Jump to content

calcu007

Members
  • Content Count

    40
  • Joined

  • Last visited

Everything posted by calcu007

  1. You need to disable the system restore of windows before you scan the computer. After you scan and you are clean, enable it again.
  2. I dont know where did you read that the real-time protection blocks tracking cookies.They are not dangerous or malware neither,only text files. IF you are using firefox, there are extensions and options that help to block tracking cookies.
  3. You need a internet connection to update SAS
  4. You didn't understand you need to pay 19.95 for another lifetime license
  5. I think that you will have 1-year license. If "lifetime license" dont appears besides the product description, then you will receive a year.
  6. What alternative works if a infection damage or removed the EXE extension?
  7. They have diferent database number because you need to download the portable version each time there is a new update. The portable version dont downlaod database updates. You can disable the real time protection and use the PRO version as a scanner only. The real time protection of PRO version dont use much memory, also it can avoid you get infected again
  8. You can download V5 beta, for test here https://www.superantispyware.com/superantispyware5.html
  9. Use this tool https://forums.superantispyware.com/index.php?/topic/4790-superantispyware-threat-check/
  10. The next time you can use SUPERAntiSpyware Threat Check tool
  11. The TDSKIller showed "no threats"" found. As I said before I removed the threats with SAS, the only problem is the windows update that dont work
  12. here we go again here is the log All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. File move failed. C:\Users\Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk scheduled to be moved on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! Starting removal of ActiveX control {02BCC737-B171-4746-94C9-0D8A0B2C0089} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found. Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C580BBF700} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17492023-C23A-453E-A040-C7C580BBF700}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found. Starting removal of ActiveX control {3860DD98-0549-4D50-AA72-5D17D200EE10} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3860DD98-0549-4D50-AA72-5D17D200EE10}\ not found. Starting removal of ActiveX control {588031A3-94BF-4CDD-86D0-939F6F93910F} C:\Windows\Downloaded Program Files\FixIt.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{588031A3-94BF-4CDD-86D0-939F6F93910F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588031A3-94BF-4CDD-86D0-939F6F93910F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{588031A3-94BF-4CDD-86D0-939F6F93910F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588031A3-94BF-4CDD-86D0-939F6F93910F}\ not found. Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} C:\Windows\Downloaded Program Files\setup.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found. File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found. File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found. File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found. File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ deleted successfully. File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found. File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33a71268-dff8-11de-b9fa-00235a2fdb97}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33a71268-dff8-11de-b9fa-00235a2fdb97}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\goMEn.eXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520ecce4-d532-11de-a1df-00235a2fdb97}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{520ecce4-d532-11de-a1df-00235a2fdb97}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GOMeN.eXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68e23d52-6ada-11df-8dda-00235a2fdb97}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68e23d52-6ada-11df-8dda-00235a2fdb97}\ not found. File F:\MULTIM~1.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68e23d52-6ada-11df-8dda-00235a2fdb97}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68e23d52-6ada-11df-8dda-00235a2fdb97}\ not found. File F:\MULTIM~1.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79488463-c172-11df-ac4d-00235a2fdb97}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79488463-c172-11df-ac4d-00235a2fdb97}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79488463-c172-11df-ac4d-00235a2fdb97}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79488463-c172-11df-ac4d-00235a2fdb97}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c73115c-29fa-11de-ba96-00235a2fdb97}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c73115c-29fa-11de-ba96-00235a2fdb97}\ not found. File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c73115c-29fa-11de-ba96-00235a2fdb97}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c73115c-29fa-11de-ba96-00235a2fdb97}\ not found. File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\ not found. File F:\rcaDVM_setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\ not found. File F:\rcaDVM_setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a79990cc-dec5-11de-9280-00235a2fdb97}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a79990cc-dec5-11de-9280-00235a2fdb97}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a79990cc-dec5-11de-9280-00235a2fdb97}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a79990cc-dec5-11de-9280-00235a2fdb97}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\ not found. File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\ not found. File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe not found. C:\Users\Agnes\Desktop\~WRL0001.tmp deleted successfully. C:\Users\Agnes\Desktop\~WRL3983.tmp deleted successfully. C:\Windows\msdownld.tmp folder deleted successfully. C:\Users\Agnes\AppData\Local\d43ty083vt8n0eg1yin153biwk27 moved successfully. C:\ProgramData\d43ty083vt8n0eg1yin153biwk27 moved successfully. ========== COMMANDS ========== HOSTS file reset successfully [EMPTYTEMP] User: Agnes ->Temp folder emptied: 12675723 bytes ->Temporary Internet Files folder emptied: 20121600 bytes ->Java cache emptied: 79266370 bytes ->FireFox cache emptied: 43990143 bytes ->Flash cache emptied: 60237 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 898 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 208731264 bytes Total Files Cleaned = 348.00 mb [EMPTYFLASH] User: Agnes ->Flash cache emptied: 0 bytes User: All Users User: Default User: Default User User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.23.0 log created on 06052011_122800 Files\Folders moved on Reboot... File\Folder C:\Users\Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk not found! C:\Users\Agnes\AppData\Local\Temp\ehmsas.txt moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
  13. Retrieve you key here, put the email that you used in the order https://www.superantispyware.com/retrieveregistration.html
  14. You are overcharging your system with resident protections. It can conflict, but try if you want.
  15. I am diferent computer, but yes I did, but the asMBR scanner caused a BSOD in the computer.
  16. OTL Extras logfile created on: 6/5/2011 10:57:25 AM - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Agnes\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.02% Memory free 8.20 Gb Paging File | 6.14 Gb Available in Paging File | 74.88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284.39 Gb Total Space | 20.69 Gb Free Space | 7.27% Space Free | Partition Type: NTFS Drive D: | 13.70 Gb Total Space | 2.06 Gb Free Space | 15.01% Space Free | Partition Type: NTFS Computer Name: AGNES-PC | User Name: Agnes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 21 67 AA EA D8 6A CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01E311DC-08B8-4707-A9DE-31B90FB35B0E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{04EE5A26-F428-40F4-BC9E-11FE28811A08}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{075ACB47-BC7C-4021-BD0B-AB3B4727D35C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{0EB8618C-305E-4F8D-BB99-8A678825A675}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1274467E-4BA8-46FA-BE03-02BCBBFD7C4D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{16E5E3FE-EA31-41A7-A2F7-E76C24425EAE}" = lport=2869 | protocol=6 | dir=in | app=system | "{20829C54-8684-4BD8-9061-8676D8632EBC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{24F79A54-6B4A-47FE-B6B8-6C07726254B3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{25443015-96ED-4AEE-83AC-E03F251A7034}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{26ADDFA1-865D-4A96-8360-D7636FC4E8D8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{26EAA751-090C-484A-B7B2-81BE1CFD5D14}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2CF68474-356E-439B-8F19-473F95058291}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{326C2DDA-C746-41B0-9A43-C558E66347D2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{37B120E0-3B50-4DA4-9D59-D39B174929F2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{45B22D60-65DE-4F60-9A5B-22D8FD335520}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{45D8F279-0A44-4E3A-A11D-ACB3ADB6B411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{49772B93-1E38-4BD9-A146-D8458215BC26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4AC061ED-B467-4B6B-9D83-13E244BD192A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{4F79D016-6648-43BD-8B4E-9DBA75E49EA9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{539E6DB2-4C0D-4A44-920C-AA9754F927FF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5637967A-22C2-4CEE-A580-E5B06BF7F572}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{564983DC-9C2B-4804-BD08-00FF938D4CFA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5E0379E2-79D5-4BAD-AF20-0BE13CB73530}" = lport=2869 | protocol=6 | dir=in | app=system | "{6350E2AF-127D-4E96-9932-6DBDA6140BE9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{65A79AEE-4A64-4139-B9F8-1BA1B8A9BE4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{667DBF2C-B501-47A2-9D27-80EE7EFEC198}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{69A30B6D-CECC-42F4-94D7-C1BB702CFDDD}" = rport=445 | protocol=6 | dir=out | app=system | "{6C081608-9E61-4DF2-A37C-F7925525834A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{6F44142F-59BF-4F7C-BD36-61898180CE51}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7DDCE109-DC71-4BF2-96C0-020CE34CD46A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{7FEB13AE-C843-49EC-8C7E-64F227618D7D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{81242D63-7D7E-4954-B68D-E6124E5F96A1}" = lport=139 | protocol=6 | dir=in | app=system | "{83BE884F-DBC0-48C9-86FE-2C7E2EABCF02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{84B5DDE1-CF87-453A-BE53-94E59EE5A8EC}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{86227CE4-7DAF-47E3-8BA2-AC640CEB994F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{8746A9D6-2B70-4158-A01E-23FE2CCB7AE8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{8ACC2195-9D09-4D88-AC69-CBE00482F8FF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8B9E04E6-1258-43D8-BC15-F0D3B2115D9B}" = rport=137 | protocol=17 | dir=out | app=system | "{8BB07B8B-19B0-44B3-A2CE-6960325A1092}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{99057229-A84A-4788-AA69-E339C9915ABB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{9D5B70DE-8D52-4B9E-88AA-1CE4616A929C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9F2E1053-DB91-4FC2-A272-5B794D128502}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ABD17D4E-EAD1-42CF-822E-9F7ED8DDF04A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AF7081B0-1F11-4AF7-85E3-1ACAB7D1986C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B258741E-0430-42F1-A990-C79503FFA811}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B35854CA-0E9D-48DF-8DD7-A37A81F4A798}" = rport=10243 | protocol=6 | dir=out | app=system | "{B3FC0C49-64AE-4DA6-861B-4F326B4AA508}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{B636832B-BCF6-4EF0-BF04-95009B327B47}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{B7950C17-2DE9-41C0-A745-01A44118E198}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B8625C6A-EF97-41DB-A738-580B329FEF79}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{B937933E-673C-4CCD-A845-846D3295F413}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{BA5DF797-3630-419B-BACB-7D1FDB2088B3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{BC9449F8-B9E9-4BFC-A7C6-93369A74DA21}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C28AAA98-0295-444A-882D-A33B1FD5BA1D}" = rport=138 | protocol=17 | dir=out | app=system | "{C59C5B58-462F-4EDE-BCAB-2AD3AF473660}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{C7BD7F12-6C9F-4A01-A03E-ED1F628A58AB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{C9303595-D5B5-4CFE-96B9-C2E0DB9ABE31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C96FA706-9EB9-4B31-A7C2-E36894E0F44A}" = lport=10243 | protocol=6 | dir=in | app=system | "{C9C532EF-3FC7-4A08-A3AE-185665BFB99C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CAA23537-474D-453A-90B7-7BDB35E51002}" = rport=139 | protocol=6 | dir=out | app=system | "{CB2E2F30-CE84-421A-9E4E-C046B1AA658D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CB9BBF73-2016-4942-886A-5287CFCB536F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{CBBE7732-93A9-403A-83DE-8156294C0D75}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{CCDB6F60-838D-477C-AF1D-0D01A61F0C2F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CF29C40A-A0F2-47D1-8D8A-BAAE542FCD2A}" = lport=137 | protocol=17 | dir=in | app=system | "{D65966E1-C55D-438E-B35A-8EA923A0BCAB}" = lport=138 | protocol=17 | dir=in | app=system | "{DD18CB39-22D4-4F83-9DA9-664DF71DA63F}" = lport=445 | protocol=6 | dir=in | app=system | "{E299CF02-2935-4B1C-8C86-DB6E7A623BE0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E2ED355C-A4BF-4FB4-9EB2-F61F21C69017}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E6712149-BE2D-4813-86AB-0747AD238784}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E7FA5397-8B5A-4189-AEE6-1F6E497E82DD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F128D1EA-AFFF-407F-A064-5CA261CB2DC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F2774F6E-0943-4447-99D1-9B720F1DA8D7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{F29539A7-A3C2-479A-B737-2D81DAA93327}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F32909F2-74E5-4179-895E-E74083261556}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{FC96D5D7-60FB-4E13-B780-89FF936CE01C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009DD9C9-9294-42F3-9F60-8E17718D2830}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{01A262EF-6C82-4150-A456-469C59BC7BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{02784EA4-0C69-4603-8246-23283BD3D255}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{02F2BDBC-4BCC-4FE0-AAC0-D8E02423F39C}" = protocol=17 | dir=in | app=c:\users\agnes\appdata\local\temp\7zs7187.tmp\symnrt.exe | "{035D9583-BEA8-459D-B621-08657DD433CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0BDF1A49-FFE6-4402-9C96-A530A806D4E6}" = protocol=17 | dir=in | app=c:\users\agnes\appdata\roaming\dropbox\bin\dropbox.exe | "{0DE35E95-AAF7-4E09-BD5E-0A5C60F9B277}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{12756D8F-F719-4AC2-A9A0-FE38F1DFBD36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{189FC89A-031B-43ED-ADEF-E98E1FAB3423}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{194E2E04-3D34-4678-A878-BAFDB32EE5E0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1AE54BA8-1B10-4D60-8D8A-BCE0EABFF7BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1C707ECF-D83B-4B09-8858-2ED5DC2B7FE9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2471607B-561F-4160-9487-2FC6E2A88E51}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{250B1210-F8D6-4FD5-8369-B2B4428A1CDA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{308821F1-ABF0-428E-87E7-ABC8EE695A34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{31D46EF4-DC11-425D-81A2-7F881863320B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{3258B23D-9294-47F7-AAD7-5E207F9A1570}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{32970161-E467-40C0-A0BC-22F9C530E58A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{388538C3-C54A-45C9-BD28-5BFC6AEE6CE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{38A377A9-A8A9-44F2-8A96-09CE26429B46}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3D522D1A-E6E6-41A6-8332-918DA45B1502}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3F104726-95A4-467D-9C1E-039AA0762AD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3FE774E2-CE5D-47C4-90A0-273F500F2768}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{40563AC2-CC4E-43E3-AF43-3B2E3B7B7D08}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{42F729C2-BCA5-4182-8DBF-01061D0BEF20}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4499690F-ED8F-4D59-8A16-E63F9EF02D33}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{47599FC9-A31D-4C4E-82D3-F998A4F630FB}" = protocol=6 | dir=in | app=c:\users\agnes\appdata\local\temp\7zs7187.tmp\symnrt.exe | "{4C15FF3F-7B8E-45E9-B5F0-CD701A5FC0A8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | "{4DED727F-8859-40D5-AB4C-A49757EEB5BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{4E5D1037-456B-486F-8153-37F64E4673BD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{525E1CF3-A3B8-4F4F-9FB5-680FF14C4EFB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{572FC6AF-4B18-43E9-AB13-DE772C3DCC82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5A7BCDD4-AB5D-4146-8033-DC52693F7F20}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5A7F76CE-05B0-424F-9C45-67CBCDEE9177}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{5AF6E26B-58B1-4734-9988-F723A1470AEE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5C498EBB-1C0C-40FC-803F-8263DDEFF293}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5CA51FA1-137C-47A2-BAC1-EF108D505AF1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5DF4C428-FF3F-44C6-BF68-3FD7416831CB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{5F6A8D12-5F43-42AC-A98A-A71088875AEF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{62D0C201-92D6-4480-AD89-6A10E615A295}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{639B2F44-45C3-4F33-BCA7-1E8B8A20A7CF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6B92CDC0-FF66-4CD6-9827-2F3787E00F6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6C5C3786-2E93-4E35-8E69-047858C6F722}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{75043F8D-804C-4747-87CA-171D1EE73843}" = protocol=6 | dir=in | app=c:\users\agnes\appdata\roaming\dropbox\bin\dropbox.exe | "{775186B8-1CE5-4A7C-A8FC-80592ED56572}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{783E4DAE-7C6B-4A2D-8110-06C1B52D3F6D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{787E1F21-100A-4EE1-8A27-7EF5FE55F3D2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{78B300D1-6904-4FDB-878A-6AD403811E28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{797FA8A4-A337-4062-A2BF-0BC699B72D5D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{7D4D6353-C6D6-470D-B150-3CA3B60A19E9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{7FAEEE59-F81F-47DB-A490-4A9DE4B5B52F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{7FC999D8-658F-4A06-B24A-C4B74830902D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7FEFA668-9BDF-4B29-8BE8-FA2E8B55E476}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{80A24812-EFA4-4C21-83EB-ACA9570CDECD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{81BD8E90-0F3F-4028-A139-52D889ABDD31}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{857B7EB1-D2C6-45A8-BB39-68D04FFE482D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8A5C0EE1-EF82-4505-970E-63B41C325FB8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8A983E1C-E191-4327-B769-871F89508E0A}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{8C9762B7-AF17-41F5-BC2F-286DD77D775C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8FEF5C38-F666-4B87-93ED-773C59DBB40D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{912931EF-70A9-44FB-B8F4-5D3A9B31FF3B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{92B496C9-7F24-4143-8033-0FD591BDCA96}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{98363477-D281-415F-8EAF-A7FF2700E3E2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9D4E696E-8EDE-4803-9DA5-9D6BCAEF33F0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A183735F-EDE1-4D6C-A317-59EEE9F5F075}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{A616515A-B2DC-4B9C-964E-5709255BAFC4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A8C7F1E9-D230-42C4-B24C-81C4C0D154DC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AA9AA729-F138-4B95-8DC5-5F9C8E75BF53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AD0A7BCE-5297-49CE-B89D-776843C3BF94}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AED34EDF-6405-496F-A815-3BD437F676F1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B288BBD3-811D-4D52-A6DD-EF8313B128D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B5180201-498C-4516-A24B-4AA48FB92F08}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{C31A2CAD-F4DB-416F-97BD-2C2C5FD225A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C3363A04-2069-48C9-96C3-5757A897CBD6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C50FD729-423C-4E8F-8C90-65F2E0AEA538}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C81FCB07-3373-4144-9787-E64B9321D5FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CA6FF709-AF17-49EF-BEC5-01AD19A5F51D}" = protocol=6 | dir=out | app=system | "{CA90C7C5-713D-43B3-AAF1-FA3F274F594A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CAE18190-F862-4486-977B-F2B6D50600B4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CEE1550D-DA73-4FBD-8223-5331F67A83AD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{D0A1F64B-41B8-4C34-8617-44478DDE65AA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D3D13C53-BEFA-4EBB-BCF8-0CB762033083}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{D42F50C5-F16B-4618-8362-42D9C8131CC0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DE33E7E0-1375-445F-BA23-3A2E1479B033}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E0892F01-155F-4747-9430-DFEA3E4F9D1F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E4CEC2C1-E481-44DE-9421-44891C25F32B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | "{E5597595-0FD2-4C3A-AD51-38CDD0CBD727}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E6D40FBB-CBA1-4180-AB31-D1C8F3801EF9}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{E75C13F0-36D2-4395-972A-3B4F3601076B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{E7BCE8A0-2195-4A92-A916-4E65BB5D648B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{F43596E0-E73B-48D5-BF2F-C150175937BC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FE6E7F2D-E618-4B51-BE3E-CB296F1FB675}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{EC8C759D-C31B-4617-B4A6-E37DD68E6675}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{1417C72D-EB68-44D1-8D50-6F7FC47AE27E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst "{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection "{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4575935D-9457-4517-8750-2341F4286F5F}" = iTunes "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0) "CCleaner" = CCleaner "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 23 "{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials "{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader "{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library "{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar "{6DCBB845-0FA4-4723-A40A-1F320C221C30}" = Sprint Mobile Broadband (Sierra) "{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4 "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B830589B-A569-4572-B8C0-6141EA774D96}" = Roxio PhotoSuite Deluxe v9 "{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger "{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C5E6A84F-2064-40D2-85C4-CE97B76ACECE}" = VitalSource Bookshelf "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0 "{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2 "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4 "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast" = avast! Free Antivirus "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "dcmsvc_is1" = dcmsvc 1.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Bluetooth Laser Mobile Mouse" = HP Bluetooth Laser Mobile Mouse 1.00.06 "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US) "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software "PROR" = Microsoft Office Professional 2007 Trial "RCA Detective™_is1" = RCA Detective™ 2.0.0.98 "RCA Digital Voice Manager_is1" = RCA Digital Voice Manager 5.0.3.1 "TTM70" = Talk to Me "VLC media player" = VLC media player 0.9.8a "WildTangent hp Master Uninstall" = HP Games "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Mobile Device Handbook" = Touch by HTC™ User Guide "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 9/14/2010 6:31:58 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 9/14/2010 6:31:58 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 9/14/2010 6:32:00 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 9/14/2010 6:32:00 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 9/14/2010 6:32:03 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 9/14/2010 6:32:03 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 9/14/2010 6:32:05 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 9/14/2010 6:32:05 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 9/14/2010 6:32:08 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 9/14/2010 6:32:08 AM | Computer Name = Agnes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 6/5/2011 10:48:50 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/5/2011 10:49:16 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/5/2011 10:49:46 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/5/2011 10:51:53 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/5/2011 10:52:21 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/5/2011 10:52:21 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/5/2011 10:52:21 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/5/2011 10:52:28 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/5/2011 10:52:28 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/5/2011 10:52:28 AM | Computer Name = Agnes-PC | Source = Service Control Manager | ID = 7000 Description = < End of report >
  17. my log OTL logfile created on: 6/5/2011 10:57:25 AM - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Agnes\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.02% Memory free 8.20 Gb Paging File | 6.14 Gb Available in Paging File | 74.88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284.39 Gb Total Space | 20.69 Gb Free Space | 7.27% Space Free | Partition Type: NTFS Drive D: | 13.70 Gb Total Space | 2.06 Gb Free Space | 15.01% Space Free | Partition Type: NTFS Computer Name: AGNES-PC | User Name: Agnes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/06/05 10:56:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Agnes\Downloads\OTL.exe PRC - [2011/06/05 00:16:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011/05/04 21:35:42 | 000,332,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\CheckSURPackage.EXE PRC - [2011/01/21 08:28:58 | 000,810,456 | ---- | M] (Microsoft Corporation) -- c:\b59b446a76f244f017c188d7af41\checksur.exe PRC - [2011/01/21 08:28:58 | 000,045,112 | ---- | M] () -- c:\b59b446a76f244f017c188d7af41\checksurlauncher.exe PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe PRC - [2009/02/24 17:00:26 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2009/02/09 18:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe PRC - [2008/09/26 06:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008/09/25 22:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008/09/25 22:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008/07/21 11:59:10 | 001,069,056 | ---- | M] (Audiovox Electronics Corp.) -- C:\Users\Agnes\Documents\RCA Detective\RCADetective.exe PRC - [2007/08/29 18:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe ========== Modules (SafeList) ========== MOD - [2011/06/05 10:56:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Agnes\Downloads\OTL.exe MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV) SRV:64bit: - [2008/03/18 20:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv) SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS) SRV - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2007/08/29 18:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService) SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/05/10 07:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/09/02 03:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2009/08/21 20:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/04/11 01:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel® DRV:64bit: - [2008/07/21 06:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR) DRV:64bit: - [2008/04/28 21:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir) DRV:64bit: - [2008/04/17 13:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/03/27 16:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2008/03/27 16:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel® DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2007/08/15 19:28:18 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\n558.sys -- (n558) DRV:64bit: - [2007/06/27 14:47:12 | 000,089,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00) DRV:64bit: - [2007/06/27 14:46:22 | 000,114,688 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2007/05/07 03:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2008/09/26 06:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2007/08/10 15:08:50 | 000,027,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pr&c=91&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pr&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/14 22:09:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/05 00:16:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/05 00:16:45 | 000,000,000 | ---D | M] [2009/08/20 19:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnes\AppData\Roaming\Mozilla\Extensions [2011/05/14 21:48:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\ie4ma4sk.default\extensions [2011/05/14 16:47:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\ie4ma4sk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(222) [2011/05/14 16:47:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\ie4ma4sk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(223) [2011/05/15 10:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/09/24 21:46:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011/01/15 13:27:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/05/14 17:14:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011/05/14 22:09:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2009/07/01 22:01:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/06/05 00:16:41 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2011/06/05 00:16:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml Hosts file not found O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3:64bit: - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\Agnes\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.) O4 - Startup: C:\Users\Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-1642153451-883063535-3536702933-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{33a71268-dff8-11de-b9fa-00235a2fdb97}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\goMEn.eXE O33 - MountPoints2\{520ecce4-d532-11de-a1df-00235a2fdb97}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GOMeN.eXE O33 - MountPoints2\{68e23d52-6ada-11df-8dda-00235a2fdb97}\Shell\AutoRun\command - "" = F:\MULTIM~1.EXE O33 - MountPoints2\{68e23d52-6ada-11df-8dda-00235a2fdb97}\Shell\doubleTwist\command - "" = F:\MULTIM~1.EXE O33 - MountPoints2\{79488463-c172-11df-ac4d-00235a2fdb97}\Shell - "" = AutoRun O33 - MountPoints2\{79488463-c172-11df-ac4d-00235a2fdb97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{7c73115c-29fa-11de-ba96-00235a2fdb97}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{7c73115c-29fa-11de-ba96-00235a2fdb97}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\Shell\AutoRun\command - "" = F:\rcaDVM_setup.exe O33 - MountPoints2\{86daed1d-87a7-11de-8d4b-00235a2fdb97}\Shell\install\command - "" = F:\rcaDVM_setup.exe O33 - MountPoints2\{a79990cc-dec5-11de-9280-00235a2fdb97}\Shell - "" = AutoRun O33 - MountPoints2\{a79990cc-dec5-11de-9280-00235a2fdb97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\Shell - "" = AutoRun O33 - MountPoints2\{e15736ab-cd56-11de-9cfe-00235a2fdb97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O33 - MountPoints2\{e9fa3577-4eb7-11de-9d2c-00235a2fdb97}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/06/05 10:52:53 | 000,000,000 | ---D | C] -- C:\b59b446a76f244f017c188d7af41 [2011/05/19 10:45:21 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\SysWow64\tm20dec.ax [2011/05/19 10:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Talk to Me 7.0 [2011/05/19 10:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auralog [2011/05/15 10:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/05/14 22:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011/05/14 22:10:29 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2011/05/14 22:10:28 | 000,287,576 