779c80-e30c-11e0-8913-0023542d89d5}\Shell - "" = AutoRun
O33 - MountPoints2\{78779c80-e30c-11e0-8913-0023542d89d5}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{e8f70822-c9ac-11e0-b924-0023542d89d5}\Shell - "" = AutoRun
O33 - MountPoints2\{e8f70822-c9ac-11e0-b924-0023542d89d5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE /adminfile IU.MSP
O33 - MountPoints2\G\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\G\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 04:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/19 04:01:24 | 000,000,000 | ---D | C] -- C:\Users\Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/19 03:54:05 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Harris\Desktop\OTL.exe
[2012/06/19 03:53:49 | 000,449,024 | ---- | C] (OldTimer Tools) -- C:\Users\Harris\Desktop\TFC.exe
[2012/06/18 12:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012/06/18 12:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/06/18 12:06:29 | 003,594,744 | ---- | C] (Piriform Ltd) -- C:\Users\Harris\Desktop\dfsetup210.exe
[2012/06/18 03:19:52 | 000,000,000 | ---D | C] -- C:\Users\Harris\Desktop\H
[2012/06/14 04:06:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2012/06/13 01:20:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/13 01:20:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/13 01:20:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/13 01:20:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 01:20:19 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/13 01:20:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/13 01:20:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/12 20:56:34 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/10 02:06:52 | 000,000,000 | ---D | C] -- C:\Users\Harris\Desktop\Econ Paper Prep Material
[2012/06/04 13:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/03 14:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/05/21 15:48:32 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/19 18:50:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/19 18:41:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/19 18:41:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 18:41:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 18:41:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/19 18:41:02 | 3085,340,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/19 14:43:13 | 000,002,361 | ---- | M] () -- C:\Users\Harris\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/06/19 13:29:50 | 000,124,416 | ---- | M] () -- C:\Users\Harris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/19 04:01:24 | 000,001,950 | ---- | M] () -- C:\Users\Harris\Desktop\HiJackThis.lnk
[2012/06/19 03:57:00 | 001,402,880 | ---- | M] () -- C:\Users\Harris\Desktop\HijackThis.msi
[2012/06/19 03:54:16 | 000,881,475 | ---- | M] () -- C:\Users\Harris\Desktop\SecurityCheck.exe
[2012/06/19 03:54:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Harris\Desktop\OTL.exe
[2012/06/19 03:53:55 | 000,449,024 | ---- | M] (OldTimer Tools) -- C:\Users\Harris\Desktop\TFC.exe
[2012/06/18 12:07:49 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/06/18 12:06:44 | 003,594,744 | ---- | M] (Piriform Ltd) -- C:\Users\Harris\Desktop\dfsetup210.exe
[2012/06/18 11:49:05 | 000,001,356 | ---- | M] () -- C:\Users\Harris\AppData\Local\d3d9caps.dat
[2012/06/18 11:38:05 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/15 03:02:23 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/15 03:02:23 | 000,104,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/14 04:25:22 | 000,001,860 | ---- | M] () -- C:\Users\Harris\Documents\cc_20120614_042520.reg
[2012/06/14 04:19:08 | 000,001,860 | ---- | M] () -- C:\Users\Harris\Documents\cc_20120614_041906.reg
[2012/06/14 04:03:22 | 000,002,428 | ---- | M] () -- C:\Users\Harris\Documents\cc_20120614_040320.reg
[2012/06/14 04:02:29 | 000,032,532 | ---- | M] () -- C:\Users\Harris\Documents\cc_20120614_040219.reg
[2012/06/14 03:56:19 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/13 22:49:05 | 000,473,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/12 01:37:20 | 1223,854,878 | ---- | M] () -- C:\Users\Harris\Desktop\ProTeXt-3.0-070811.exe
[2012/06/11 23:54:59 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/10 02:58:12 | 006,138,997 | ---- | M] () -- C:\Users\Harris\Desktop\Instrumental_-_Eminem_-_Till_I_Collapse.mp3
[2012/06/10 02:01:54 | 000,166,664 | ---- | M] () -- C:\Users\Harris\Desktop\UndergradGuide_12.pdf
[2012/06/10 01:38:33 | 000,429,741 | ---- | M] () -- C:\Users\Harris\Desktop\applications.pdf
