OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Ray E. Osejo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): c:\pagefile.sys 16 16d:\pagefile.sys 3057 5000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.81 Gb Total Space | 32.93 Gb Free Space | 53.27% Space Free | Partition Type: NTFS
Drive D: | 221.48 Gb Total Space | 192.17 Gb Free Space | 86.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 29.29 Gb Total Space | 5.31 Gb Free Space | 18.14% Space Free | Partition Type: NTFS
Drive G: | 104.96 Gb Total Space | 76.82 Gb Free Space | 73.19% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: REO-LAPTOP
Current User Name: Ray E. Osejo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/06 01:11:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/22 17:26:14 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/22 17:26:08 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/22 17:21:42 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/29 14:54:52 | 002,343,120 | ---- | M] (IObit) -- D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/03/12 15:03:28 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 15:03:22 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 15:01:53 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/12 15:01:52 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009/11/02 20:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/06/10 04:02:50 | 000,904,840 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/06/10 03:57:40 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/06/10 03:55:30 | 001,326,080 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/02/13 19:55:40 | 000,241,664 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/26 05:08:26 | 000,106,583 | ---- | M] () -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
PRC - [2007/10/26 05:08:24 | 000,262,233 | ---- | M] () -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
PRC - [2007/10/26 05:07:56 | 000,417,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
PRC - [2007/10/05 16:55:12 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007/10/02 22:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/27 14:55:32 | 001,232,896 | ---- | M] (Lenovo (Beijing) Limited) -- D:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
PRC - [2007/08/15 12:38:30 | 000,147,456 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007/08/08 12:03:42 | 002,441,216 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006/12/05 18:30:06 | 000,450,560 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/11/24 21:20:36 | 000,622,592 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2006/11/22 05:31:25 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/05/08 19:52:04 | 000,204,800 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2006/02/26 11:07:12 | 002,502,656 | ---- | M] (Lenovo(beijing) Limited) -- D:\Program Files\Lenovo\EnergyCut\utilty.exe
========== Modules (SafeList) ==========
MOD - [2010/05/06 01:11:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
MOD - [2010/03/12 15:03:28 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (ac.sharedstore)
SRV - [2010/03/12 15:03:22 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/12 15:01:53 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft Office\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/26 05:08:26 | 000,106,583 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/10/26 05:08:24 | 000,262,233 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/10/02 22:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2006/12/04 15:32:10 | 000,632,456 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- D:\Program Files\Symantec\Ghost\ngctw32.exe -- (NGCLIENT)
========== Driver Services (SafeList) ==========
DRV - [2010/04/30 09:23:29 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/04/30 09:23:29 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/04/30 09:23:11 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/04/30 09:22:37 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/22 17:26:09 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/09 13:16:50 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/04/09 13:16:46 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010/03/12 15:03:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 15:01:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/20 16:53:06 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/01/20 16:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/01/06 23:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009/12/02 09:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/22 16:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (vsdatant)
DRV - [2009/05/19 06:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/04/11 00:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/02/13 19:30:44 | 000,018,048 | ---- | M] (ensurebit) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CapFilt.sys -- (CapFilt)
DRV - [2008/02/11 20:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/19 01:57:16 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/19 00:25:05 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/11/14 17:24:18 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/02 17:29:02 | 000,828,328 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/07/22 16:00:44 | 000,180,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/06/21 05:51:28 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/04/25 00:17:35 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/14 03:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/22 05:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://netscape.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://netscape.aol.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.14
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Program Files\Mozilla Firefox 3.6 Beta 5\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Program Files\Mozilla Firefox 3.6 Beta 5\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/04/30 17:04:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/04/30 17:04:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2010/04/30 18:32:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
[2009/12/23 10:42:27 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Extensions
[2009/12/23 10:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/05/04 09:14:46 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions
[2010/02/05 19:28:54 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/27 21:30:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/18 08:02:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/22 23:12:09 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/08 15:06:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/07/07 17:54:34 | 000,000,000 | ---D | M] (DoD Configuration) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087}
[2010/04/22 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\[email protected]
O1 HOSTS File: ([2010/04/22 20:50:50 | 000,393,305 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 13584 more lines...
