Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP! Ultradefragger and trojan.Gen.2 removal [Closed]

Started by rdbadger , May 21 2012 04:00 PM

  • This topic is locked This topic is locked

#16
rdbadger
Posted 27 May 2012 - 01:55 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hi! I think I can boot into normal mode, but could you please first tell me what to do with the roguekiller - I still have it open, as I didn't know if i needed to use any of its "fix" properties or just exit without doing anything?
thanks
  • 0

Advertisements

#17
Render
Posted 27 May 2012 - 02:03 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Close it. Then try to reboot into normal mode if you are now in safe mode. Then follow instructions from previous post.
  • 0

#18
rdbadger
Posted 27 May 2012 - 02:48 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
rebooting now - its odd, but if i go into the run dialogue box it says services.msc is that what keeps launching and using up the memory?
  • 0

#19
rdbadger
Posted 27 May 2012 - 02:50 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
let me know if you want me to run roguekiller again once back in normal mode
ta
  • 0

#20
rdbadger
Posted 27 May 2012 - 03:12 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
...Wow so painfully slow!!
  • 0

#21
Render
Posted 27 May 2012 - 05:27 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please just do the OTL scan and post two produced logs. Without logs I can't tell you what's going on.
  • 0

#22
rdbadger
Posted 27 May 2012 - 05:59 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
OTL REPORT

OTL logfile created on: 28/05/2012 7:57:32 AM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Roanna\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

502.96 Mb Total Physical Memory | 55.85 Mb Available Physical Memory | 11.10% Memory free
1.20 Gb Paging File | 0.41 Gb Available in Paging File | 33.79% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 6.76 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
Drive E: | 7.20 Gb Total Space | 3.91 Gb Free Space | 54.32% Space Free | Partition Type: FAT32

Computer Name: ROANNA-36A94C04 | User Name: Roanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 16:01:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roanna\Desktop\OTL.exe
PRC - [2012/03/24 18:18:52 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/02/22 15:57:02 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/09/14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/07/28 18:58:58 | 000,102,400 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2010/07/28 18:58:04 | 000,065,536 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2009/09/01 12:15:56 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/01 12:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/01 12:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/03 12:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2009/08/03 12:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2009/08/03 12:23:30 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/04/17 13:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 13:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/16 13:43:16 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2007/10/23 14:19:06 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/23 14:18:46 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/03/01 16:01:00 | 000,180,736 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAP.EXE
PRC - [2005/12/14 11:53:26 | 000,057,344 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\ArcSoft\VideoImpression 2\CancelAutoPlay.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/24 18:19:32 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Roanna\Local Settings\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
MOD - [2012/03/24 18:18:52 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/24 18:18:52 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2012/03/24 18:18:52 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2012/03/24 18:18:49 | 000,509,352 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2012/03/24 18:18:48 | 000,639,912 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2012/03/01 15:42:34 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/03/01 14:57:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/03/01 14:57:08 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/03/01 14:51:44 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/03/01 14:47:56 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
MOD - [2012/03/01 14:46:09 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
MOD - [2012/03/01 14:42:13 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
MOD - [2012/03/01 14:36:41 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
MOD - [2012/03/01 14:35:08 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
MOD - [2012/03/01 13:12:57 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/03/01 13:10:19 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/22 21:48:09 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/10/29 19:49:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/23 07:11:23 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2009/09/01 12:15:50 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/01 12:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/01 12:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/03 12:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2009/08/03 12:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2009/03/20 18:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/17 14:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/04/17 13:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/28 06:36:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/02/13 19:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/13 19:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/16 10:48:06 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120510.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/16 10:48:06 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120510.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/27 11:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/10/27 11:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/10/27 11:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/10/27 11:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/10/27 11:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/03/27 10:40:17 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/06/14 09:47:12 | 000,055,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2009/06/14 09:47:10 | 000,339,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/12/17 14:20:40 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/12/17 14:20:34 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/07/26 18:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-682003330-1123561945-2147153767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-682003330-1123561945-2147153767-1003\..\SearchScopes,DefaultScope = {61A20553-13A7-4CA5-A960-1F32B74F33B0}
IE - HKU\S-1-5-21-682003330-1123561945-2147153767-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-682003330-1123561945-2147153767-1003\..\SearchScopes\{61A20553-13A7-4CA5-A960-1F32B74F33B0}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-682003330-1123561945-2147153767-1003\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}
IE - HKU\S-1-5-21-682003330-1123561945-2147153767-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1123561945-2147153767-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Roanna\Application Data\Facebook\npfbplugin_1_0_3.dll ( )