[2012/06/10 00:56:54 | 000,304,291 | ---- | M] () -- C:\Users\Harris\Desktop\schedules.pdf
[2012/06/03 14:08:58 | 000,000,958 | ---- | M] () -- C:\Users\Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 14:04:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/06/03 00:50:53 | 000,021,568 | ---- | M] () -- C:\Users\Harris\Desktop\Outline.pdf
[2012/06/02 23:47:42 | 000,026,932 | ---- | M] () -- C:\Users\Harris\Desktop\2498-5893-1-OUT.pdf
[2012/06/01 23:50:18 | 000,624,792 | ---- | M] () -- C:\Users\Harris\Desktop\2564951.pdf
[2012/06/01 23:39:07 | 000,840,608 | ---- | M] () -- C:\Users\Harris\Desktop\2564950.pdf
[2012/05/29 03:38:50 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012/05/27 01:28:18 | 003,246,718 | ---- | M] () -- C:\Users\Harris\Desktop\30035011.pdf
[2012/05/26 18:56:21 | 000,139,300 | ---- | M] () -- C:\Users\Harris\Desktop\My_Rules_of_Thumb.pdf
[2012/05/26 00:29:30 | 000,243,465 | ---- | M] () -- C:\Users\Harris\Desktop\8869.pdf
[2012/05/24 22:04:37 | 000,213,433 | ---- | M] () -- C:\Users\Harris\Desktop\proc_rat.pdf
[2012/05/24 02:03:11 | 000,028,372 | ---- | M] () -- C:\Users\Harris\Desktop\2505-9282-1-OUT.pdf
[2012/05/23 01:10:28 | 000,061,955 | ---- | M] () -- C:\Users\Harris\Desktop\9783642172281-p1.pdf
[2012/05/22 00:45:57 | 000,084,951 | ---- | M] () -- C:\Users\Harris\Desktop\Cziraki_CV_17Apr2012.pdf
[2012/05/21 16:46:54 | 006,747,769 | ---- | M] () -- C:\Users\Harris\Desktop\Print - The Quiet Coup - Magazine - The Atlantic.pdf
[2012/05/21 01:56:10 | 006,434,795 | ---- | M] () -- C:\Users\Harris\Desktop\92420.pdf
[2012/05/21 01:56:07 | 003,338,538 | ---- | M] () -- C:\Users\Harris\Desktop\90425r.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/19 04:01:24 | 000,001,950 | ---- | C] () -- C:\Users\Harris\Desktop\HiJackThis.lnk
[2012/06/19 03:56:59 | 001,402,880 | ---- | C] () -- C:\Users\Harris\Desktop\HijackThis.msi
[2012/06/19 03:54:14 | 000,881,475 | ---- | C] () -- C:\Users\Harris\Desktop\SecurityCheck.exe
[2012/06/18 12:07:49 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/06/18 11:55:43 | 3085,340,672 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/18 11:38:05 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 04:25:21 | 000,001,860 | ---- | C] () -- C:\Users\Harris\Documents\cc_20120614_042520.reg
[2012/06/14 04:19:07 | 000,001,860 | ---- | C] () -- C:\Users\Harris\Documents\cc_20120614_041906.reg
[2012/06/14 04:03:21 | 000,002,428 | ---- | C] () -- C:\Users\Harris\Documents\cc_20120614_040320.reg
[2012/06/14 04:02:26 | 000,032,532 | ---- | C] () -- C:\Users\Harris\Documents\cc_20120614_040219.reg
[2012/06/12 01:20:19 | 1223,854,878 | ---- | C] () -- C:\Users\Harris\Desktop\ProTeXt-3.0-070811.exe
[2012/06/10 02:58:04 | 006,138,997 | ---- | C] () -- C:\Users\Harris\Desktop\Instrumental_-_Eminem_-_Till_I_Collapse.mp3
[2012/06/10 02:01:56 | 000,166,664 | ---- | C] () -- C:\Users\Harris\Desktop\UndergradGuide_12.pdf
[2012/06/10 01:38:35 | 000,429,741 | ---- | C] () -- C:\Users\Harris\Desktop\applications.pdf
[2012/06/10 00:56:56 | 000,304,291 | ---- | C] () -- C:\Users\Harris\Desktop\schedules.pdf
[2012/06/03 00:50:55 | 000,021,568 | ---- | C] () -- C:\Users\Harris\Desktop\Outline.pdf
[2012/06/02 23:47:42 | 000,026,932 | ---- | C] () -- C:\Users\Harris\Desktop\2498-5893-1-OUT.pdf
[2012/06/01 23:50:20 | 000,624,792 | ---- | C] () -- C:\Users\Harris\Desktop\2564951.pdf
[2012/06/01 23:39:10 | 000,840,608 | ---- | C] () -- C:\Users\Harris\Desktop\2564950.pdf
[2012/05/27 01:28:23 | 003,246,718 | ---- | C] () -- C:\Users\Harris\Desktop\30035011.pdf
[2012/05/26 18:56:23 | 000,139,300 | ---- | C] () -- C:\Users\Harris\Desktop\My_Rules_of_Thumb.pdf
[2012/05/26 00:29:30 | 000,243,465 | ---- | C] () -- C:\Users\Harris\Desktop\8869.pdf
[2012/05/24 22:04:39 | 000,213,433 | ---- | C] () -- C:\Users\Harris\Desktop\proc_rat.pdf
[2012/05/24 02:03:13 | 000,028,372 | ---- | C] () -- C:\Users\Harris\Desktop\2505-9282-1-OUT.pdf
[2012/05/23 01:10:26 | 000,061,955 | ---- | C] () -- C:\Users\Harris\Desktop\9783642172281-p1.pdf
[2012/05/22 00:45:57 | 000,084,951 | ---- | C] () -- C:\Users\Harris\Desktop\Cziraki_CV_17Apr2012.pdf
[2012/05/21 16:46:54 | 006,747,769 | ---- | C] () -- C:\Users\Harris\Desktop\Print - The Quiet Coup - Magazine - The Atlantic.pdf
[2012/05/21 01:56:11 | 006,434,795 | ---- | C] () -- C:\Users\Harris\Desktop\92420.pdf
[2012/05/21 01:56:08 | 003,338,538 | ---- | C] () -- C:\Users\Harris\Desktop\90425r.pdf
[2012/01/07 03:45:21 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/01/06 19:25:40 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/11/28 21:02:35 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe

========== LOP Check ==========

[2012/06/19 04:03:58 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD36345D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >

Extras

OTL Extras logfile created on: 6/19/2012 6:50:55 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Harris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 58.49% Memory free
5.98 Gb Paging File | 4.82 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.94 Gb Total Space | 58.27 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 1.53 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Computer Name: HARRIS-PC | User Name: Harris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00810957-9D90-448B-8B62-60028AEDFC2C}" = rport=137 | protocol=17 | dir=out | app=system |
"{0535EE6C-C2FC-45BC-9986-E38F4343A4AA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1A02BA6A-A2F7-4429-90D7-959C0EFDDB6E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B185BD7-8D79-4D8A-AFE8-7971B1C07306}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{396D7CC6-71A9-4C49-9059-B0AFDA96A54E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{42FB777E-C37F-40D6-8EA3-BFD635D4EC93}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{487264E7-D263-4592-AACD-C4E3F36D62FE}" = lport=137 | protocol=17 | dir=in | app=system |
"{4B53A523-1471-4387-A64B-648D7ADF8312}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{55031380-376B-4224-BB9F-AA7FFBC94A23}" = lport=2869 | protocol=6 | dir=in | app=system |
"{58DDF401-5255-49D5-969A-AE632495B2B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7153657B-BED6-4C7E-8D17-99085343CC55}" = lport=138 | protocol=17 | dir=in | app=system |
"{84A79CFA-3E4A-4B7C-B54F-708EDC7C1114}" = rport=139 | protocol=6 | dir=out | app=system |
"{85087BD3-D781-49AD-9969-42D11947EEB0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{90843F09-5E19-4D5F-9A41-FDCF1BDAC155}" = lport=139 | protocol=6 | dir=in | app=system |
"{94CF3A2A-FF27-4D5E-95E8-A755CA5C6B29}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96F4232E-6380-4354-BCD6-F6B3FD42A376}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97D8D35A-2DAC-4B30-A3EC-1AAA34E76CA9}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{97F39AC9-D3B3-4A29-851F-4D33380EC8AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A386F155-1FA1-4261-B259-CCC0AD0C3A89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B69A88B3-D37C-4E74-876F-2EFF2DAF69CC}" = lport=445 | protocol=6 | dir=in | app=system |
"{C63DBD55-C871-4449-9E94-6A32AB5C11BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D18D8F79-B212-4FBF-86E9-B1000CAC8907}" = rport=445 | protocol=6 | dir=out | app=system |
"{D7E504F3-4F1B-48D9-AE3F-17EF17A87297}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DD4F16FE-F68A-4FA3-9932-2A5C63118376}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E23C555E-D595-40D3-9740-2D0C9E528923}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E40EED3A-E896-4E38-91E9-0ACF1D038356}" = rport=138 | protocol=17 | dir=out | app=system |
"{F63398FC-C338-459D-9A65-04005DA6E6EA}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{FF7D7AF4-639E-4D54-95DC-250B6DCE21A5}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05648259-975B-4CFE-AE39-CF2052BA3750}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{063B889A-7720-4B73-A8DA-0944E31DA0F7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0A58DAA8-E9F7-4DB3-9E05-F3E02ABD4A54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B7A2BBC-3FF1-484C-B02E-97B4FC8A883D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16996641-8C1D-4FDA-B956-0E5ED1654C75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{185B8D3D-1807-4B87-AB74-E31D88492BE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1A926126-FEB3-4860-B32D-5C68E29261BE}" = protocol=17 | dir=in | app=c:\windows\system32\lmabcoms.exe |
"{1B7768E4-2525-4843-AB2A-ABD74B87DC41}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1BEDE1F9-0803-4ECA-B56C-CCF220D7FDA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C3B0B44-582A-4A7D-B6FD-C5E7743D42A9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2F0548B0-B1F8-4BAC-B8FC-BE319BC2764B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F6DA855-C59E-4DB7-9CC0-4446638182F4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{38F1B408-D197-44EF-AFFC-7E7EFBC7A7B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B7FB218-07F6-45FF-9633-679E8CB7AC30}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{41313C56-9B3E-4ADB-87C6-E54372E6F90B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4999D031-C895-4250-8261-BBF4BD0BC291}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{4A7E67B2-AACF-4FF5-A9BD-4AAA654FC952}" = protocol=6 | dir=in | app=c:\windows\system32\lmabcoms.exe |
"{4D2AA6FA-B000-407C-9A6E-66AE86D3A68D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5329EA69-DFC1-43BF-8B4A-46B36EBCF7D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57474A79-851F-402A-B4D1-40A1D26E6E42}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{64DF7C36-9141-4341-96A9-75267B89F87E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78567B6C-481F-4395-9E5E-0F5989760AE4}" = protocol=17 | dir=in | app=c:\windows\system32\lmabcoms.exe |