O2 - BHO: (Download Guard for Internet Explorer) - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - Reg Error: Value error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AVG9_TRAY] D:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EnergyCut] D:\Program Files\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] D:\Program Files\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [masqform.exe] D:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (Lenovo)
O9 - Extra 'Tools' menuitem : Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (Lenovo)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: army.mil ([webmail.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: army.mil ([wmcac.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: army.mil ([wmlogin.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: army.mil ([www.us] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: \Windows\Web\Wallpaper\lenovo_Chr1_W.jpg
O24 - Desktop BackupWallPaper: \Windows\Web\Wallpaper\lenovo_Chr1_W.jpg
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d8c39fb-697c-11dd-b3cf-001fc600b2c6}\Shell - "" = AutoRun
O33 - MountPoints2\{3d8c39fb-697c-11dd-b3cf-001fc600b2c6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/26 09:36:59 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/05/10 02:05:24 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
[2010/05/10 01:26:33 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Malwarebytes
[2010/05/10 01:26:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/10 01:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/10 01:26:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/01 16:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DVDneXtCOPY
[2010/04/30 09:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/04/30 09:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/04/29 23:28:43 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Apple Computer
[2010/04/28 07:54:36 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\Spark
[2010/04/27 07:55:04 | 000,000,000 | -H-D | C] -- C:\VirtualStore
[2010/04/24 08:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/22 18:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/22 16:34:52 | 000,000,000 | ---D | C] -- D:\Users\Ray E. Osejo\Documents\RootKit Scan Log Files
[2010/03/30 14:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon
[2010/03/30 14:42:39 | 000,040,560 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys
[2010/03/30 13:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/27 08:01:44 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Symantec
[2010/03/17 15:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Config
[2010/03/17 11:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer Platform Preview
[2010/03/16 09:41:24 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Uniblue
[2010/03/12 15:03:28 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/07 18:32:23 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Move Networks
[2010/02/25 22:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Machinist2DLL
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/05/10 02:07:40 | 008,126,464 | -HS- | M] () -- C:\Users\Ray E. Osejo\ntuser.dat
[2010/05/10 01:41:17 | 000,293,376 | ---- | M] () -- C:\Users\Ray E. Osejo\Desktop\gmer.exe
[2010/05/10 01:26:28 | 000,000,626 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/10 00:41:49 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/05/10 00:40:46 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/05/10 00:39:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/10 00:39:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/10 00:39:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/10 00:39:47 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010/05/10 00:37:41 | 000,524,288 | -HS- | M] () -- C:\Users\Ray E. Osejo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/10 00:37:41 | 000,065,536 | -HS- | M] () -- C:\Users\Ray E. Osejo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/10 00:37:38 | 004,042,227 | -H-- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\IconCache.db
[2010/05/10 00:02:53 | 000,062,720 | -H-- | M] () -- C:\Users\Ray E. Osejo\AppData\Roaming\Ray E. Osejo.idx
[2010/05/06 01:11:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
[2010/05/01 16:26:57 | 000,000,677 | ---- | M] () -- C:\Users\Public\Desktop\DVDneXtCOPY 3.lnk
[2010/05/01 10:13:11 | 000,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/01 10:13:11 | 000,642,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/01 10:13:11 | 000,118,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/30 18:32:48 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/04/30 17:07:19 | 000,005,972 | ---- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\d3d9caps.dat
[2010/04/30 17:04:18 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 15:12:13 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let
[2010/04/30 09:26:44 | 000,409,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/30 09:22:36 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image WD Edition.lnk
[2010/04/30 06:28:53 | 000,422,438 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 09:51:47 | 000,000,718 | ---- | M] () -- C:\Users\Ray E. Osejo\Desktop\CCleaner.lnk
[2010/04/26 19:46:02 | 059,288,376 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/22 22:28:20 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\Partition Wizard Home Edition.lnk
[2010/04/22 20:50:50 | 000,393,305 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/22 18:29:38 | 000,001,546 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/22 17:51:42 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/22 17:26:09 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/22 17:24:21 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/04/22 17:24:21 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/04/09 13:16:52 | 000,535,624 | ---- | M] () -- C:\Windows\System32\pwNative.exe
[2010/04/09 13:16:50 | 000,016,472 | ---- | M] () -- C:\Windows\System32\pwdrvio.sys
[2010/04/09 13:16:46 | 000,011,104 | ---- | M] () -- C:\Windows\System32\pwdspio.sys
[2010/03/31 08:39:09 | 000,003,213 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2010/03/31 05:52:36 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 5.0.1 Home Edition.lnk
[2010/03/26 08:04:59 | 000,381,559 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100422-205050.backup
[2010/03/17 11:11:03 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\Internet Explorer Platform Preview.lnk
[2010/03/17 07:12:10 | 000,381,307 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100326-080459.backup
[2010/03/15 07:35:22 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/03/12 16:21:53 | 000,381,239 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100317-071210.backup
[2010/03/12 15:03:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/12 15:03:28 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/12 15:01:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/08 23:09:23 | 000,380,856 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100312-152153.backup
[2010/03/06 00:05:45 | 000,014,336 | ---- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 08:08:23 | 000,109,480 | ---- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/18 21:53:12 | 000,380,752 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100308-220923.backup
[2010/02/13 08:56:26 | 000,379,050 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100218-205312.backup
[2010/02/09 10:01:39 | 000,379,090 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100213-075625.backup
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/10 01:26:28 | 000,000,626 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 16:26:57 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\DVDneXtCOPY 3.lnk
[2010/04/30 18:32:48 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/04/30 17:04:18 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 09:37:58 | 000,001,024 | ---- | C] () -- C:\Windows\System32\AutoPartNt.let
[2010/04/30 09:22:36 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image WD Edition.lnk
[2010/04/22 18:29:38 | 000,001,546 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/31 06:03:58 | 000,003,213 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2010/03/31 05:52:36 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 5.0.1 Home Edition.lnk
[2010/03/31 05:52:34 | 001,692,288 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/03/31 05:52:34 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/03/31 05:52:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/03/31 05:52:34 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/03/31 05:52:34 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/03/30 15:14:36 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2010/03/30 15:14:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/03/30 15:14:15 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/03/30 15:02:57 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\Partition Wizard Home Edition.lnk
[2010/03/17 11:11:03 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer Platform Preview.lnk
[2010/03/15 07:35:21 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/01/20 22:18:01 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2010/01/13 17:51:59 | 000,004,733 | ---- | C] () -- C:\Windows\SigPlus.ini
[2009/12/23 20:33:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/30 00:05:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\erainp32.dll
[2008/08/09 11:23:06 | 000,000,181 | ---- | C] () -- C:\Windows\msmail.ini
[2008/07/12 21:01:18 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/07/12 21:01:18 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/07/12 20:59:09 | 000,000,228 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/07/12 20:59:09 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/07/12 20:57:30 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/07/12 20:57:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/07/07 17:42:43 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/02/13 19:55:43 | 001,560,576 | ---- | C] () -- C:\Windows\System32\MainOp.dll
[2008/02/13 19:55:43 | 001,560,576 | ---- | C] () -- C:\Windows\System32\MainOp(303).dll
[2008/02/13 19:55:43 | 000,208,896 | ---- | C] () -- C:\Windows\System32\Image.dll
[2008/02/13 19:55:43 | 000,208,896 | ---- | C] () -- C:\Windows\System32\Image(300).dll
[2008/02/13 19:55:42 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
[2008/02/13 19:55:42 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
[2008/02/13 19:55:42 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp(326).dll
[2008/02/13 19:55:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
[2008/02/13 19:55:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo(305).dll
[2008/02/13 19:55:42 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
[2008/02/13 19:55:41 | 001,327,104 | ---- | C] () -- C:\Windows\System32\ImageReog.dll
[2008/02/13 19:55:41 | 001,327,104 | ---- | C] () -- C:\Windows\System32\ImageReog(301).dll
[2008/02/13 19:55:41 | 000,622,592 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2008/02/13 19:55:41 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ApBlend.dll
[2008/02/13 19:55:41 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ApBlend(274).dll
[2008/02/13 19:15:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/11/14 17:21:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/07 06:44:11 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/07 06:44:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/01/20 13:56:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Machinist2.dll
========== LOP Check ==========
[2010/01/09 11:10:36 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\IObit
[2008/07/07 18:28:24 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\PureEdge
[2009/12/23 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Thunderbird
[2010/03/16 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Uniblue
[2008/08/18 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Xerox
[2010/05/10 00:41:49 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/05/10 00:38:02 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/05/10 00:39:10 | 000,038,748 | ---- | M] () -- C:\aaw7boot.log
[2010/01/20 15:23:17 | 000,000,002 | ---- | M] () -- C:\ATK0100.log
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/05/23 17:39:49 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/01/20 16:05:39 | 000,000,034 | ---- | M] () -- C:\esaycapture.log
[2010/05/10 00:42:03 | 075,232,586 | ---- | M] () -- C:\FaceProv.log
[2010/05/10 00:41:21 | 000,109,792 | ---- | M] () -- C:\HeadVideo.log
[2008/08/09 11:18:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/09 11:18:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/10 00:39:10 | 016,777,216 | -HS- | M] () -- C:\pagefile.sys
[2008/02/13 19:08:46 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2008/08/07 05:46:36 | 000,005,343 | ---- | M] () -- C:\WirelessDiagLog.csv
[2009/12/23 22:31:16 | 000,000,156 | ---- | M] () -- C:\YServer.txt
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/11 02:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/12 15:01:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/12 15:03:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/22 17:26:09 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/30 09:23:11 | 000,132,480 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010/04/30 09:22:37 | 000,368,480 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tdrpman.sys
[2010/04/30 09:23:29 | 000,044,384 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2010/04/30 09:23:29 | 000,441,760 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
OTL Extras Log:
OTL Extras logfile created on: 5/10/2010 2:06:21 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Ray E. Osejo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): c:\pagefile.sys 16 16d:\pagefile.sys 3057 5000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.81 Gb Total Space | 32.93 Gb Free Space | 53.27% Space Free | Partition Type: NTFS
Drive D: | 221.48 Gb Total Space | 192.17 Gb Free Space | 86.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 29.29 Gb Total Space | 5.31 Gb Free Space | 18.14% Space Free | Partition Type: NTFS
Drive G: | 104.96 Gb Total Space | 76.82 Gb Free Space | 73.19% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: REO-LAPTOP
Current User Name: Ray E. Osejo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064CFBD4-1A04-4B84-920E-E3AABE076C4B}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{09058782-5BE9-47AE-9E77-E9D95A56D6E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{100C04D7-0BD5-420A-9C30-D349AB13FC5B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{12981B49-90A4-4C1D-87BA-BFDB8091A7DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{14AF9013-9CC6-4FC1-8D4F-BB86857B0D29}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{2776CBA4-9AEA-4C82-8A0C-7C578824D091}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{7913906B-6810-4DF9-A4C7-E41488316830}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{BA12E6FB-42DE-473C-BE95-1515FA36721D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C30A1DA5-B495-4963-BDFB-96D36FC0D444}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{D406073B-28FC-441B-98EA-C85912015E69}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{114813E0-DED2-4545-BAD3-682A35D2BDC9}" = protocol=17 | dir=in | app=d:\program files\symantec\ghost\ngctw32.exe |
"{160F4E77-9E46-41B8-A34E-6BF0E7EB7092}" = protocol=6 | dir=in | app=d:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1797BF06-5567-4572-9D7C-9F8D5FFCF620}" = protocol=17 | dir=in | app=d:\program files\yahoo!\messenger\yserver.exe |
"{1DDA24D5-64A9-47BB-B833-7A1CCB979B2E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1FBCDEC0-82AB-4908-99E4-A2E0AB0B2D33}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{3BD477E3-818C-4EB5-B56B-9EE38A91010B}" = dir=in | app=c:\program files\lenovo\shuttlecenter\powercinema.exe |
"{3C582205-6C25-42FE-99A6-655BFC56DE9E}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{45780240-5609-47EF-A5FC-0E67F60678BC}" = dir=in | app=c:\program files\lenovo\shuttlecenter\kernel\dmp\clbrowserengine.exe |
"{6D59C795-087C-42C0-86DF-B6B352A6606F}" = dir=out | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{8302C106-8222-4F55-98B7-A4825B50F984}" = dir=in | app=c:\program files\lenovo\shuttlecenter\kernel\dms\clmsservice.exe |
"{CED57A0D-9753-42BD-A801-FC919E296434}" = protocol=6 | dir=in | app=d:\program files\yahoo!\messenger\yserver.exe |
"{EC823F68-1CD6-4380-BB24-F7F5F4D70DA3}" = protocol=17 | dir=in | app=d:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F4A696EC-F341-436D-8799-AF55683C7BBE}" = protocol=6 | dir=in | app=d:\program files\symantec\ghost\ngctw32.exe |
"{F690C616-0592-4083-9D42-77BC18E6E9BC}" = dir=in | app=c:\program files\lenovo\shuttlecenter\pcmservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{10885AE8-E42E-43CB-0A9D-1DCE4B636080}" = Symantec Ghost Configuration Client (Standalone)
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Shuttle Center II
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{39316EDC-804F-4081-9974-0A13BA77E5EF}" = Windows Internet Explorer Platform Preview
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo Easy Camera
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5E11064C-41D6-4451-B45A-E36DFBCB84AC}" = Download Guard for Internet Explorer
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}" = EnergyCut
"{6ECD42B2-32AF-4898-880D-0608EA5C592A}" = ApproveIt Desktop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A98E3354-AD08-427C-A0AC-32221A3E6598}" = Active@ Partition Manager
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B39AA98E-C966-46C9-ACA2-D2586E300988}" = WinFlash
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4917541-1D76-4BDD-0A44-0E5B98363300}" = Symantec User Migration Wizard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis True Image WD Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AVG9Uninstall" = AVG Free 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Download Guard for Internet Explorer" = Download Guard for Internet Explorer
"DVDneXtCOPY 3 Ultimate" = DVDneXtCOPY 3 Ultimate
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"HDMI" = Intel® Graphics Media Accelerator Driver
"lenovo scrnsave" = lenovo scrnsave
"Machinist2DLL" = Machinist2DLL
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"PROR" = Microsoft Office Professional 2007
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2008" = TurboTax 2008
"VeriFace" = VeriFace
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ ActivIdentity Events ]
Error - 3/14/2010 2:01:14 PM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =
Error - 3/20/2010 7:42:32 AM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =
Error - 3/22/2010 2:19:32 PM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =
[ Application Events ]
Error - 3/29/2010 4:35:55 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3727 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1590 Start Time: 01cacf5050b5e932 Termination Time: 26
Error - 3/30/2010 2:11:40 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 63c Start Time: 01cad02e9aaaa002 Termination Time: 38266
Error - 3/30/2010 2:19:21 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17f0 Start Time: 01cad0345907cd72 Termination Time: 60000
Error - 3/30/2010 2:23:01 PM | Computer Name = REO-laptop | Source = VSS | ID = 8194
Description =
Error - 4/22/2010 5:12:15 PM | Computer Name = REO-laptop | Source = ESENT | ID = 505
Description = wuaueng.dll (1320) SUS20ClientDataStore: An attempt to open the compressed
file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write
access failed because it could not be converted to a normal file. The open file
operation will fail with error -4005 (0xfffff05b). To prevent this error in the
future you can manually decompress the file and change the compression state of
the containing folder to uncompressed. Writing to this file when it is compressed
is not supported.
Error - 4/22/2010 5:26:20 PM | Computer Name = REO-laptop | Source = VSS | ID = 8194
Description =
Error - 5/1/2010 10:15:58 AM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program qw.exe version 17.1.9.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1420 Start Time: 01cae93846b35561 Termination Time: 44
Error - 5/1/2010 10:16:58 AM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application Dwm.exe, version 6.0.6002.18005, time stamp 0x49e01b94,
faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7, exception
code 0xc0000005, fault offset 0x0004a1de, process id 0xb64, application start time
0x01cae92fb35c7f61.
Error - 5/1/2010 1:41:52 PM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x0004a1de, process id 0x1468, application
start time 0x01cae9310db162e1.
Error - 5/1/2010 1:42:28 PM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x0004a1de, process id 0x1bfc, application
start time 0x01cae9432fe48dd1.
[ Media Center Events ]
Error - 8/28/2008 7:37:07 AM | Computer Name = REO-laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ OSession Events ]
Error - 8/19/2008 12:26:05 AM | Computer Name = REO-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 9922 seconds with 8100 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 5/9/2010 2:03:02 PM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7034
Description =
Error - 5/10/2010 12:37:56 AM | Computer Name = REO-laptop | Source = DCOM | ID = 10010
Description =
Error - 5/10/2010 12:38:47 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 5/10/2010 12:38:47 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 5/10/2010 12:39:10 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 5/10/2010 12:39:10 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 5/10/2010 12:39:54 AM | Computer Name = REO-laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 5/10/2010 12:40:34 AM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 5/10/2010 12:40:45 AM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7034
Description =
Error - 5/10/2010 1:54:45 AM | Computer Name = REO-laptop | Source = BROWSER | ID = 8032
Description =
< End of report >
Extras.txt OTL log:
OTL Extras logfile created on: 5/10/2010 2:06:21 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Ray E. Osejo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): c:\pagefile.sys 16 16d:\pagefile.sys 3057 5000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.81 Gb Total Space | 32.93 Gb Free Space | 53.27% Space Free | Partition Type: NTFS
Drive D: | 221.48 Gb Total Space | 192.17 Gb Free Space | 86.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 29.29 Gb Total Space | 5.31 Gb Free Space | 18.14% Space Free | Partition Type: NTFS
Drive G: | 104.96 Gb Total Space | 76.82 Gb Free Space | 73.19% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: REO-LAPTOP
Current User Name: Ray E. Osejo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064CFBD4-1A04-4B84-920E-E3AABE076C4B}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{09058782-5BE9-47AE-9E77-E9D95A56D6E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{100C04D7-0BD5-420A-9C30-D349AB13FC5B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{12981B49-90A4-4C1D-87BA-BFDB8091A7DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{14AF9013-9CC6-4FC1-8D4F-BB86857B0D29}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{2776CBA4-9AEA-4C82-8A0C-7C578824D091}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{7913906B-6810-4DF9-A4C7-E41488316830}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{BA12E6FB-42DE-473C-BE95-1515FA36721D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C30A1DA5-B495-4963-BDFB-96D36FC0D444}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{D406073B-28FC-441B-98EA-C85912015E69}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{114813E0-DED2-4545-BAD3-682A35D2BDC9}" = protocol=17 | dir=in | app=d:\program files\symantec\ghost\ngctw32.exe |
"{160F4E77-9E46-41B8-A34E-6BF0E7EB7092}" = protocol=6 | dir=in | app=d:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1797BF06-5567-4572-9D7C-9F8D5FFCF620}" = protocol=17 | dir=in | app=d:\program files\yahoo!\messenger\yserver.exe |
"{1DDA24D5-64A9-47BB-B833-7A1CCB979B2E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1FBCDEC0-82AB-4908-99E4-A2E0AB0B2D33}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{3BD477E3-818C-4EB5-B56B-9EE38A91010B}" = dir=in | app=c:\program files\lenovo\shuttlecenter\powercinema.exe |
"{3C582205-6C25-42FE-99A6-655BFC56DE9E}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{45780240-5609-47EF-A5FC-0E67F60678BC}" = dir=in | app=c:\program files\lenovo\shuttlecenter\kernel\dmp\clbrowserengine.exe |
"{6D59C795-087C-42C0-86DF-B6B352A6606F}" = dir=out | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{8302C106-8222-4F55-98B7-A4825B50F984}" = dir=in | app=c:\program files\lenovo\shuttlecenter\kernel\dms\clmsservice.exe |
"{CED57A0D-9753-42BD-A801-FC919E296434}" = protocol=6 | dir=in | app=d:\program files\yahoo!\messenger\yserver.exe |
"{EC823F68-1CD6-4380-BB24-F7F5F4D70DA3}" = protocol=17 | dir=in | app=d:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F4A696EC-F341-436D-8799-AF55683C7BBE}" = protocol=6 | dir=in | app=d:\program files\symantec\ghost\ngctw32.exe |
"{F690C616-0592-4083-9D42-77BC18E6E9BC}" = dir=in | app=c:\program files\lenovo\shuttlecenter\pcmservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{10885AE8-E42E-43CB-0A9D-1DCE4B636080}" = Symantec Ghost Configuration Client (Standalone)
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Shuttle Center II
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{39316EDC-804F-4081-9974-0A13BA77E5EF}" = Windows Internet Explorer Platform Preview
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo Easy Camera
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5E11064C-41D6-4451-B45A-E36DFBCB84AC}" = Download Guard for Internet Explorer
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}" = EnergyCut
"{6ECD42B2-32AF-4898-880D-0608EA5C592A}" = ApproveIt Desktop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A98E3354-AD08-427C-A0AC-32221A3E6598}" = Active@ Partition Manager
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B39AA98E-C966-46C9-ACA2-D2586E300988}" = WinFlash
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4917541-1D76-4BDD-0A44-0E5B98363300}" = Symantec User Migration Wizard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis True Image WD Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AVG9Uninstall" = AVG Free 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Download Guard for Internet Explorer" = Download Guard for Internet Explorer
"DVDneXtCOPY 3 Ultimate" = DVDneXtCOPY 3 Ultimate
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"HDMI" = Intel® Graphics Media Accelerator Driver
"lenovo scrnsave" = lenovo scrnsave
"Machinist2DLL" = Machinist2DLL
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"PROR" = Microsoft Office Professional 2007
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2008" = TurboTax 2008
"VeriFace" = VeriFace
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ ActivIdentity Events ]
Error - 3/14/2010 2:01:14 PM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =
Error - 3/20/2010 7:42:32 AM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =
Error - 3/22/2010 2:19:32 PM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =
[ Application Events ]
Error - 3/29/2010 4:35:55 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3727 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1590 Start Time: 01cacf5050b5e932 Termination Time: 26
Error - 3/30/2010 2:11:40 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 63c Start Time: 01cad02e9aaaa002 Termination Time: 38266
Error - 3/30/2010 2:19:21 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17f0 Start Time: 01cad0345907cd72 Termination Time: 60000
Error - 3/30/2010 2:23:01 PM | Computer Name = REO-laptop | Source = VSS | ID = 8194
Description =
Error - 4/22/2010 5:12:15 PM | Computer Name = REO-laptop | Source = ESENT | ID = 505
Description = wuaueng.dll (1320) SUS20ClientDataStore: An attempt to open the compressed
file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write
access failed because it could not be converted to a normal file. The open file
operation will fail with error -4005 (0xfffff05b). To prevent this error in the
future you can manually decompress the file and change the compression state of
the containing folder to uncompressed. Writing to this file when it is compressed
is not supported.
Error - 4/22/2010 5:26:20 PM | Computer Name = REO-laptop | Source = VSS | ID = 8194
Description =
Error - 5/1/2010 10:15:58 AM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program qw.exe version 17.1.9.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1420 Start Time: 01cae93846b35561 Termination Time: 44
Error - 5/1/2010 10:16:58 AM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application Dwm.exe, version 6.0.6002.18005, time stamp 0x49e01b94,
faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7, exception
code 0xc0000005, fault offset 0x0004a1de, process id 0xb64, application start time
0x01cae92fb35c7f61.
Error - 5/1/2010 1:41:52 PM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x0004a1de, process id 0x1468, application
start time 0x01cae9310db162e1.
Error - 5/1/2010 1:42:28 PM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x0004a1de, process id 0x1bfc, application
start time 0x01cae9432fe48dd1.
[ Media Center Events ]
Error - 8/28/2008 7:37:07 AM | Computer Name = REO-laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ OSession Events ]
Error - 8/19/2008 12:26:05 AM | Computer Name = REO-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 9922 seconds with 8100 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 5/9/2010 2:03:02 PM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7034
Description =
Error - 5/10/2010 12:37:56 AM | Computer Name = REO-laptop | Source = DCOM | ID = 10010
Description =
Error - 5/10/2010 12:38:47 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 5/10/2010 12:38:47 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 5/10/2010 12:39:10 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 5/10/2010 12:39:10 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
Error - 5/10/2010 12:39:54 AM | Computer Name = REO-laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 5/10/2010 12:40:34 AM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 5/10/2010 12:40:45 AM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7034
Description =
Error - 5/10/2010 1:54:45 AM | Computer Name = REO-laptop | Source = BROWSER | ID = 8032
Description =
< End of report >
GMER Log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 02:03:54
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\RAYE~1.OSE\AppData\Local\Temp\kwlyykog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x90A2F0D8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x90A4DAA6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x90A49F6A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x90A4A392]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x90A5236A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x90A2FF9A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x90A4F4BC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x90A4EDB2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x90A48DA8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x90A4FE86]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x90A500C4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x90A50576]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x90A2FA8C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x90A4BFC2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x90A5130C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x90A50840]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x90A50F4C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x90A35DC4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x90A303A4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x90A51894]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x90A4E4D6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x90A4B08E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x90A4ADBE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x90A4A806]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 1D9 820BA93C 4 Bytes [D8, F0, A2, 90]
.text ntkrnlpa.exe!KeSetEvent + 1E9 820BA94C 4 Bytes [A6, DA, A4, 90]
.text ntkrnlpa.exe!KeSetEvent + 209 820BA96C 8 Bytes [6A, 9F, A4, 90, 92, A3, A4, ...]
.text ntkrnlpa.exe!KeSetEvent + 215 820BA978 4 Bytes [6A, 23, A5, 90] {PUSH 0x23; MOVSD ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 2D1 820BAA34 8 Bytes [9A, FF, A2, 90, BC, F4, A4, ...] {CALL FAR 0xa4f4:0xbc90a2ff; NOP }
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CreateDialogParamW 771D72A2 5 Bytes JMP 6AEBDE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!GetAsyncKeyState 771D863C 5 Bytes JMP 6ADD8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!SetWindowsHookExW 771D87AD 5 Bytes JMP 6AEB9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CallNextHookEx 771D8E3B 5 Bytes JMP 6AEAD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!UnhookWindowsHookEx 771D98DB 5 Bytes JMP 6AE2466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!EnableWindow 771DCD8B 5 Bytes JMP 6AEBDCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CreateWindowExW 771E1305 5 Bytes JMP 6AEBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!GetKeyState 771E8CB1 5 Bytes JMP 6AEBD28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!IsDialogMessageW 771F0745 5 Bytes JMP 6ADE5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CreateDialogParamA 771F17AA 5 Bytes JMP 6AFB53AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!IsDialogMessage 771F1847 5 Bytes JMP 6AFB4C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CreateDialogIndirectParamA 771F26F1 5 Bytes JMP 6AFB53E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CreateDialogIndirectParamW 771F9A62 5 Bytes JMP 6AFB5419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!SetKeyboardState 77200987 5 Bytes JMP 6AFB4FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!DialogBoxParamW 772010B0 5 Bytes JMP 6ADE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!DialogBoxIndirectParamW 77202EF5 5 Bytes JMP 6AFB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!SendInput 77202F75 5 Bytes JMP 6AFB5B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!EndDialog 7720326E 5 Bytes JMP 6ADE7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!SetCursorPos 77216FB2 5 Bytes JMP 6AFB5BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!DialogBoxParamA 77218152 5 Bytes JMP 6AFB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!DialogBoxIndirectParamA 7721847D 5 Bytes JMP 6AFB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!MessageBoxIndirectA 7722D4D9 5 Bytes JMP 6AFB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!MessageBoxIndirectW 7722D5D3 5 Bytes JMP 6AFB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!MessageBoxExA 7722D639 5 Bytes JMP 6AFB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!MessageBoxExW 7722D65D 5 Bytes JMP 6AFB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!keybd_event 7722D972 5 Bytes JMP 6AFB5EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] SHELL32.dll!SHRestricted + D1D 761C8910 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[744] SHELL32.dll!SHRestricted + D25 761C8918 4 Bytes [57, 2F, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[744] SHELL32.dll!SHRestricted + D95 761C8988 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[744] SHELL32.dll!SHRestricted + D9D 761C8990 8 Bytes [57, 2F, 06, 66, 9C, 5B, 05, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[744] ole32.dll!OleLoadFromStream 770A1E12 5 Bytes JMP 6AFB4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] ole32.dll!CoCreateInstance 770D9EA6 5 Bytes JMP 6AEBDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!closesocket 75CA330C 5 Bytes JMP 65F5EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!recv 75CA343A 5 Bytes JMP 65F5F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!socket 75CA36D1 5 Bytes JMP 65F5E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!connect 75CA40D9 5 Bytes JMP 65F5E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!getaddrinfo 75CA418A 5 Bytes JMP 65F5E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!send 75CA659B 5 Bytes JMP 65F5E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateDialogParamW 771D72A2 5 Bytes JMP 6AEBDE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!GetAsyncKeyState 771D863C 5 Bytes JMP 6ADD8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!SetWindowsHookExW 771D87AD 5 Bytes JMP 6AEB9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CallNextHookEx 771D8E3B 5 Bytes JMP 6AEAD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!UnhookWindowsHookEx 771D98DB 5 Bytes JMP 6AE2466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!EnableWindow 771DCD8B 5 Bytes JMP 6AEBDCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateWindowExW 771E1305 5 Bytes JMP 6AEBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!GetKeyState 771E8CB1 5 Bytes JMP 6AEBD28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!IsDialogMessageW 771F0745 5 Bytes JMP 6ADE5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateDialogParamA 771F17AA 5 Bytes JMP 6AFB53AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!IsDialogMessage 771F1847 5 Bytes JMP 6AFB4C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateDialogIndirectParamA 771F26F1 5 Bytes JMP 6AFB53E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateDialogIndirectParamW 771F9A62 5 Bytes JMP 6AFB5419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!SetKeyboardState 77200987 5 Bytes JMP 6AFB4FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxParamW 772010B0 5 Bytes JMP 6ADE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxIndirectParamW 77202EF5 5 Bytes JMP 6AFB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!SendInput 77202F75 5 Bytes JMP 6AFB5B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!EndDialog 7720326E 5 Bytes JMP 6ADE7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!SetCursorPos 77216FB2 5 Bytes JMP 6AFB5BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxParamA 77218152 5 Bytes JMP 6AFB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxIndirectParamA 7721847D 5 Bytes JMP 6AFB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxIndirectA 7722D4D9 5 Bytes JMP 6AFB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxIndirectW 7722D5D3 5 Bytes JMP 6AFB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxExA 7722D639 5 Bytes JMP 