O1 HOSTS File: ([2012/05/20 17:01:05 | 000,001,626 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-682003330-1123561945-2147153767-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-682003330-1123561945-2147153767-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-682003330-1123561945-2147153767-1003..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-682003330-1123561945-2147153767-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-682003330-1123561945-2147153767-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-682003330-1123561945-2147153767-1003..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CancelAutoPlay.lnk = C:\Program Files\ArcSoft\VideoImpression 2\CancelAutoPlay.exe (ArcSoft Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Roanna\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Documents and Settings\Roanna\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Documents and Settings\Roanna\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1123561945-2147153767-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-682003330-1123561945-2147153767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www4.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://portalsrvs.d...0,2009,514,2213 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\DOCUME~1\Roanna\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logme...eDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://msnau.oberon-...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://portalsrvs.d...0,2009,514,2205 (F5 Networks Host Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.195.193 61.9.194.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{045D4957-ED8B-4D44-B11C-D565645E043C}: DhcpNameServer = 61.9.195.193 61.9.194.49
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/20 17:15:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/05/23 22:28:20 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{76667b4a-7a40-11dd-a050-00112576143e}\Shell - "" = AutoRun
O33 - MountPoints2\{76667b4a-7a40-11dd-a050-00112576143e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76667b4a-7a40-11dd-a050-00112576143e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 06:36:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/27 10:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\Desktop\RK_Quarantine
[2012/05/27 08:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\My Documents\LOOSE FILES ON MY DOUCMENTS IBM
[2012/05/24 07:29:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Roanna\Desktop\aswMBR.exe
[2012/05/24 07:20:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/05/21 07:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\Application Data\Malwarebytes
[2012/05/21 07:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/21 07:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/21 07:49:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/21 07:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/21 07:36:55 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Roanna\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/20 22:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\My Documents\word docs on desktop 2012
[2012/05/20 20:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\My Documents\DESKTOP 2012
[2012/05/20 17:16:32 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Roanna\Desktop\unhide.exe
[2012/05/20 17:01:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/20 15:44:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Roanna\Recent
[2012/05/20 15:36:11 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roanna\Desktop\OTL.exe
[2012/05/08 17:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roanna\Application Data\Smmarks2
[2012/05/08 17:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SMPCS Apps
[2012/05/08 17:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Smmarks2
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Roanna\My Documents\*.tmp files -> C:\Documents and Settings\Roanna\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/14 23:07:25 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D3A97F3F-D2EA-4592-8A59-B55B37F0567F}.job
[2012/05/28 08:06:12 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/28 07:00:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/28 06:58:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/28 06:56:34 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/05/28 06:36:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/27 09:54:44 | 001,489,920 | ---- | M] () -- C:\Documents and Settings\Roanna\Desktop\RogueKiller.exe
[2012/05/24 07:51:53 | 000,200,704 | ---- | M] () -- C:\Documents and Settings\Roanna\Desktop\virus bugger 2.pub
[2012/05/23 22:34:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Roanna\Desktop\aswMBR.exe
[2012/05/21 20:00:00 | 000,000,738 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Roanna.job
[2012/05/21 07:50:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/21 07:36:55 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Roanna\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/20 17:16:37 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Roanna\Desktop\unhide.exe
[2012/05/20 16:24:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/20 16:01:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roanna\Desktop\OTL.exe
[2012/05/18 17:31:10 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/08 18:51:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Roanna\My Documents\*.tmp files -> C:\Documents and Settings\Roanna\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/27 10:08:29 | 001,489,920 | ---- | C] () -- C:\Documents and Settings\Roanna\Desktop\RogueKiller.exe
[2012/05/24 07:51:47 | 000,200,704 | ---- | C] () -- C:\Documents and Settings\Roanna\Desktop\virus bugger 2.pub
[2012/05/23 23:36:19 | 000,800,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/21 07:50:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/20 18:15:17 | 000,002,370 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012/05/20 18:15:17 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012/05/20 18:15:17 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2012/05/20 18:15:17 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/05/20 18:15:17 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/20 18:15:17 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/20 18:15:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/05/20 18:15:17 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/05/20 18:15:16 | 000,001,941 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/05/20 18:15:16 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live Mail.lnk
[2012/05/20 18:15:16 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
[2012/05/20 18:15:16 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CancelAutoPlay.lnk
[2012/05/20 18:15:16 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/20 18:15:16 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/05/20 18:15:16 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/05/20 18:15:13 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2012/05/20 18:15:13 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/05/20 18:15:11 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2012/05/20 18:15:10 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/05/20 18:15:10 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/05/20 18:15:10 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2012/05/20 18:15:10 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/05/20 18:15:10 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2012/05/20 18:15:10 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2012/03/01 08:40:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/25 16:11:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/07 14:40:12 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Roanna\Application Data\PhotobookShop.com.au Prefs
[2011/05/03 16:17:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2011/03/27 10:59:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2011/03/02 22:57:44 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/03/02 22:57:40 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/03/02 22:57:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/03/02 22:57:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/03/02 22:57:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/01/05 09:57:53 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Roanna\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