"{7D0A1E72-A021-4D5C-BD5B-0AE292A5B093}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{815EC59C-9BE3-4712-AA55-61C5A4810BD6}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{844C1A4B-1C2F-4C85-8B62-640CD9758EFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87CB203A-19F6-4E3E-A05F-C63641EAB023}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8F0443D0-5D4C-4028-B87E-BD51DA67DF4E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A0A63577-8BCD-4FAC-AB93-DE7CA5F3F3F2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A9CF5722-37C3-4D53-9E36-0E70A6A634E0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BC86F724-ACD8-432F-9238-5AB05B1EA80E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC9E2D71-123C-4E58-8B64-64F558419369}" = protocol=6 | dir=in | app=c:\users\harris\appdata\roaming\dropbox\bin\dropbox.exe |
"{BFEF9BFA-DB51-4B4D-B901-CEDB1AF7927D}" = protocol=6 | dir=out | app=system |
"{CA76F625-8687-4504-A6D6-D3152F34CABA}" = protocol=6 | dir=in | app=c:\program files\lexmark\errorapp\lmab1err.exe |
"{CEC59DF2-9BDB-43A5-BACF-C3BB436A4F5D}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{D6C9B909-60F0-4FCE-A50B-6A3FF8A5779D}" = protocol=17 | dir=in | app=c:\users\harris\appdata\roaming\dropbox\bin\dropbox.exe |
"{D6ECD915-77F5-4CAE-B59F-EAFE7873D6C6}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{DFB278CF-2AF2-4FC1-BE1F-7604DCE1CA3B}" = protocol=6 | dir=in | app=c:\windows\system32\lmabcoms.exe |
"{E451B35A-55AF-4EDE-8022-E1E4C4A255FF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E5A3C6C5-F0D1-43A2-BECC-57008281267E}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E65915AA-921F-481D-9DBE-94367E95F35B}" = protocol=17 | dir=in | app=c:\program files\lexmark\errorapp\lmab1err.exe |
"{E6CD58E6-7DF6-46AA-866F-1A06767389CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC69D9CB-134F-4EFE-A646-ABA3819EA3A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F4C5237C-6E40-4645-A0A6-62FC4941F345}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F820973D-A7BB-4D1C-A204-873AC1204CA2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F91CDF92-A2AB-49F9-ACAF-0FE8678B2ACF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F930B26E-4C8A-40E2-B794-A6CFC5C2ED9F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FFF69B09-50B9-4E45-BF11-B0110C5948E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0ADFD007-422F-475A-B6C9-D722EFE44BC8}C:\program files\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"TCP Query User{12489486-0566-4DDB-9CCB-A12BE773F4AC}C:\users\harris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\harris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{3C44BC87-3A41-4E8A-8A1B-4AC3E091EAA7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4F780DFE-2659-4A67-B8E2-1D69F2303FEB}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{6C4F7AC3-B787-48C6-A3E2-B63A6C9093E4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{7B6B55B9-7202-4A78-A914-34C1E28EE6C4}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{C7973FE7-0942-4A24-A460-81501AA777DE}C:\users\harris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\harris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E9BD7434-8A4F-4635-B43B-C2A60D0FC94B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1CEB1AB8-0F03-4405-8A59-5082D677EF36}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{4F13DAB1-C1EE-4CF0-90A7-ED504D5B8B7A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{646F7FD3-2D8D-4C46-9E1E-D7C5E688287F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{855ECA52-F39B-4E58-98E6-D3C0A7AA86C5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{86A4D1BE-6410-43EF-A2CA-CA13E54A62B0}C:\users\harris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\harris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B47FFD97-E68B-4142-B821-32D41055B6FF}C:\users\harris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\harris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BDEA15DB-664B-4AD8-8C03-9ECE7D11AB0D}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{E861DC5B-D4F9-44C0-8756-39ABA80C7891}C:\program files\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1968465A-D76E-4B88-8401-DAF9E5C82A87}" = Document Express DjVu Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4229F016-3A60-439E-B626-DE4BD457469F}" = BlackBerry Device Manager 7.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.66
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Fran?ais, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Fran?ais, Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}" = Razer Salmosa
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype? 5.8
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"BlackBerry_HandheldManager" = BlackBerry Device Manager 7.0
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Defraggler" = Defraggler
"DivX Setup" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HPOCR" = HP OCR Software 9.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PFPortChecker" = PFPortChecker 1.0.32
"RealAlt_is1" = Real Alternative 1.8.0
"Speed Dial Utility" = Canon Speed Dial Utility
"uTorrent" = ?Torrent
"VLC media player" = VLC media player 2.0.1
"Warcraft III" = Warcraft III
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/20/2009 3:18:44 AM | Computer Name = Harris-PC | Source = avast! | ID = 33554522
Description =

Error - 4/20/2009 12:05:44 AM | Computer Name = Harris-PC | Source = avast! | ID = 33554522
Description =

Error - 5/12/2009 10:50:58 PM | Computer Name = Harris-PC | Source = avast! | ID = 33554522
Description =