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011/05/14 22:10:24 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011/05/14 22:10:23 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011/05/14 22:10:22 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2011/05/14 22:10:21 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011/05/14 22:09:31 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011/05/14 22:09:31 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011/05/14 22:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011/05/14 22:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011/05/14 21:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011/05/14 21:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2011/05/14 21:43:10 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/05/14 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/14 21:43:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/05/14 17:57:10 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/05/14 15:58:42 | 000,000,000 | ---D | C] -- C:\Users\Agnes\AppData\Roaming\SUPERAntiSpyware.com [2011/05/14 15:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/05/14 15:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/05/14 15:52:57 | 000,000,000 | ---D | C] -- C:\Users\Agnes\AppData\Roaming\Malwarebytes [2011/05/14 15:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/05/14 15:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2 C:\Users\Agnes\Desktop\*.tmp files -> C:\Users\Agnes\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/06/05 10:48:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1642153451-883063535-3536702933-1000UA.job [2011/06/05 10:11:01 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/05 09:58:08 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C0E8681-07CA-48A8-AF3B-5FB999EC293A}.job [2011/06/05 09:55:11 | 000,076,579 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011/06/05 09:55:08 | 000,076,579 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011/06/05 09:55:06 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/05 09:51:28 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/06/05 09:51:27 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/06/05 09:51:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/06/05 00:42:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011/06/05 00:36:42 | 174,098,821 | ---- | M] () -- C:\Users\Agnes\Desktop\Windows6.0-KB947821-v14-x64.msu [2011/06/05 00:34:50 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/06/04 19:08:53 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini [2011/06/04 18:47:09 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/06/04 18:47:09 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/06/04 18:47:09 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/05/30 23:01:44 | 001,048,016 | ---- | M] () -- C:\Users\Agnes\Desktop\Headgear Appliances - Columbia New_BW.pdf [2011/05/30 11:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1642153451-883063535-3536702933-1000Core.job [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/05/19 10:45:01 | 000,000,011 | ---- | M] () -- C:\trace.ini [2011/05/19 10:45:00 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Talk to Me 7.0.lnk [2011/05/16 14:57:32 | 000,689,664 | ---- | M] () -- C:\Users\Agnes\Desktop\MicrosoftFixit50202.msi [2011/05/16 03:14:34 | 000,648,704 | ---- | M] () -- C:\Users\Agnes\Desktop\MicrosoftFixit50267.msi [2011/05/14 22:10:31 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/05/14 22:10:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011/05/14 22:08:02 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011/05/14 21:54:34 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/05/14 21:43:10 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/14 00:47:03 | 000,010,080 | -HS- | M] () -- C:\Users\Agnes\AppData\Local\d43ty083vt8n0eg1yin153biwk27 [2011/05/14 00:47:03 | 000,010,080 | -HS- | M] () -- C:\ProgramData\d43ty083vt8n0eg1yin153biwk27 [2011/05/10 17:51:02 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAgnes.job [2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011/05/10 08:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011/05/10 08:04:08 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2011/05/10 08:04:07 | 000,287,576 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011/05/10 08:02:41 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011/05/10 07:59:59 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011/05/10 07:59:48 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011/05/10 07:59:37 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2 C:\Users\Agnes\Desktop\*.tmp files -> C:\Users\Agnes\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/06/05 00:20:47 | 174,098,821 | ---- | C] () -- C:\Users\Agnes\Desktop\Windows6.0-KB947821-v14-x64.msu [2011/06/05 00:16:46 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/06/04 19:08:37 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini [2011/06/04 18:48:30 | 000,689,664 | ---- | C] () -- C:\Users\Agnes\Desktop\MicrosoftFixit50202.msi [2011/06/04 18:48:27 | 000,648,704 | ---- | C] () -- C:\Users\Agnes\Desktop\MicrosoftFixit50267.msi [2011/05/30 23:01:43 | 001,048,016 | ---- | C] () -- C:\Users\Agnes\Desktop\Headgear Appliances - Columbia New_BW.pdf [2011/05/19 10:45:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2011/05/19 10:45:13 | 000,005,672 | ---- | C] () -- C:\Windows\SysWow64\quartz.vxd [2011/05/19 10:45:01 | 000,000,011 | ---- | C] () -- C:\trace.ini [2011/05/19 10:45:00 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Talk to Me 7.0.lnk [2011/05/15 10:36:30 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/05/14 22:10:31 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/05/14 22:08:02 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011/05/14 21:54:34 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/05/14 21:43:10 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/13 19:04:03 | 000,010,080 | -HS- | C] () -- C:\Users\Agnes\AppData\Local\d43ty083vt8n0eg1yin153biwk27 [2011/05/13 19:04:03 | 000,010,080 | -HS- | C] () -- C:\ProgramData\d43ty083vt8n0eg1yin153biwk27 [2011/01/10 00:37:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sound Effects [2011/01/10 00:37:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Solid Colors [2011/01/10 00:37:14 | 000,000,268 | RH-- | C] () -- C:\Users\Agnes\AppData\Roaming\Services [2011/01/10 00:37:14 | 000,000,268 | RH-- | C] () -- C:\Users\Agnes\AppData\Roaming\Scripts Menu [2011/01/10 00:37:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011/01/10 00:37:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011/01/10 00:37:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Smooth Strings [2011/01/10 00:37:13 | 000,000,268 | RH-- | C] () -- C:\Users\Agnes\AppData\Roaming\Screen Savers [2011/01/10 00:37:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2010/11/08 02:45:37 | 000,012,485 | ---- | C] () -- C:\Users\Agnes\AppData\Local\tmp73256_449698381754_513721754_5938744_5063783_N_navi.JPG [2010/11/08 02:45:34 | 000,081,061 | ---- | C] () -- C:\Users\Agnes\AppData\Local\tmp73256_449698381754_513721754_5938744_5063783_N.0 [2010/11/08 02:45:34 | 000,059,028 | ---- | C] () -- C:\Users\Agnes\AppData\Local\tmp73256_449698381754_513721754_5938744_5063783_N.JPG [2010/10/15 15:45:44 | 000,000,680 | ---- | C] () -- C:\Users\Agnes\AppData\Local\d3d9caps.dat [2010/09/24 21:48:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/01/15 23:44:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Screen Saver [2010/01/15 23:44:13 | 000,000,268 | RH-- | C] () -- C:\Users\Agnes\AppData\Roaming\Sampler [2010/01/15 23:44:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010/01/15 23:32:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sampler Instruments [2010/01/15 23:32:12 | 000,000,268 | RH-- | C] () -- C:\Users\Agnes\AppData\Roaming\Rule Actions [2010/01/15 23:32:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009/12/20 21:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini [2009/09/14 01:53:38 | 000,038,429 | ---- | C] () -- C:\Users\Agnes\AppData\Roaming\Comma Separated Values (Windows).ADR [2009/08/15 16:56:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/08/15 16:55:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009/08/15 16:54:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/05/05 11:46:28 | 000,000,732 | ---- | C] () -- C:\Users\Agnes\AppData\Local\d3d9caps64.dat [2009/03/09 18:50:18 | 000,026,311 | ---- | C] () -- C:\Users\Agnes\AppData\Roaming\UserTile.png [2009/03/08 19:06:43 | 000,067,584 | ---- | C] () -- C:\Users\Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/08 00:28:26 | 000,076,579 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/03/07 23:24:23 | 000,076,579 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/10/21 12:46:04 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008/10/21 12:22:53 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/08/10 15:08:50 | 000,027,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2009/07/01 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\cerasus.media [2010/06/06 22:34:07 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2011/05/14 21:48:11 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Dropbox [2009/09/14 01:29:24 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\GetRightToGo [2009/09/14 00:50:28 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\ICAClient [2009/06/26 19:49:15 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\iWin [2010/01/16 00:10:17 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Nikon [2009/03/09 18:50:17 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\PeerNetworking [2010/12/26 13:21:09 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\PrimoPDF [2009/09/14 00:49:55 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Runaware [2011/02/13 10:13:48 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\W Photo Studio Viewer [2009/03/06 20:51:03 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\WildTangent [2011/06/05 00:42:34 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/06/05 09:58:08 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4C0E8681-07CA-48A8-AF3B-5FB999EC293A}.job ========== Purity Check ========== < End of report >
  18. That didn't fix my problem with windows update
  19. Why dont use incremental updates? It is faster and better. You are falling behind of competence because of this.
  20. Yes, it is of SAS, I see that message I make a new install of SAS.
  21. SAS is not a anti-virus. But I dont know about its detection of virus in wild. Better obtain a antivirus.
×
×
  • Create New...