========== LOP Check ==========

[2010/12/06 07:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2008/08/25 16:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/06/18 07:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/10/08 16:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/11 09:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/09/19 22:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2012/03/10 20:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/12/25 15:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/09/11 23:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/25 16:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/06/11 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/14 08:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/12 18:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIDGE\Application Data\EPSON
[2011/09/09 21:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIDGE\Application Data\PhotobookShop.com.au
[2010/03/02 07:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Any Video Converter
[2012/03/10 20:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/10 15:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2008/08/22 20:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/23 07:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\EPSON
[2010/06/02 01:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Facebook
[2009/10/09 07:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\NCH Swift Sound
[2008/12/26 21:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Panasonic
[2011/09/07 14:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\PhotobookShop.com.au
[2011/12/25 15:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Samsung
[2012/05/08 18:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Smmarks2
[2011/05/24 20:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Smrepwk2
[2008/09/04 15:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Snapfish
[2011/12/26 13:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roanna\Application Data\Temp
[2012/06/14 23:07:25 | 000,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D3A97F3F-D2EA-4592-8A59-B55B37F0567F}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 10:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 10:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 22:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 10:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 10:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 22:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 10:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 10:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %Temp%\smtmp\*.* /s >
[2008/09/28 16:27:08 | 000,000,272 | -HS- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\desktop.ini
[2008/09/28 16:27:08 | 000,001,563 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2008/08/20 17:15:14 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2008/08/20 17:15:14 | 000,001,507 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2008/08/21 17:46:24 | 000,000,740 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Acrobat.com.lnk
[2012/03/10 15:55:53 | 000,000,796 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Adobe Download Assistant.lnk
[2012/03/10 17:43:35 | 000,000,728 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Adobe Help.lnk
[2012/03/10 17:06:28 | 000,001,683 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Adobe Photoshop Elements 10.lnk
[2012/04/14 09:07:21 | 000,002,347 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
[2011/10/30 06:40:00 | 000,001,830 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2009/10/09 07:55:28 | 000,000,636 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Audacity.lnk
[2008/08/20 17:13:54 | 000,000,150 | -HS- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
[2011/11/19 17:22:51 | 000,002,359 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft ActiveSync.lnk
[2008/08/20 17:11:59 | 000,001,986 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
[2008/08/23 08:49:14 | 000,001,833 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Live Mail.lnk
[2008/08/27 07:54:40 | 000,001,941 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Live Photo Gallery.lnk
[2009/09/12 22:56:36 | 000,000,785 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2008/08/20 17:13:54 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2008/08/26 07:59:56 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2012/04/23 20:44:56 | 000,000,255 | -HS- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2010/04/04 14:43:03 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2008/09/28 16:26:53 | 000,001,585 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2012/04/23 20:44:55 | 000,000,710 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2008/08/20 17:12:17 | 000,000,879 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2008/08/20 17:12:17 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2008/08/20 17:12:17 | 000,000,090 | -HS- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2008/09/28 16:29:37 | 000,000,516 | -HS- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2008/08/20 17:12:17 | 000,000,786 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2008/08/20 17:10:45 | 000,001,757 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2008/08/20 17:13:48 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2008/08/20 17:10:45 | 000,001,646 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2008/09/28 16:29:37 | 000,001,656 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2008/08/20 17:12:17 | 000,000,146 | -HS- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2009/11/26 06:07:01 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2008/08/20 17:12:17 | 000,001,528 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2008/08/20 17:15:14 | 000,001,599 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Activate Windows.lnk