Error - 5/30/2009 1:57:05 PM | Computer Name = Harris-PC | Source = avast! | ID = 33554522
Description =

Error - 8/2/2009 3:13:17 AM | Computer Name = Harris-PC | Source = avast! | ID = 33554522
Description =

Error - 8/25/2009 3:20:26 AM | Computer Name = Harris-PC | Source = avast! | ID = 33554522
Description =

Error - 10/1/2009 11:29:21 PM | Computer Name = Harris-PC | Source = avast! | ID = 33554522
Description =

Error - 5/20/2010 11:47:08 AM | Computer Name = Harris-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 6/18/2012 11:48:05 AM | Computer Name = Harris-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/18/2012 11:49:08 AM | Computer Name = Harris-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2012 11:57:31 AM | Computer Name = Harris-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2012 2:55:06 AM | Computer Name = Harris-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2012 3:52:01 AM | Computer Name = Harris-PC | Source = Application Error | ID = 1000
Description = Faulting application Setup.exe_Microsoft Setup Bootstrapper, version
14.0.6010.1000, time stamp 0x4cc9a3bd, faulting module ole32.dll, version 6.0.6002.18277,
time stamp 0x4c28d53e, exception code 0xc0000005, fault offset 0x00047333, process
id 0x488, application start time 0x01cd4df067d4db5d.

Error - 6/19/2012 1:09:26 PM | Computer Name = Harris-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2012 1:32:12 PM | Computer Name = Harris-PC | Source = Application Error | ID = 1000
Description = Faulting application GOM.EXE, version 2.1.37.5085, time stamp 0x4eeff519,
faulting module GOM.EXE, version 2.1.37.5085, time stamp 0x4eeff519, exception
code 0xc0000005, fault offset 0x00010bd6, process id 0x151c, application start time
0x01cd4e414ee80f4c.

Error - 6/19/2012 1:33:06 PM | Computer Name = Harris-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/19/2012 1:34:01 PM | Computer Name = Harris-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/19/2012 6:42:45 PM | Computer Name = Harris-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/19/2012 1:09:26 PM | Computer Name = Harris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/19/2012 1:09:26 PM | Computer Name = Harris-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/19/2012 6:37:54 PM | Computer Name = Harris-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/19/2012 6:38:01 PM | Computer Name = Harris-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/19/2012 6:38:08 PM | Computer Name = Harris-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:37:02 PM on 6/19/2012 was unexpected.

Error - 6/19/2012 6:40:54 PM | Computer Name = Harris-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/19/2012 6:41:00 PM | Computer Name = Harris-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/19/2012 6:41:07 PM | Computer Name = Harris-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:39:08 PM on 6/19/2012 was unexpected.

Error - 6/19/2012 6:42:46 PM | Computer Name = Harris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/19/2012 6:42:46 PM | Computer Name = Harris-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Checkup

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.62
Mozilla Firefox (9.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

Thanks

#2 LoPhatPhuud

Master of Disaster Recovery

General Admin
15,730 posts

Posted 21 June 2012 - 03:07 PM

The logs are clean.

The unexpected increase in free space may come from System Restore being turned off. Check your settings.

A rootkit check would be in order...

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
http://www.dslreports.com/faq/16564

#3 CdnNoodles

New Member

Member
2 posts

Posted 23 June 2012 - 05:13 PM

Hi,

System Restore doesn't seemed to be turn off.

Also, here is the rootkit log.