6AFB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxExW 7722D65D 5 Bytes JMP 6AFB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!keybd_event 7722D972 5 Bytes JMP 6AFB5EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] SHELL32.dll!SHRestricted + D1D 761C8910 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] SHELL32.dll!SHRestricted + D25 761C8918 4 Bytes [57, 2F, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] SHELL32.dll!SHRestricted + D95 761C8988 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] SHELL32.dll!SHRestricted + D9D 761C8990 8 Bytes [57, 2F, 06, 66, 9C, 5B, 05, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ole32.dll!OleLoadFromStream 770A1E12 5 Bytes JMP 6AFB4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ole32.dll!CoCreateInstance 770D9EA6 5 Bytes JMP 6AEBDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!closesocket 75CA330C 5 Bytes JMP 65F5EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!recv 75CA343A 5 Bytes JMP 65F5F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!socket 75CA36D1 5 Bytes JMP 65F5E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!connect 75CA40D9 5 Bytes JMP 65F5E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!getaddrinfo 75CA418A 5 Bytes JMP 65F5E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!send 75CA659B 5 Bytes JMP 65F5E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CreateDialogParamW 771D72A2 5 Bytes JMP 6AEBDE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!GetAsyncKeyState 771D863C 5 Bytes JMP 6ADD8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!SetWindowsHookExW 771D87AD 5 Bytes JMP 6AEB9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CallNextHookEx 771D8E3B 5 Bytes JMP 6AEAD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!UnhookWindowsHookEx 771D98DB 5 Bytes JMP 6AE2466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!EnableWindow 771DCD8B 5 Bytes JMP 6AEBDCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CreateWindowExW 771E1305 5 Bytes JMP 6AEBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!GetKeyState 771E8CB1 5 Bytes JMP 6AEBD28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!IsDialogMessageW 771F0745 5 Bytes JMP 6ADE5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CreateDialogParamA 771F17AA 5 Bytes JMP 6AFB53AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!IsDialogMessage 771F1847 5 Bytes JMP 6AFB4C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CreateDialogIndirectParamA 771F26F1 5 Bytes JMP 6AFB53E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CreateDialogIndirectParamW 771F9A62 5 Bytes JMP 6AFB5419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!SetKeyboardState 77200987 5 Bytes JMP 6AFB4FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!DialogBoxParamW 772010B0 5 Bytes JMP 6ADE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!DialogBoxIndirectParamW 77202EF5 5 Bytes JMP 6AFB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!SendInput 77202F75 5 Bytes JMP 6AFB5B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!EndDialog 7720326E 5 Bytes JMP 6ADE7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!SetCursorPos 77216FB2 5 Bytes JMP 6AFB5BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!DialogBoxParamA 77218152 5 Bytes JMP 6AFB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!DialogBoxIndirectParamA 7721847D 5 Bytes JMP 6AFB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!MessageBoxIndirectA 7722D4D9 5 Bytes JMP 6AFB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!MessageBoxIndirectW 7722D5D3 5 Bytes JMP 6AFB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!MessageBoxExA 7722D639 5 Bytes JMP 6AFB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!MessageBoxExW 7722D65D 5 Bytes JMP 6AFB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!keybd_event 7722D972 5 Bytes JMP 6AFB5EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] SHELL32.dll!SHRestricted + D1D 761C8910 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] SHELL32.dll!SHRestricted + D25 761C8918 4 Bytes [57, 2F, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] SHELL32.dll!SHRestricted + D95 761C8988 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] SHELL32.dll!SHRestricted + D9D 761C8990 8 Bytes [57, 2F, 06, 66, 9C, 5B, 05, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] ole32.dll!OleLoadFromStream 770A1E12 5 Bytes JMP 6AFB4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] ole32.dll!CoCreateInstance 770D9EA6 5 Bytes JMP 6AEBDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!closesocket 75CA330C 5 Bytes JMP 65F5EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!recv 75CA343A 5 Bytes JMP 65F5F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!socket 75CA36D1 5 Bytes JMP 65F5E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!connect 75CA40D9 5 Bytes JMP 65F5E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!getaddrinfo 75CA418A 5 Bytes JMP 65F5E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!send 75CA659B 5 Bytes JMP 65F5E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!CreateWindowExW 771E1305 5 Bytes JMP 6AEBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!DialogBoxParamW 772010B0 5 Bytes JMP 6ADE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!DialogBoxIndirectParamW 77202EF5 5 Bytes JMP 6AFB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!DialogBoxParamA 77218152 5 Bytes JMP 6AFB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!DialogBoxIndirectParamA 7721847D 5 Bytes JMP 6AFB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!MessageBoxIndirectA 7722D4D9 5 Bytes JMP 6AFB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!MessageBoxIndirectW 7722D5D3 5 Bytes JMP 6AFB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!MessageBoxExA 7722D639 5 Bytes JMP 6AFB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!MessageBoxExW 7722D65D 5 Bytes JMP 6AFB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
MBAM Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
5/10/2010 1:33:35 AM
mbam-log-2010-05-10 (01-33-35).txt
Scan type: Quick scan
Objects scanned: 128632
Time elapsed: 5 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)