[2008/09/28 16:07:51 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2008/08/20 17:12:17 | 000,001,521 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2008/08/20 17:15:14 | 000,000,757 | -HS- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2008/08/20 17:13:52 | 000,001,532 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2008/08/20 17:13:50 | 000,001,572 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2008/08/20 17:15:14 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2008/08/20 17:13:52 | 000,001,753 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2008/08/20 17:13:50 | 000,001,070 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2008/08/20 17:13:51 | 000,001,616 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2008/08/20 17:12:04 | 000,001,582 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2008/08/20 17:15:14 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2008/08/20 17:15:14 | 000,001,596 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2008/08/20 17:15:14 | 000,000,545 | -HS- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2008/08/20 17:15:14 | 000,001,592 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2008/08/20 17:15:14 | 000,001,590 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2008/08/20 17:15:14 | 000,001,591 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2012/03/10 13:28:49 | 000,001,602 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2009/10/14 10:25:40 | 000,000,549 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Any Video Converter\Any Video Converter on the Web.lnk
[2009/10/14 10:25:40 | 000,000,727 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Any Video Converter\Any Video Converter.lnk
[2009/10/14 10:25:41 | 000,000,697 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Any Video Converter\Uninstall Any Video Converter.lnk
[2008/12/26 21:39:53 | 000,001,996 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Connect\Start ArcSoft Connect.lnk
[2008/12/26 21:39:53 | 000,002,020 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Connect\View My ArcSoft Info.lnk
[2008/12/26 21:37:59 | 000,001,969 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Software Suite\MediaImpression.lnk
[2008/12/26 21:39:28 | 000,001,774 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft Software Suite\Panorama Maker 4.lnk
[2011/05/15 06:46:23 | 000,001,932 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft VideoImpression 2\Uninstall.lnk
[2011/05/15 06:46:24 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft VideoImpression 2\VideoImpression 2.lnk
[2011/05/15 06:46:19 | 000,001,739 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\ArcSoft VideoImpression 2\Web Services.lnk
[2008/08/25 16:49:44 | 000,001,866 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\EPSON Copy Utility.lnk
[2008/08/25 16:48:25 | 000,001,976 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\EPSON Easy Photo Print.lnk
[2008/08/25 16:51:38 | 000,001,919 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\EPSON File Manager.lnk
[2008/08/25 16:50:23 | 000,001,959 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Attach To Email\EPSON Attach To Email.lnk
[2008/08/25 16:50:23 | 000,001,931 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Attach To Email\Read Me.lnk
[2008/08/25 16:50:23 | 000,002,019 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Attach To Email\Uninstall EPSON Attach To Email.lnk
[2008/08/25 16:49:44 | 000,001,050 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Copy Utility\EPSON Copy Utility ReadMe.lnk
[2008/08/25 16:49:44 | 000,001,872 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Copy Utility\EPSON Copy Utility.lnk
[2008/08/25 16:48:25 | 000,001,982 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Easy Photo Print\EPSON Easy Photo Print.lnk
[2008/08/25 16:48:25 | 000,001,940 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Easy Photo Print\Readme.lnk
[2008/08/25 16:51:38 | 000,001,925 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\File Manager\EPSON File Manager.lnk
[2008/08/25 16:51:38 | 000,001,904 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\File Manager\Readme.lnk
[2008/08/25 16:50:46 | 000,000,813 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Creativity Suite\Scan Assistant\Scan Assistant.lnk
[2008/08/25 16:42:33 | 000,000,677 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON Scan\EPSON Scan.lnk
[2008/08/25 16:44:57 | 000,001,904 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON\CX4300_5500_DX4400 manual.lnk
[2008/08/25 16:44:45 | 000,001,731 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Printer Software Uninstall.lnk
[2008/08/25 16:44:45 | 000,001,821 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Stylus CX5500 Series Driver Update.lnk
[2008/08/25 16:44:45 | 000,001,580 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\EPSON\EPSON Stylus CX5500 Series Technical Support.lnk
[2012/04/19 10:10:12 | 000,000,727 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Free M4a to MP3 Converter\Free M4a to MP3 Converter Web-site.lnk
[2012/04/19 10:10:12 | 000,000,752 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Free M4a to MP3 Converter\Free M4a to MP3 Converter.lnk
[2012/04/19 10:10:12 | 000,000,720 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Free M4a to MP3 Converter\Help.lnk
[2012/04/19 10:10:12 | 000,000,727 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Free M4a to MP3 Converter\Uninstall the program.lnk
[2008/08/20 17:12:18 | 000,000,798 | -HS- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
[2008/08/20 17:12:17 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2008/08/20 17:12:17 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2008/08/20 17:12:18 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2008/08/20 17:12:18 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2008/08/20 17:12:18 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2008/08/20 17:12:18 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2008/08/20 17:12:18 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2008/08/20 17:12:17 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2008/08/20 17:12:17 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2008/08/20 17:12:17 | 000,001,491 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2008/08/20 17:12:17 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2012/04/24 08:21:08 | 000,001,814 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2012/04/24 08:21:08 | 000,001,554 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2008/08/20 17:59:47 | 000,000,950 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Media Player Classic.lnk
[2008/08/20 17:59:47 | 000,001,769 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\Codec Tweak Tool.lnk
[2008/08/20 17:59:47 | 000,001,654 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk
[2008/08/20 17:59:48 | 000,001,650 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk
[2008/08/20 17:59:48 | 000,001,600 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk
[2008/08/20 17:59:48 | 000,001,640 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk
[2008/08/20 17:59:48 | 000,001,668 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk
[2008/08/20 17:59:47 | 000,001,847 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk
[2008/08/20 17:59:48 | 000,000,809 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Help\FAQ.lnk
[2008/08/20 17:59:47 | 000,001,769 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk
[2008/08/20 17:59:48 | 000,000,912 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\GSpot Codec Information.lnk
[2008/08/20 17:59:48 | 000,000,862 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk
[2008/08/20 17:59:48 | 000,001,585 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk
[2009/12/14 08:10:30 | 000,000,725 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Magic M4A to MP3 Converter\Magic M4A to MP3 Converter 3.1.lnk
[2009/12/14 08:10:30 | 000,000,708 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Magic M4A to MP3 Converter\Magic M4A to MP3 Converter Help.lnk
[2009/12/14 08:10:30 | 000,000,062 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Magic M4A to MP3 Converter\Magic M4A to MP3 Converter On Web.url
[2009/12/14 08:10:30 | 000,000,732 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Magic M4A to MP3 Converter\Uninstall Magic M4A to MP3 Converter.lnk
[2010/07/15 00:36:18 | 000,002,549 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
[2011/08/18 16:40:04 | 000,002,485 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
[2008/08/26 20:52:24 | 000,002,603 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk
[2010/06/12 02:09:32 | 000,002,593 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk
[2008/08/26 20:52:24 | 000,002,525 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
[2008/08/26 20:52:24 | 000,002,599 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
[2012/01/29 19:34:17 | 000,002,495 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
[2012/04/29 11:02:10 | 000,002,455 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
[2012/05/17 07:41:09 | 000,002,527 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
[2008/08/26 20:52:25 | 000,002,553 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2008/08/26 20:52:24 | 000,002,533 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2008/08/26 20:52:25 | 000,002,433 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
[2008/08/26 20:52:24 | 000,002,531 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
[2008/12/26 23:12:34 | 000,002,425 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2012/03/01 12:53:04 | 000,001,986 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
[2009/10/08 15:57:21 | 000,000,863 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\MixPad Audio Mixer\MixPad Audio Mixer Help.lnk
[2009/10/08 15:57:21 | 000,000,796 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\MixPad Audio Mixer\MixPad Audio Mixer.lnk
[2009/06/18 07:22:33 | 000,000,731 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Musicnotes\Musicnotes Help.lnk
[2009/06/18 07:22:33 | 000,000,885 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Musicnotes\Musicnotes Player.lnk
[2009/06/18 07:22:33 | 000,001,577 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Musicnotes\Visit Musicnotes.lnk
[2009/06/18 07:22:33 | 000,000,737 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Musicnotes\Uninstall\Uninstall Musicnotes Player.lnk
[2008/08/20 17:31:40 | 000,002,256 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero BackItUp.lnk
[2008/08/20 17:31:40 | 000,002,249 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Burning ROM.lnk
[2008/08/20 17:31:40 | 000,002,349 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero CoverDesigner.lnk
[2008/08/20 17:31:40 | 000,002,115 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Express.lnk
[2008/08/20 17:31:40 | 000,002,266 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Home.lnk
[2008/08/20 17:31:40 | 000,002,154 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero MediaHome.lnk
[2008/08/20 17:31:40 | 000,002,018 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero PhotoSnap Viewer.lnk
[2008/08/20 17:31:40 | 000,002,092 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero PhotoSnap.lnk
[2008/08/20 17:31:40 | 000,002,276 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Recode.lnk
[2008/08/20 17:31:40 | 000,002,182 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero ShowTime.lnk
[2008/08/20 17:31:40 | 000,002,336 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero SoundTrax.lnk
[2008/08/20 17:31:40 | 000,002,364 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero StartSmart.lnk
[2008/08/20 17:31:40 | 000,002,324 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Vision.lnk
[2008/08/20 17:31:40 | 000,002,208 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero WaveEditor.lnk
[2008/08/20 17:31:40 | 000,001,794 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero BackItUp [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,835 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Burning ROM [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,805 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero BurnRights [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,857 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero ControlCenter [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,874 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero CoverDesigner [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,805 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero DriveSpeed [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,806 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Express [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,730 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Home [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,826 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero ImageDrive [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,787 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero InfoTool [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,810 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero MediaHome [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,810 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero PhotoSnap [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,762 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Recode [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,944 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero RescueAgent [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,794 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero ShowTime [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,810 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero SoundTrax [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,826 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero StartSmart [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,762 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero Vision [English Manual].lnk