Thanks,

Sophos Anti-Rootkit Version 1.5.20 © 2009 Sophos Plc
Started logging on 6/23/2012 at 1:15:38 AM
User "Harris" on computer "HARRIS-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\0x250;cfp=1;rndc=128288285;noperf=1;alias=93233933;kvpg=compaq-desktop[1].aol%2F;kvmn=93233933;target=_blank;aduho=240;grp=882846063;misc=882846063;defaultalias=
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\dByLogoHeader;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=mlb_tm=bos_tm=sea_tm=laa_pl=5099_objid=6821409;sz=150x45,1x1;tile=1;ord=7810754036[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=mlb_tm=bos_tm=sea_tm=laa_pl=5099_objid=6821409;sz=728x90,970x66,924x50,1x1;tile=3;ord=7810754036[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\d=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=mlb_tm=bos_tm=sea_tm=laa_pl=5099_objid=6821409;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=7810754036[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\ox_Marketing;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=mlb_tm=bos_tm=sea_tm=laa_pl=5099_objid=6821409;sz=300x100,1x1;tile=5;ord=7810754036[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\=6820916;pos=SponsoredByLogoHeader;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=golf_pl=462_objid=6820916;sz=150x45,1x1;tile=1;ord=7840680541[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\0916;pos=Background_Skin;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=golf_pl=462_objid=6820916;sz=1280x946,200x800,1x1;tile=2;ord=7840680541[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\=Banner;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=ncb_tm=150_objid=6821223_col=katz_andy;sz=728x90,970x66,924x50,1x1;tile=3;ord=1709131044[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\d=6820916;pos=Banner;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=golf_pl=462_objid=6820916;sz=728x90,970x66,924x50,1x1;tile=3;ord=7840680541[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\SponsoredByLogoHeader;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=ncb_tm=150_objid=6821223_col=katz_andy;sz=150x45,1x1;tile=1;ord=1709131044[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\ground_Skin;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=ncb_tm=150_objid=6821223_col=katz_andy;sz=1280x946,200x800,1x1;tile=2;ord=1709131044[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\nt;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=ncb_tm=150_objid=6821223_col=katz_andy;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=1709131044[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\s=PromoBox_Marketing;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=ncb_tm=150_objid=6821223_col=katz_andy;sz=300x100,1x1;tile=5;ord=1709131044[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\77-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=234x61,1x1;tile=5;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\77-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=150x45,1x1;tile=1;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\x;pgtyp=nflindex;sp=nfl;pos=Background_Skin;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=1280x946,200x800,1x1;tile=2;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\index;pgtyp=nflindex;sp=nfl;pos=SponsoredByLogoHeader;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=150x45,1x1;tile=1;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\lindex;pgtyp=nflindex;sp=nfl;pos=Banner;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=728x90,970x66,924x50,1x1;tile=3;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\gtyp=nflindex;sp=nfl;pos=InContent;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\flindex;pgtyp=nflindex;sp=nfl;pos=PromoBox_Marketing;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=300x100,1x1;tile=6;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\nflindex;pgtyp=nflindex;sp=nfl;pos=TwitterModule_Top;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=234x61,1x1;tile=7;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\lindex;pgtyp=nflindex;sp=nfl;pos=PromoBox_Marketing2;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=300x100,1x1;tile=9;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\index;pgtyp=nflindex;sp=nfl;pos=PromoBox_Integrator;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=300x100,1x1;tile=11;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=1280x946,200x800,1x1;tile=2;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\01E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=728x90,970x66,924x50,1x1;tile=3;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\77-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=234x61,1x1;tile=6;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\7-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=300x100,1x1;tile=7;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\77-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=ne%7Cpl=2330%7Cpl=2584%7Cpl=13230%7Cobjid=6818703%7Ccol=forsberg_chris;sz=150x45,1x1;tile=1;ord=8643849744[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\kin;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=nfl_tm=ne_pl=3543_objid=6820720_col=reiss_mike;sz=1280x946,200x800,1x1;tile=2;ord=6167585094[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\d=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=nfl_tm=ne_pl=3543_objid=6820720_col=reiss_mike;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=6167585094[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=nfl_tm=ne_pl=3543_objid=6820720_col=reiss_mike;sz=728x90,970x66,924x50,1x1;tile=3;ord=6167585094[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\ox_Marketing;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=nfl_tm=ne_pl=3543_objid=6820720_col=reiss_mike;sz=300x100,1x1;tile=5;ord=6167585094[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\spn;pos=SponsoredByLogoHeader;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=150x45,1x1;tile=1;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\pos=Background_Skin;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=1280x946,200x800,1x1;tile=2;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\espn;pos=Banner;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=728x90,970x66,924x50,1x1;tile=3;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\=InContent;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\dex;sp=espn;pos=Pencil_Bottom;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=924x56,1x1;tile=5;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\;sp=espn;pos=SponsoredByLogo2;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=920x23,1x1;tile=6;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\espn;pos=PromoBox_Integrator;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=300x100,1x1;tile=7;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\sp=espn;pos=TwitterModule_Top;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=234x61,1x1;tile=8;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\espn;pos=TwitterModule_Bottom;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=234x61,1x1;tile=9;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\dex;sp=espn;pos=HomePagePoll;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=298x40,1x1;tile=10;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\ndex;sp=espn;pos=Module_Logo;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=298x80,1x1;tile=11;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\espn;pos=PromoBox_Marketing;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=300x100,1x1;tile=12;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=ne%7Cpl=2330%7Cpl=2584%7Cpl=13230%7Cobjid=6818703%7Ccol=forsberg_chris;sz=1280x946,200x800,1x1;tile=2;ord=8643849744[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\01E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=ne%7Cpl=2330%7Cpl=2584%7Cpl=13230%7Cobjid=6818703%7Ccol=forsberg_chris;sz=728x90,970x66,924x50,1x1;tile=3;ord=8643849744[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\B%7Cpgtyp=story%7Csp=nfl%7Ctm=ne%7Cpl=2330%7Cpl=2584%7Cpl=13230%7Cobjid=6818703%7Ccol=forsberg_chris;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=8643849744[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\7-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=ne%7Cpl=2330%7Cpl=2584%7Cpl=13230%7Cobjid=6818703%7Ccol=forsberg_chris;sz=300x100,1x1;tile=5;ord=8643849744[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\=TimothyDeLaGhetto2;kr=F;ko=p;ytps=default;ytvt=c;afct=site_content;kt=K;u=eL4ZkKk41U4%7C12045;afv=1;ytc=TimothyDeLaGhetto2;dc_dedup=1;ord=4436617191842599[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\nimation_animemanga;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=R;kw=how+high+part+1;kgg=-1;kcr=ca;dc_dedup=1;kmyd=ad_creative_1;ord=9567515994646150[1].js
Info: Starting disk scan of D: (NTFS).
Stopped logging on 6/23/2012 at 2:51:15 AM

Sophos Anti-Rootkit Version 1.5.20 © 2009 Sophos Plc
Started logging on 6/23/2012 at 2:55:41 AM
User "Harris" on computer "HARRIS-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Stopped logging on 6/23/2012 at 3:23:38 AM

Sophos Anti-Rootkit Version 1.5.20 © 2009 Sophos Plc
Started logging on 6/23/2012 at 3:33:14 AM
User "Harris" on computer "HARRIS-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Error: Could not start the helper process - unable to complete scan.
Please restart and try again.
Incorrect function.
Info: Starting registry scan.
Error: Could not start the helper process - unable to complete scan.
Please restart and try again.
Incorrect function.
Stopped logging on 6/23/2012 at 3:33:31 AM

Sophos Anti-Rootkit Version 1.5.20 © 2009 Sophos Plc
Started logging on 6/23/2012 at 3:33:37 AM
User "Harris" on computer "HARRIS-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Error: Could not start the helper process - unable to complete scan.
Please restart and try again.
Incorrect function.
Info: Starting registry scan.
Error: Could not start the helper process - unable to complete scan.
Please restart and try again.
Incorrect function.
Stopped logging on 6/23/2012 at 3:33:50 AM

Sophos Anti-Rootkit Version 1.5.20 © 2009 Sophos Plc
Started logging on 6/23/2012 at 3:44:43 AM
User "Harris" on computer "HARRIS-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F62EE8D6-4A5A-44F1-B711-3AE17C823633}\offreg.dll
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\0x250;cfp=1;rndc=128288285;noperf=1;alias=93233933;kvpg=compaq-desktop[1].aol%2F;kvmn=93233933;target=_blank;aduho=240;grp=882846063;misc=882846063;defaultalias=
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\dByLogoHeader;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=mlb_tm=bos_tm=sea_tm=laa_pl=5099_objid=6821409;sz=150x45,1x1;tile=1;ord=7810754036[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=mlb_tm=bos_tm=sea_tm=laa_pl=5099_objid=6821409;sz=728x90,970x66,924x50,1x1;tile=3;ord=7810754036[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\d=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=mlb_tm=bos_tm=sea_tm=laa_pl=5099_objid=6821409;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=7810754036[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\ox_Marketing;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=mlb_tm=bos_tm=sea_tm=laa_pl=5099_objid=6821409;sz=300x100,1x1;tile=5;ord=7810754036[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\=6820916;pos=SponsoredByLogoHeader;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=golf_pl=462_objid=6820916;sz=150x45,1x1;tile=1;ord=7840680541[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\0916;pos=Background_Skin;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=golf_pl=462_objid=6820916;sz=1280x946,200x800,1x1;tile=2;ord=7840680541[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\=Banner;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=ncb_tm=150_objid=6821223_col=katz_andy;sz=728x90,970x66,924x50,1x1;tile=3;ord=1709131044[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\d=6820916;pos=Banner;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=golf_pl=462_objid=6820916;sz=728x90,970x66,924x50,1x1;tile=3;ord=7840680541[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\SponsoredByLogoHeader;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=ncb_tm=150_objid=6821223_col=katz_andy;sz=150x45,1x1;tile=1;ord=1709131044[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\ground_Skin;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=ncb_tm=150_objid=6821223_col=katz_andy;sz=1280x946,200x800,1x1;tile=2;ord=1709131044[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\nt;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=ncb_tm=150_objid=6821223_col=katz_andy;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=1709131044[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\s=PromoBox_Marketing;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=ncb_tm=150_objid=6821223_col=katz_andy;sz=300x100,1x1;tile=5;ord=1709131044[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\77-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=234x61,1x1;tile=5;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\77-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=150x45,1x1;tile=1;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\x;pgtyp=nflindex;sp=nfl;pos=Background_Skin;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=1280x946,200x800,1x1;tile=2;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\index;pgtyp=nflindex;sp=nfl;pos=SponsoredByLogoHeader;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=150x45,1x1;tile=1;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\lindex;pgtyp=nflindex;sp=nfl;pos=Banner;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=728x90,970x66,924x50,1x1;tile=3;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\gtyp=nflindex;sp=nfl;pos=InContent;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\flindex;pgtyp=nflindex;sp=nfl;pos=PromoBox_Marketing;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=300x100,1x1;tile=6;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\nflindex;pgtyp=nflindex;sp=nfl;pos=TwitterModule_Top;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=234x61,1x1;tile=7;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\lindex;pgtyp=nflindex;sp=nfl;pos=PromoBox_Marketing2;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=300x100,1x1;tile=9;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\index;pgtyp=nflindex;sp=nfl;pos=PromoBox_Integrator;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=nflindex_sp=nfl;sz=300x100,1x1;tile=11;ord=5407511758[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=1280x946,200x800,1x1;tile=2;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\01E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=728x90,970x66,924x50,1x1;tile=3;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\77-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=234x61,1x1;tile=6;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\7-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=mia%7Ctm=den%7Cpl=9705%7Cpl=11234%7Cpl=8551%7Cpl=13974%7Cobjid=6821345;sz=300x100,1x1;tile=7;ord=9351428537[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\77-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=ne%7Cpl=2330%7Cpl=2584%7Cpl=13230%7Cobjid=6818703%7Ccol=forsberg_chris;sz=150x45,1x1;tile=1;ord=8643849744[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\kin;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=nfl_tm=ne_pl=3543_objid=6820720_col=reiss_mike;sz=1280x946,200x800,1x1;tile=2;ord=6167585094[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\d=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=nfl_tm=ne_pl=3543_objid=6820720_col=reiss_mike;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=6167585094[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=nfl_tm=ne_pl=3543_objid=6820720_col=reiss_mike;sz=728x90,970x66,924x50,1x1;tile=3;ord=6167585094[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\ox_Marketing;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgtyp=story_sp=nfl_tm=ne_pl=3543_objid=6820720_col=reiss_mike;sz=300x100,1x1;tile=5;ord=6167585094[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\spn;pos=SponsoredByLogoHeader;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=150x45,1x1;tile=1;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\pos=Background_Skin;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=1280x946,200x800,1x1;tile=2;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\espn;pos=Banner;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=728x90,970x66,924x50,1x1;tile=3;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\=InContent;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\dex;sp=espn;pos=Pencil_Bottom;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=924x56,1x1;tile=5;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\;sp=espn;pos=SponsoredByLogo2;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=920x23,1x1;tile=6;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\espn;pos=PromoBox_Integrator;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=300x100,1x1;tile=7;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\sp=espn;pos=TwitterModule_Top;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=234x61,1x1;tile=8;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\espn;pos=TwitterModule_Bottom;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=234x61,1x1;tile=9;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\dex;sp=espn;pos=HomePagePoll;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=298x40,1x1;tile=10;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1018OT1Q\ndex;sp=espn;pos=Module_Logo;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=298x80,1x1;tile=11;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\espn;pos=PromoBox_Marketing;u=swid=C6ABBCB1-F206-4777-B4A6-3D4BE201E54B_pgn=bostonindex_pgtyp=espnbostonindex_sp=espn;sz=300x100,1x1;tile=12;ord=4768833929[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=ne%7Cpl=2330%7Cpl=2584%7Cpl=13230%7Cobjid=6818703%7Ccol=forsberg_chris;sz=1280x946,200x800,1x1;tile=2;ord=8643849744[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\01E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=ne%7Cpl=2330%7Cpl=2584%7Cpl=13230%7Cobjid=6818703%7Ccol=forsberg_chris;sz=728x90,970x66,924x50,1x1;tile=3;ord=8643849744[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\B%7Cpgtyp=story%7Csp=nfl%7Ctm=ne%7Cpl=2330%7Cpl=2584%7Cpl=13230%7Cobjid=6818703%7Ccol=forsberg_chris;dcopt=ist;sz=300x600,300x250,1x1;tile=4;ord=8643849744[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q89100Z3\7-B4A6-3D4BE201E54B%7Cpgtyp=story%7Csp=nfl%7Ctm=ne%7Cpl=2330%7Cpl=2584%7Cpl=13230%7Cobjid=6818703%7Ccol=forsberg_chris;sz=300x100,1x1;tile=5;ord=8643849744[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RV8CVOO\=TimothyDeLaGhetto2;kr=F;ko=p;ytps=default;ytvt=c;afct=site_content;kt=K;u=eL4ZkKk41U4%7C12045;afv=1;ytc=TimothyDeLaGhetto2;dc_dedup=1;ord=4436617191842599[1].js
Hidden: file C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUR1UM4Y\nimation_animemanga;sz=300x250;tile=1;dcopt=ist;klg=en;kt=K;kga=-1;kr=R;kw=how+high+part+1;kgg=-1;kcr=ca;dc_dedup=1;kmyd=ad_creative_1;ord=9567515994646150[1].js
Info: Starting disk scan of D: (NTFS).
Stopped logging on 6/23/2012 at 5:02:17 AM

#4 LoPhatPhuud

Master of Disaster Recovery

General Admin
15,730 posts

Posted 23 June 2012 - 08:34 PM

The Sophos log is ok too.

I don't know what caused the issue you have, but if it was malware, it's not there now.

I would suggest posting in the Microsoft Answers forums. Post the link to this thread so they can use the information here.

Cleanup instructions are in my next post.

#5 LoPhatPhuud

Master of Disaster Recovery

General Admin
15,730 posts

Posted 23 June 2012 - 08:34 PM

Cleaning Up:

To Delete TFC:

* Delete the TFC icon on your Desktop
Delete OTL:

Delete Security Check:

* Delete the SecurityCheck icon on your Desktop
Delete Malware Bytes:

* We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.
Delete Sophos AntiRootkit

* If we asked you to install and run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.
Other Programs:

* If we asked you to install any other programs that are not removed by the OTL cleanup procesure, we will provide separate removal instructions.

Back to HELP! Think you are Infected?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Suspicious Event

#1 CdnNoodles

#2 LoPhatPhuud

#3 CdnNoodles

#4 LoPhatPhuud

#5 LoPhatPhuud

0 user(s) are reading this topic

Sign In