[2008/08/20 17:31:40 | 000,001,826 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Manuals\Nero WaveEditor [English Manual].lnk
[2008/08/20 17:31:40 | 000,002,207 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero BurnRights.lnk
[2008/08/20 17:31:40 | 000,002,074 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero ControlCenter.lnk
[2008/08/20 17:31:40 | 000,002,070 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero DiscSpeed.lnk
[2008/08/20 17:31:40 | 000,002,137 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero DriveSpeed.lnk
[2008/08/20 17:31:40 | 000,002,258 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero ImageDrive.lnk
[2008/08/20 17:31:40 | 000,002,295 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero InfoTool.lnk
[2008/08/20 17:31:40 | 000,002,284 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero RescueAgent.lnk
[2008/08/20 17:31:40 | 000,002,151 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Nero 8\Nero Toolkit\Nero Scout.lnk
[2008/12/26 21:31:55 | 000,000,645 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\PHOTOfunSTUDIO -viewer-\Delete picture management information.lnk
[2008/12/26 21:31:54 | 000,000,693 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\PHOTOfunSTUDIO -viewer-\Manual.lnk
[2008/12/26 21:31:54 | 000,000,625 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\PHOTOfunSTUDIO -viewer-\PHOTOfunSTUDIO -viewer-.lnk
[2008/12/26 21:31:54 | 000,000,621 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Panasonic\PHOTOfunSTUDIO -viewer-\Readme.lnk
[2011/09/07 14:34:50 | 000,001,844 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\PhotobookShop.com.au\PhotobookShop.com.au.lnk
[2011/09/07 14:34:50 | 000,001,767 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\PhotobookShop.com.au\Uninstall.lnk
[2010/06/11 17:45:12 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2010/06/11 17:45:12 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2010/06/11 17:45:11 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2010/06/11 17:45:12 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2011/12/25 15:11:57 | 000,001,612 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Kies\Samsung Kies.lnk
[2011/12/25 15:11:57 | 000,001,962 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Kies\Uninstall Kies.lnk
[2010/12/06 06:50:28 | 000,001,481 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Samsung Auto Backup\Samsung Auto Backup Help(ENG).lnk
[2010/12/06 06:50:18 | 000,000,587 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Samsung\Samsung Auto Backup\Samsung Auto Backup.lnk
[2012/05/08 17:02:22 | 000,001,898 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\SMPCS Apps\SM-Marks 2.lnk
[2011/05/15 06:46:23 | 000,001,713 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Startup\CancelAutoPlay.lnk
[2008/08/20 17:15:14 | 000,000,084 | -HS- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
[2008/12/26 21:33:28 | 000,001,736 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
[2011/03/27 10:40:05 | 000,001,689 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Symantec Client Security\Symantec AntiVirus.lnk
[2011/10/30 17:00:10 | 000,000,715 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Teachers Report Assistant\Program Notes.lnk
[2011/10/30 17:00:09 | 000,000,727 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Teachers Report Assistant\Teachers Report Assistant .lnk
[2011/10/30 17:00:10 | 000,000,696 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Teachers Report Assistant\Teachers Report Assistant Help.lnk
[2011/10/30 17:00:09 | 000,000,727 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Teachers Report Assistant\Uninstall.lnk
[2009/12/13 22:38:20 | 000,000,513 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Winamp\Uninstall Winamp.lnk
[2009/12/13 22:38:19 | 000,000,688 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Winamp\What's New.lnk
[2009/12/13 22:38:19 | 000,000,676 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Winamp\Winamp.lnk
[2008/08/23 08:45:27 | 000,001,156 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Home.lnk
[2008/08/23 08:49:14 | 000,001,839 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
[2008/08/27 07:54:40 | 000,001,947 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
[2012/05/18 17:31:10 | 000,000,855 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Data_Recovery.lnk
[2008/09/28 18:30:59 | 000,000,119 | -HS- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\desktop.ini
[2009/12/10 09:49:29 | 000,000,815 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2008/08/20 17:31:39 | 000,002,272 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Nero Home.lnk
[2008/08/20 17:31:39 | 000,002,370 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Nero StartSmart.lnk
[2011/12/25 15:11:57 | 000,001,612 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Samsung Kies.lnk
[2008/08/20 17:20:01 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2009/12/13 22:38:20 | 000,000,682 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Winamp.lnk
[2008/08/23 08:49:14 | 000,001,845 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Windows Live Mail.lnk
[2009/08/30 15:05:33 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\Roanna\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 22:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 22:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 22:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 22:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 22:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 22:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:411E1BE2

< End of report >
  • 0

#23
rdbadger
Posted 27 May 2012 - 06:00 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
EXTRAS REPORT

OTL Extras logfile created on: 28/05/2012 7:57:33 AM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Roanna\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

502.96 Mb Total Physical Memory | 55.85 Mb Available Physical Memory | 11.10% Memory free
1.20 Gb Paging File | 0.41 Gb Available in Paging File | 33.79% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 6.76 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
Drive E: | 7.20 Gb Total Space | 3.91 Gb Free Space | 54.32% Space Free | Partition Type: FAT32

Computer Name: ROANNA-36A94C04 | User Name: Roanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FC0D4B0-F7D4-4BCC-9F73-83463AE42B65}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{12D28E4E-5E82-4676-8BAA-B2DBFCDC622A}" = ArcSoft VideoImpression 2
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{945126B3-E790-45FE-A5B4-D108DB681B61}" = Sibelius Scorch (ActiveX Only)
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}" = Nero 8
"{9F91B6C4-E892-4978-A571-B5A32BC2082C}" = Symantec AntiVirus
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6B4BAAB-AEBE-4E65-AD06-8333EBCBE9B3}" = SM-Marks 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Any Video Converter_is1" = Any Video Converter 2.7.8
"Audacity_is1" = Audacity 1.2.6
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.5 Standard
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Magic M4A to MP3 Converter_is1" = Magic M4A to MP3 Converter 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player_is1" = Musicnotes Player V1.23.2 and Viewer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"Teachers Report Assistant" = Teachers Report Assistant
"VLC media player" = VLC media player 2.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Palm® Support Center
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-682003330-1123561945-2147153767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"PhotobookShop.com.au" = PhotobookShop.com.au

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/05/2012 8:22:34 PM | Computer Name = ROANNA-36A94C04 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Gen.2 in File: C:\WINDOWS\Installer\{05945cd0-6e7b-74a8-3cee-82f3ac1de144}\U\80000032.@
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 21/05/2012 12:31:43 AM | Computer Name = ROANNA-36A94C04 | Source = Ci | ID = 4118
Description = A content scan could not be completed on c:\.

Error - 22/05/2012 5:03:28 AM | Computer Name = ROANNA-36A94C04 | Source = Ci | ID = 4118
Description = A content scan could not be completed on c:\.

Error - 23/05/2012 8:22:16 AM | Computer Name = ROANNA-36A94C04 | Source = Ci | ID = 4118
Description = A content scan could not be completed on c:\.

Error - 25/05/2012 7:33:23 PM | Computer Name = ROANNA-36A94C04 | Source = Ci | ID = 4118
Description = A content scan could not be completed on c:\.

Error - 25/05/2012 7:44:24 PM | Computer Name = ROANNA-36A94C04 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\WINDOWS\system32\services.exe
(PID 736) Time: Saturday, 26 May 2012 9:44:23 AM

Error - 25/05/2012 7:44:55 PM | Computer Name = ROANNA-36A94C04 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\WINDOWS\system32\services.exe
(PID 736) Time: Saturday, 26 May 2012 9:44:55 AM

Error - 25/05/2012 7:45:34 PM | Computer Name = ROANNA-36A94C04 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\WINDOWS\system32\services.exe
(PID 736) Time: Saturday, 26 May 2012 9:45:34 AM

Error - 26/05/2012 5:11:02 AM | Computer Name = ROANNA-36A94C04 | Source = Ci | ID = 4118
Description = A content scan could not be completed on c:\.

Error - 27/05/2012 5:13:28 PM | Computer Name = ROANNA-36A94C04 | Source = Ci | ID = 4118
Description = A content scan could not be completed on c:\.

[ OSession Events ]
Error - 6/09/2009 7:00:21 AM | Computer Name = ROANNA-36A94C04 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 495
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/09/2009 7:00:26 AM | Computer Name = ROANNA-36A94C04 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/01/2011 8:42:13 AM | Computer Name = ROANNA-36A94C04 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28145
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/06/2011 2:12:12 AM | Computer Name = ROANNA-36A94C04 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11625
seconds with 420 seconds of active time. This session ended with a crash.

Error - 18/06/2011 9:19:42 AM | Computer Name = ROANNA-36A94C04 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31642
seconds with 420 seconds of active time. This session ended with a crash.

Error - 4/07/2011 9:27:50 AM | Computer Name = ROANNA-36A94C04 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49827
seconds with 180 seconds of active time. This session ended with a crash.

Error - 13/02/2012 3:28:13 AM | Computer Name = ROANNA-36A94C04 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8397
seconds with 3960 seconds of active time. This session ended with a crash.

Error - 2/04/2012 6:49:40 AM | Computer Name = ROANNA-36A94C04 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1815
seconds with 420 seconds of active time. This session ended with a crash.

Error - 2/04/2012 7:19:35 AM | Computer Name = ROANNA-36A94C04 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1762
seconds with 780 seconds of active time. This session ended with a crash.

Error - 2/04/2012 7:33:55 AM | Computer Name = ROANNA-36A94C04 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 780
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23/04/2012 7:53:24 AM | Computer Name = ROANNA-36A94C04 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 23/04/2012 4:09:38 PM | Computer Name = ROANNA-36A94C04 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 23/04/2012 4:10:31 PM | Computer Name = ROANNA-36A94C04 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the CiSvc service.

Error - 23/04/2012 4:15:02 PM | Computer Name = ROANNA-36A94C04 | Source = DCOM | ID = 10010
Description = The server {25E8A7CA-5874-4F85-BC00-35210131C444} did not register
with DCOM within the required timeout.

Error - 23/04/2012 5:17:03 PM | Computer Name = ROANNA-36A94C04 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 24/04/2012 6:26:42 PM | Computer Name = ROANNA-36A94C04 | Source = Service Control Manager | ID = 7023
Description = The iPod Service service terminated with the following error: %%2147549465

Error - 24/04/2012 6:26:59 PM | Computer Name = ROANNA-36A94C04 | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.

Error - 3/05/2012 7:41:13 AM | Computer Name = ROANNA-36A94C04 | Source = DCOM | ID = 10010
Description = The server {25E8A7CA-5874-4F85-BC00-35210131C444} did not register
with DCOM within the required timeout.

Error - 5/05/2012 5:45:13 PM | Computer Name = ROANNA-36A94C04 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 5/05/2012 5:45:13 PM | Computer Name = ROANNA-36A94C04 | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053


< End of report >
  • 0

#24
rdbadger
Posted 27 May 2012 - 06:01 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Posts as requested
thanks
  • 0

#25
rdbadger
Posted 27 May 2012 - 06:05 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
I've had an error report from NMIndexStoreSvr.exe
NMIndexStoreSvr.exe has encountered a problem and needs to close
If you were in the middle of something, the information you were working on might be lost
Close

I don't want to touch this in case it resets everything and also closes down the OTL Scan that is still open - could you let me know what I should do?
Thanks
  • 0

Advertisements

#26
rdbadger
Posted 28 May 2012 - 02:58 AM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
just wondering if you could let me know what to do re-error msg, as i will be going to bed soon!
thanks!
  • 0

#27
Render
Posted 28 May 2012 - 05:19 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please close it. And are you missing some short-cuts from your desktop and Start menu maybe?

Proceed with this please:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
MOD - [2012/03/24 18:19:32 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Roanna\Local Settings\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
  	
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[resethosts]
[EMPTYJAVA]
[createrestorepoint]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#28
rdbadger
Posted 28 May 2012 - 04:13 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Proceeding now with instructions - the scan had finished, and requested a computer reboot to which I pressed OK - but when it started a very quick flash of an error message popped up - something about work being interrupted I think - it was very quick - hope it's ok!
  • 0

#29
rdbadger
Posted 28 May 2012 - 04:31 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
here may be some things missing, but there is also something new that has appeared on the desktop called "Thumbs.db" looks like an application - don't know what it is!
  • 0

#30
rdbadger
Posted 28 May 2012 - 04:35 PM

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
I assume when running the quickscan I don't have to change any of the options as requested last time is that correct?
ta
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP