Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware Loop Running Rootkit [Solved]

Started by zumata , Oct 06 2009 05:15 AM

This topic is locked

#1
zumata

Posted 06 October 2009 - 05:15 AM

Member

Member
23 posts

Just joined
Went through cleaning guide
Ran Rootkit on Vista Home Premium.

System is stuck in a continuous loop of the following:

Troubleshoot Power Cinema
Windows Explorer has stopped working and is restarting

Rebooting system takes me back to the same cycle. Any help would be appreciated.
Thanks.

#2
emeraldnzl

Posted 09 October 2009 - 02:56 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello zumata,

Welcome to Geekstogo.

Bit unsure where we are with your computer.

Are you saying that using the tools in our Self Help section have put your computer into a continuous loop or are you saying it was doing that after some sort of infection?

Also, if you did manage to run RootRepeal (and any others for that matter) are you able to post logs from them here so that I can have a look at them?

#3
zumata

Posted 09 October 2009 - 03:29 PM

Member

Topic Starter
Member
23 posts

Hi Emeraldnzl
Thx for getting back to me.
To begin with, I had no real problems with machine other than general slowness.
I went through the Malware and Spyware Cleaning Guide. I ran RootRepeal as part of the sequence, altho I see now that maybe I should have only run it if I had a problem.
System did not complete root repeal. Went into continuous loop of Windows Explorer restarts.
I tried restarting in safe mode. Same thing.
I can start performing functions so keyboard and mouse recognized, but continuous loop interrupts whatever I try to do.
Can use computer under a different user id, but not mine.
I am using another computer to send you this message.
Thx again
Zumata

#4
emeraldnzl

Posted 09 October 2009 - 03:36 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again zumata,

See if you can do these things:

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

So when you return please post
MBAM log
the two OTL logs - OTL.txt and Extras.txt

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.

#5
zumata

Posted 09 October 2009 - 05:14 PM

Member

Topic Starter
Member
23 posts

MALWAREBYTES DID NOT SAVE LOG - RAN IT AGAIN - THIS IS ALL THERE IS

Malwarebytes' Anti-Malware 1.41
Database version: 2932
Windows 6.0.6002 Service Pack 2

10/9/2009 7:07:37 PM
mbam-log-2009-10-09 (19-07-37).txt

Scan type: Quick Scan
Objects scanned: 87843
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL

OTL logfile created on: 10/9/2009 6:15:02 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Users\Jean\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 26.62% Memory free
4.00 Gb Paging File | 2.69 Gb Available in Paging File | 67.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.86 Gb Total Space | 80.80 Gb Free Space | 57.36% Space Free | Partition Type: NTFS
Drive D: | 8.19 Gb Total Space | 1.35 Gb Free Space | 16.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 976.13 Mb Total Space | 742.48 Mb Free Space | 76.06% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NORM-PC
Current User Name: norm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Windows\System32\cypherixsrv.exe (Cypherix Software (India) Pvt. Ltd.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Users\Jean\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AddFiltr [On_Demand | Stopped]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CLCapSvc [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLSched [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (cypherixservice [Auto | Running]) -- C:\Windows\System32\cypherixsrv.exe (Cypherix Software (India) Pvt. Ltd.)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (gupdate [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (HP Health Check Service [Auto | Running]) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IntuitUpdateService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Maxtor Sync Service [Auto | Running]) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
SRV - (XobniService [Auto | Running]) -- C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (btwaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt [On_Demand | Running]) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (CnxtHdAudService [On_Demand | Running]) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (cyphxdrv [Auto | Running]) -- C:\Windows\System32\Drivers\cyphxdrv.sys (Cypherix Software (India) Pvt. Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eabfiltr [System | Running]) -- C:\Windows\System32\DRIVERS\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (Flash1 [On_Demand | Stopped]) -- C:\SwSetup\SP38062\winphlash\Flash1.sys ()
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HBtnKey [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (mfeavfk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Running]) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\Windows\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MXOPSWD [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvm60x32.sys (NVIDIA Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvsmu [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SNP2UVC [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\snp2uvc.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (winusb [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\WinUSB.SYS (Microsoft Corporation)
DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.slate.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:47 | 00,000,000 | ---D | M]

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ServiceControl] File not found
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/26 11:56:44 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{1497f26a-bbf3-11dd-955e-001a6baeeb57}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/12 09:06:21 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/05 11:37:10 | 00,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Roxio
[2009/10/04 21:16:23 | 00,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Uniblue
[2 C:\Users\norm\Desktop\*.tmp files]
[2009/10/05 17:16:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/15 01:32:14 | 00,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2009/09/12 09:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\iPhone Configuration Utility
[2009/09/12 09:06:57 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/12 09:06:20 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/12 08:59:36 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/04 21:03:10 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualF
[2009/10/05 17:17:24 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/05 16:46:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/10/05 16:46:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/10/05 16:46:10 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/10/05 16:04:53 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/10/03 07:18:26 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/09/19 00:35:42 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/09/19 00:35:36 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/09/19 00:35:36 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/09/19 00:35:32 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/09/19 00:35:32 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/09/19 00:35:30 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/09/19 00:35:26 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/09/19 00:35:24 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/09/19 00:35:23 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/09/19 00:35:20 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/09/19 00:35:20 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/09/19 00:35:19 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/09/19 00:35:18 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/09/19 00:35:18 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/09/19 00:35:16 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/09/19 00:35:15 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/09/19 00:35:14 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys
[2009/09/19 00:35:13 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2009/09/19 00:35:13 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/09/19 00:35:13 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2009/09/19 00:35:12 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/09/19 00:35:10 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/09/19 00:35:08 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/09/19 00:35:08 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/09/19 00:35:06 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/09/19 00:35:06 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/09/19 00:35:06 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/09/19 00:35:03 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/09/19 00:35:03 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/09/19 00:35:03 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/09/19 00:35:02 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/09/19 00:35:00 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/09/19 00:35:00 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll
[2009/09/19 00:35:00 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/09/19 00:34:59 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/09/19 00:34:58 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2009/09/19 00:34:58 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/09/19 00:34:57 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/09/19 00:34:57 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/09/19 00:34:55 | 03,601,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/09/19 00:34:55 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/09/19 00:34:54 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/09/19 00:34:54 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/09/19 00:34:54 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/09/19 00:34:52 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/09/19 00:34:52 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/09/19 00:34:52 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/09/19 00:34:51 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/09/19 00:34:51 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/09/19 00:34:50 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/09/19 00:34:50 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/09/19 00:34:50 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/09/19 00:34:50 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys
[2009/09/19 00:34:48 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/09/19 00:34:46 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/09/19 00:34:45 | 03,549,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/09/19 00:34:45 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/09/19 00:34:44 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/09/19 00:34:43 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/09/19 00:34:43 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/09/19 00:34:43 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/09/19 00:34:42 | 01,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2009/09/19 00:34:42 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/09/19 00:34:41 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/09/19 00:34:41 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2009/09/19 00:34:40 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/09/19 00:34:40 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/09/19 00:34:39 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/09/19 00:34:39 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/09/19 00:34:38 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/09/19 00:34:38 | 00,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2009/09/19 00:34:38 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/09/19 00:34:38 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/09/19 00:34:37 | 02,092,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe
[2009/09/19 00:34:37 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/09/19 00:34:36 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/09/19 00:34:36 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/09/19 00:34:35 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/09/19 00:34:33 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/09/19 00:34:32 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/09/19 00:34:32 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/09/19 00:34:32 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/09/19 00:34:32 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/09/19 00:34:31 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/09/19 00:34:31 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/09/19 00:34:31 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/09/19 00:34:30 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/09/19 00:34:30 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/09/19 00:34:28 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/09/19 00:34:28 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/09/19 00:34:28 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/09/19 00:34:28 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2009/09/19 00:34:28 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/09/19 00:34:28 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/09/19 00:34:26 | 03,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2009/09/19 00:34:26 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/09/19 00:34:25 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/09/19 00:34:25 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2009/09/19 00:34:24 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/09/19 00:34:24 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/09/19 00:34:24 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/09/19 00:34:24 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/09/19 00:34:21 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/09/19 00:34:21 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/09/19 00:34:21 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/09/19 00:34:21 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/09/19 00:34:20 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2009/09/19 00:34:20 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/09/19 00:34:20 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/09/19 00:34:20 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/09/19 00:34:19 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/09/19 00:34:18 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/09/19 00:34:17 | 01,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2009/09/19 00:34:16 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/09/19 00:34:16 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/09/19 00:34:15 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/09/19 00:34:15 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/09/19 00:34:15 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/09/19 00:34:14 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/09/19 00:34:14 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/09/19 00:34:14 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/09/19 00:34:13 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/09/19 00:34:13 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/09/19 00:34:13 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/09/19 00:34:12 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/09/19 00:34:12 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/09/19 00:34:11 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/09/19 00:34:11 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/09/19 00:34:10 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/09/19 00:34:10 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/09/19 00:34:09 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/09/19 00:34:09 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/09/19 00:34:09 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/09/19 00:34:09 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/09/19 00:34:08 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
[2009/09/19 00:34:08 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/09/19 00:34:07 | 00,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/09/19 00:34:07 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/09/19 00:34:07 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/09/19 00:34:07 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/09/19 00:34:05 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/09/19 00:34:04 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/09/19 00:34:04 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/09/19 00:34:04 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/09/19 00:34:03 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/09/19 00:34:03 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/09/19 00:34:03 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2009/09/19 00:34:02 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/09/19 00:34:02 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/09/19 00:34:01 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/09/19 00:34:01 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/09/19 00:34:00 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/09/19 00:34:00 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/09/19 00:34:00 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/09/19 00:34:00 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/09/19 00:33:59 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/09/19 00:33:58 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/09/19 00:33:58 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/09/19 00:33:58 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/09/19 00:33:58 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/09/19 00:33:57 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/09/19 00:33:57 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/09/19 00:33:57 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/09/19 00:33:56 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009/09/19 00:33:56 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/09/19 00:33:55 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/09/19 00:33:55 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/09/19 00:33:55 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/09/19 00:33:54 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/09/19 00:33:54 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/09/19 00:33:53 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/09/19 00:33:53 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/09/19 00:33:52 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/09/19 00:33:52 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/09/19 00:33:51 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/09/19 00:33:51 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/09/19 00:33:50 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/09/19 00:33:50 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/09/19 00:33:48 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/09/19 00:33:48 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/09/19 00:33:48 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/09/19 00:33:46 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/09/19 00:33:46 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/09/19 00:33:46 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009/09/19 00:33:45 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/09/19 00:33:44 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/09/19 00:33:43 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/09/19 00:33:43 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/09/19 00:33:43 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/09/19 00:33:43 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/09/19 00:33:43 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/09/19 00:33:43 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/09/19 00:33:43 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/09/19 00:33:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/09/19 00:33:42 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/09/19 00:33:41 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2009/09/19 00:33:41 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/09/19 00:33:41 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/09/19 00:33:40 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/09/19 00:33:40 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/09/19 00:33:40 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/09/19 00:33:40 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/09/19 00:33:39 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/09/19 00:33:39 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/09/19 00:33:39 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/09/19 00:33:39 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/09/19 00:33:39 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/09/19 00:33:39 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/09/19 00:33:38 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/09/19 00:33:38 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/09/19 00:33:37 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/09/19 00:33:37 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll
[2009/09/19 00:33:37 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/09/19 00:33:37 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/09/19 00:33:37 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/09/19 00:33:36 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/09/19 00:33:36 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/09/19 00:33:35 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/09/19 00:33:35 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/09/19 00:33:35 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/09/19 00:33:35 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/09/19 00:33:35 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/09/19 00:33:35 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/09/19 00:33:34 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/09/19 00:33:34 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/09/19 00:33:34 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/09/19 00:33:34 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/09/19 00:33:34 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/09/19 00:33:33 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/09/19 00:33:33 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/09/19 00:33:33 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/09/19 00:33:33 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/09/19 00:33:32 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/09/19 00:33:32 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/09/19 00:33:32 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/09/19 00:33:32 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/09/19 00:33:32 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/09/19 00:33:31 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/09/19 00:33:30 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/09/19 00:33:30 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/09/19 00:33:30 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/09/19 00:33:30 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/09/19 00:33:29 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/09/19 00:33:29 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/09/19 00:33:28 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/09/19 00:33:28 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/09/19 00:33:28 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/09/19 00:33:27 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/09/19 00:33:27 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/09/19 00:33:27 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/09/19 00:33:27 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2009/09/19 00:33:26 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/09/19 00:33:26 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/09/19 00:33:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/09/19 00:33:25 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009/09/19 00:33:25 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/09/19 00:33:25 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/09/19 00:33:24 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/09/19 00:33:24 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/09/19 00:33:23 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/09/19 00:33:23 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/09/19 00:33:23 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/09/19 00:33:23 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/09/19 00:33:23 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/09/19 00:33:22 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/09/19 00:33:22 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/09/19 00:33:22 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/09/19 00:33:22 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/09/19 00:33:21 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/09/19 00:33:21 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009/09/19 00:33:21 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/09/19 00:33:20 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/09/19 00:33:20 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/09/19 00:33:20 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/09/19 00:33:20 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/09/19 00:33:19 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/09/19 00:33:19 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/09/19 00:33:19 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/09/19 00:33:18 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/09/19 00:33:18 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/09/19 00:33:18 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/09/19 00:33:18 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/09/19 00:33:17 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/09/19 00:33:17 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/09/19 00:33:17 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/09/19 00:33:17 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/09/19 00:33:17 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/09/19 00:33:16 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/09/19 00:33:16 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/09/19 00:33:16 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/09/19 00:33:15 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2009/09/19 00:33:15 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/09/19 00:33:15 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/09/19 00:33:14 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/09/19 00:33:13 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/09/19 00:33:13 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/09/19 00:33:13 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/09/19 00:33:12 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/09/19 00:33:12 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/09/19 00:33:12 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/09/19 00:33:12 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/09/19 00:33:12 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/09/19 00:33:11 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/09/19 00:33:11 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/09/19 00:33:11 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/09/19 00:33:11 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/09/19 00:33:11 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
[2009/09/19 00:33:11 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/09/19 00:33:10 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/09/19 00:33:10 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/09/19 00:33:10 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/09/19 00:33:10 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/09/19 00:33:10 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/09/19 00:33:10 | 00,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/09/19 00:33:09 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009/09/19 00:33:09 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/09/19 00:33:08 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/09/19 00:33:08 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/09/19 00:33:08 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/09/19 00:33:08 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/09/19 00:33:07 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/09/19 00:33:07 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/09/19 00:33:07 | 00,141,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2009/09/19 00:33:07 | 00,014,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009/09/19 00:33:06 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/09/19 00:33:05 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/09/19 00:33:05 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/09/19 00:33:05 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/09/19 00:33:05 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/09/19 00:33:04 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/09/19 00:33:04 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/09/19 00:33:04 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/09/19 00:33:04 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/09/19 00:33:04 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/09/19 00:33:03 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/09/19 00:33:01 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/09/19 00:33:01 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/09/19 00:33:01 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/09/19 00:33:01 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/09/19 00:33:01 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/09/19 00:33:01 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/09/19 00:33:00 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/09/19 00:33:00 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/09/19 00:33:00 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/09/19 00:32:59 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/09/19 00:32:59 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/09/19 00:32:59 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/09/19 00:32:58 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/09/19 00:32:58 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys
[2009/09/19 00:32:57 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/09/19 00:32:57 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/09/19 00:32:57 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/09/19 00:32:57 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/09/19 00:32:57 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/09/19 00:32:56 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/09/19 00:32:56 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/09/19 00:32:56 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/09/19 00:32:56 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/09/19 00:32:56 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/09/19 00:32:55 | 00,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/09/19 00:32:55 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/09/19 00:32:55 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/09/19 00:32:55 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/09/19 00:32:55 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/09/19 00:32:55 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/09/19 00:32:55 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/09/19 00:32:54 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/09/19 00:32:54 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/09/19 00:32:54 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/09/19 00:32:54 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/09/19 00:32:53 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/09/19 00:32:53 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/09/19 00:32:53 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/09/19 00:32:52 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/09/19 00:32:52 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/09/19 00:32:52 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/09/19 00:32:51 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/09/19 00:32:51 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2009/09/19 00:32:51 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/09/19 00:32:51 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/09/19 00:32:50 | 01,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2009/09/19 00:32:50 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/09/19 00:32:50 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/09/19 00:32:50 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/09/19 00:32:49 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/09/19 00:32:49 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/09/19 00:32:49 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/09/19 00:32:49 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/09/19 00:32:49 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll
[2009/09/19 00:32:48 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/09/19 00:32:48 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/09/19 00:32:48 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/09/19 00:32:48 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/09/19 00:32:47 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/09/19 00:32:47 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/09/19 00:32:46 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/09/19 00:32:46 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/09/19 00:32:46 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/09/19 00:32:46 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/09/19 00:32:45 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2009/09/19 00:32:45 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/09/19 00:32:44 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/09/19 00:32:43 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/09/19 00:32:43 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/09/19 00:32:43 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/09/19 00:32:42 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/09/19 00:32:42 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/09/19 00:32:42 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/09/19 00:32:40 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/09/19 00:32:40 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009/09/19 00:32:40 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/09/19 00:32:40 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/09/19 00:32:39 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/09/19 00:32:39 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/09/19 00:32:39 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/09/19 00:32:39 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/09/19 00:32:38 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/09/19 00:32:38 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/09/19 00:32:38 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/09/19 00:32:38 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/09/19 00:32:37 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/09/19 00:32:37 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/09/19 00:32:37 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/09/19 00:32:37 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/09/19 00:32:37 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/09/19 00:32:37 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/09/19 00:32:36 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2009/09/19 00:32:36 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/09/19 00:32:35 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/09/19 00:32:35 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/09/19 00:32:35 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/09/19 00:32:34 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/09/19 00:32:34 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/09/19 00:32:34 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/09/19 00:32:34 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/09/19 00:32:33 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/09/19 00:32:33 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/09/19 00:32:33 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys
[2009/09/19 00:32:33 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/09/19 00:32:32 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/09/19 00:32:32 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/09/19 00:32:32 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/09/19 00:32:32 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/09/19 00:32:31 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/09/19 00:32:31 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/09/19 00:32:31 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/09/19 00:32:30 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/09/19 00:32:30 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/09/19 00:32:30 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS
[2009/09/19 00:32:29 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2009/09/19 00:32:29 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/09/19 00:32:29 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/09/19 00:32:29 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/09/19 00:32:28 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/09/19 00:32:28 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/09/19 00:32:28 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/09/19 00:32:28 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/09/19 00:32:28 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/09/19 00:32:28 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/09/19 00:32:28 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/09/19 00:32:27 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/09/19 00:32:27 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/09/19 00:32:27 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/09/19 00:32:27 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/09/19 00:32:27 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/09/19 00:32:27 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2009/09/19 00:32:26 | 01,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/09/19 00:32:26 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/09/19 00:32:26 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/09/19 00:32:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/09/19 00:32:25 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2009/09/19 00:32:25 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/09/19 00:32:25 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/09/19 00:32:25 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/09/19 00:32:25 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/09/19 00:32:25 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/09/19 00:32:24 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/09/19 00:32:24 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/09/19 00:32:24 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/09/19 00:32:24 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/09/19 00:32:23 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/09/19 00:32:23 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/09/19 00:32:23 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/09/19 00:32:23 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/09/19 00:32:22 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/09/19 00:32:22 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/09/19 00:32:22 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/09/19 00:32:22 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/09/19 00:32:22 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/09/19 00:32:22 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/09/19 00:32:21 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/09/19 00:32:21 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/09/19 00:32:21 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/09/19 00:32:21 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/09/19 00:32:21 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/09/19 00:32:20 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/09/19 00:32:19 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/09/19 00:32:19 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2009/09/19 00:32:19 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/09/19 00:32:19 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/09/19 00:32:19 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/09/19 00:32:18 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll
[2009/09/19 00:32:18 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/09/19 00:32:18 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/09/19 00:32:17 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/09/19 00:32:17 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/09/19 00:32:17 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/09/19 00:32:17 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/09/19 00:32:17 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/09/19 00:32:16 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/09/19 00:32:16 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/09/19 00:32:16 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/09/19 00:32:15 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2009/09/19 00:32:15 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/09/19 00:32:15 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/09/19 00:32:14 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/09/19 00:32:14 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/09/19 00:32:14 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/09/19 00:32:14 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/09/19 00:32:13 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/09/19 00:32:13 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/09/19 00:32:12 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/09/19 00:32:12 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/09/19 00:32:12 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/09/19 00:32:12 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/09/19 00:32:12 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/09/19 00:32:11 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/09/19 00:32:11 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/09/19 00:32:11 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009/09/19 00:32:10 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/09/19 00:32:10 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/09/19 00:32:10 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/09/19 00:32:09 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/09/19 00:32:09 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/09/19 00:32:09 | 00,062,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ohci1394.sys
[2009/09/19 00:32:08 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/09/19 00:32:08 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll
[2009/09/19 00:32:08 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/09/19 00:32:08 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/09/19 00:32:08 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/09/19 00:32:07 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/09/19 00:32:07 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/09/19 00:32:07 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2009/09/19 00:32:06 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/09/19 00:32:05 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/09/19 00:32:05 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/09/19 00:32:05 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/09/19 00:32:05 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/09/19 00:32:04 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/09/19 00:32:03 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/09/19 00:32:03 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/09/19 00:32:03 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009/09/19 00:32:03 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/09/19 00:32:02 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/09/19 00:32:02 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009/09/19 00:32:02 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/09/19 00:32:02 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2009/09/19 00:32:01 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/09/19 00:32:01 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/09/19 00:32:01 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/09/19 00:32:00 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/09/19 00:32:00 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/09/19 00:32:00 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/09/19 00:32:00 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/09/19 00:32:00 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/09/19 00:32:00 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/09/19 00:31:59 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/09/19 00:31:58 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/09/19 00:31:57 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/09/19 00:31:57 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2009/09/19 00:31:57 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/09/19 00:31:56 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/09/19 00:31:56 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/09/19 00:31:56 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/09/19 00:31:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/09/19 00:31:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/09/19 00:31:56 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/09/19 00:31:56 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/09/19 00:31:55 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/09/19 00:31:55 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/09/19 00:31:55 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/09/19 00:31:55 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/09/19 00:31:54 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/09/19 00:31:53 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/09/19 00:31:53 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/09/19 00:31:53 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/09/19 00:31:53 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/09/19 00:31:52 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2009/09/19 00:31:52 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/09/19 00:31:52 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/09/19 00:31:52 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/09/19 00:31:52 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/09/19 00:31:51 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/09/19 00:31:51 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/09/19 00:31:51 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/09/19 00:31:51 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/09/19 00:31:50 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/09/19 00:31:50 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/09/19 00:31:50 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/09/19 00:31:50 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/09/19 00:31:49 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/09/19 00:31:49 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/09/19 00:31:49 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/09/19 00:31:49 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/09/19 00:31:49 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/09/19 00:31:48 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/09/19 00:31:48 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/09/19 00:31:47 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/09/19 00:31:47 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/09/19 00:31:47 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/09/19 00:31:47 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/09/19 00:31:46 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/09/19 00:31:45 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/09/19 00:31:44 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/09/19 00:31:44 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/09/19 00:31:43 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/09/19 00:31:43 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/09/19 00:31:42 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys
[2009/09/19 00:31:42 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/09/19 00:31:41 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/09/19 00:31:40 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/09/19 00:31:40 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/09/19 00:31:40 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/09/19 00:31:40 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/09/19 00:31:40 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2009/09/19 00:31:40 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/09/19 00:31:39 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/09/19 00:31:36 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/09/19 00:31:35 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/09/19 00:31:34 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/09/19 00:31:33 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/09/19 00:31:32 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/09/19 00:31:31 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/09/19 00:31:31 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/09/19 00:31:30 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/09/19 00:30:46 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/09/19 00:30:37 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/09/19 00:30:37 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/09/19 00:30:10 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/09/12 21:52:36 | 00,000,000 | ---D | C] -- C:\Users\norm\Desktop\New Cases
[2009/09/12 09:09:26 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/09/12 09:09:25 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2007/07/04 21:28:52 | 00,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2 C:\Users\norm\Desktop\*.tmp files]
[2009/10/09 18:06:01 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/09 18:05:02 | 00,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/09 17:54:08 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/09 17:48:36 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/09 17:48:36 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/09 17:48:36 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/09 17:42:29 | 00,014,817 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/10/09 17:41:37 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/09 17:41:37 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/09 17:41:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/09 17:41:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/09 07:05:30 | 00,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/10/09 07:02:42 | 00,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B6014A4D-258B-4E21-B182-B71BE04F750D}.job
[2009/10/09 07:01:14 | 00,012,978 | ---- | M] () -- C:\Users\norm\AppData\Roaming\nvModes.001
[2009/10/09 06:58:17 | 00,385,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/06 19:08:13 | 00,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009/10/06 00:39:45 | 00,000,015 | ---- | M] () -- C:\Users\norm\Desktop\settings.dat
[2009/10/06 00:32:29 | 00,012,978 | ---- | M] () -- C:\Users\norm\AppData\Roaming\nvModes.dat
[2009/10/05 17:35:31 | 02,941,591 | -H-- | M] () -- C:\Users\norm\AppData\Local\IconCache.db
[2009/10/05 17:16:17 | 00,000,733 | ---- | M] () -- C:\Users\norm\Desktop\NTREGOPT.lnk
[2009/10/05 17:16:17 | 00,000,714 | ---- | M] () -- C:\Users\norm\Desktop\ERUNT.lnk
[2009/10/05 11:35:57 | 00,185,344 | ---- | M] () -- C:\Users\norm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/05 10:06:27 | 00,021,929 | ---- | M] () -- C:\Users\norm\Documents\Pollak o.docx
[2009/10/04 21:25:14 | 00,001,670 | ---- | M] () -- C:\Users\norm\Desktop\CCleaner.lnk
[2009/10/03 09:46:59 | 00,000,964 | ---- | M] () -- C:\Users\norm\Desktop\UnInstall Lexis thru Jenkins.lnk
[2009/10/03 09:46:59 | 00,000,959 | ---- | M] () -- C:\Users\norm\Desktop\Lexis thru Jenkins.lnk
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/09/29 14:15:52 | 00,023,213 | ---- | M] () -- C:\Users\norm\Documents\Angell o.docx
[2009/09/29 13:15:45 | 00,012,563 | ---- | M] () -- C:\Users\norm\Documents\mailing addresses donaher.docx
[2009/09/16 19:05:07 | 00,015,592 | ---- | M] () -- C:\Users\norm\Documents\angell.docx
[2009/09/15 01:55:45 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/09/12 19:52:11 | 00,175,959 | ---- | M] () -- C:\Users\norm\Documents\wuliger 2006.rtf
[2009/09/12 09:09:34 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files - No Company Name ==========
[2009/10/09 17:54:08 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/06 00:37:55 | 00,000,015 | ---- | C] () -- C:\Users\norm\Desktop\settings.dat
[2009/10/05 17:16:17 | 00,000,733 | ---- | C] () -- C:\Users\norm\Desktop\NTREGOPT.lnk
[2009/10/05 17:16:17 | 00,000,714 | ---- | C] () -- C:\Users\norm\Desktop\ERUNT.lnk
[2009/10/02 12:21:36 | 00,021,929 | ---- | C] () -- C:\Users\norm\Documents\Pollak o.docx
[2009/09/26 17:53:49 | 00,023,213 | ---- | C] () -- C:\Users\norm\Documents\Angell o.docx
[2009/09/21 18:05:25 | 00,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009/09/21 18:01:05 | 00,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/21 18:00:58 | 00,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/19 00:34:36 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/09/19 00:34:31 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/09/19 00:34:13 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/09/19 00:34:09 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/19 00:34:09 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/19 00:34:05 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/09/19 00:34:04 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/09/19 00:33:54 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/09/19 00:33:24 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/09/19 00:33:18 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/09/19 00:31:39 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/09/19 00:31:22 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/09/15 22:05:38 | 00,015,592 | ---- | C] () -- C:\Users\norm\Documents\angell.docx
[2009/09/12 19:52:10 | 00,175,959 | ---- | C] () -- C:\Users\norm\Documents\wuliger 2006.rtf
[2009/09/12 09:09:34 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/09 17:16:42 | 03,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/06/02 17:35:36 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/02/11 17:45:02 | 00,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/07/24 16:26:20 | 00,002,168 | ---- | C] () -- C:\Users\norm\AppData\Roaming\xobni_install.log
[2008/06/17 11:52:18 | 00,000,680 | ---- | C] () -- C:\Users\norm\AppData\Local\d3d9caps.dat
[2008/05/27 19:16:44 | 00,061,440 | ---- | C] () -- C:\Windows\System32\NormalizeDSP.dll
[2008/04/30 05:06:16 | 02,941,591 | -H-- | C] () -- C:\Users\norm\AppData\Local\IconCache.db
[2007/12/12 22:28:21 | 00,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2007/11/08 20:20:06 | 00,008,485 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/18 23:17:12 | 00,004,096 | -H-- | C] () -- C:\Users\norm\AppData\Local\keyfile3.drm
[2007/09/28 10:49:38 | 00,185,344 | ---- | C] () -- C:\Users\norm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/05 18:00:29 | 00,012,978 | ---- | C] () -- C:\Users\norm\AppData\Roaming\nvModes.001
[2007/09/05 18:00:18 | 00,012,978 | ---- | C] () -- C:\Users\norm\AppData\Roaming\nvModes.dat
[2007/09/05 08:07:31 | 00,000,000 | ---- | C] () -- C:\Users\norm\AppData\Local\QSwitch.txt
[2007/09/05 08:07:31 | 00,000,000 | ---- | C] () -- C:\Users\norm\AppData\Local\DSwitch.txt
[2007/09/05 08:07:31 | 00,000,000 | ---- | C] () -- C:\Users\norm\AppData\Local\AtStart.txt
[2007/09/05 08:06:55 | 00,105,048 | ---- | C] () -- C:\Users\norm\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/06/26 11:45:17 | 00,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/06/26 09:35:24 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/03/29 13:42:38 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/02/27 16:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/06 00:30:38 | 00,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2006/11/02 08:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/21 13:59:59 | 00,262,144 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2006/09/24 21:53:56 | 00,268,242 | ---- | C] () -- C:\Windows\System32\erdmpg-parse.dll
[2006/09/24 21:53:44 | 02,518,779 | ---- | C] () -- C:\Windows\System32\erdmpg-enc.dll
[2006/09/24 21:52:06 | 00,030,693 | ---- | C] () -- C:\Windows\System32\erdmpg-int.dll
[2006/05/19 15:39:58 | 00,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 20:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/10/14 23:10:24 | 00,065,536 | ---- | C] () -- C:\Windows\System32\comLyricGetter.dll
[2004/02/01 15:21:56 | 00,097,280 | ---- | C] () -- C:\Windows\System32\Uncommon.dll
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/05 11:37:10 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming
[2008/10/27 20:04:07 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\aAvgApi
[2007/10/06 14:20:36 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\CyberLink
[2008/03/31 18:23:11 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\eFax Messenger
[2007/10/26 20:38:44 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\GRETECH
[2008/04/15 15:49:46 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\Intuit
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\Media Center Programs
[2009/03/12 08:00:13 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\OpenOffice.org2
[2009/10/04 21:21:29 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\PDF reDirect
[2009/10/05 11:38:08 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\Roxio
[2008/04/22 03:05:04 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\Sudoku
[2008/02/13 11:19:46 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\U3
[2009/10/04 21:16:23 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\Uniblue
[2009/10/05 14:27:10 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\uTorrent
[2007/09/05 17:58:47 | 00,000,000 | ---D | M] -- C:\Users\norm\AppData\Roaming\WildTangent
[2009/10/09 18:05:02 | 00,000,878 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/09 18:06:01 | 00,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/09/15 01:55:45 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/07/26 01:28:49 | 00,000,330 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/10/09 17:41:29 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/09 07:05:31 | 00,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/09 07:02:42 | 00,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B6014A4D-258B-4E21-B182-B71BE04F750D}.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 10/9/2009 6:15:02 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Users\Jean\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 26.62% Memory free
4.00 Gb Paging File | 2.69 Gb Available in Paging File | 67.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.86 Gb Total Space | 80.80 Gb Free Space | 57.36% Space Free | Partition Type: NTFS
Drive D: | 8.19 Gb Total Space | 1.35 Gb Free Space | 16.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 976.13 Mb Total Space | 742.48 Mb Free Space | 76.06% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NORM-PC
Current User Name: norm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{291A3DD8-10C9-4B0C-B21A-7DB6A689F0CC}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{32ECE551-9789-44DA-A443-B40BD207A23F}" = lport=138 | protocol=17 | dir=in | app=system |
"{3BDFE081-983A-4214-A6E0-888144D5B0F3}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{42550B7E-4D84-429C-BBB3-DB7A6D9F6DEB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4430F8BB-1836-4764-9E68-A53934574D10}" = rport=139 | protocol=6 | dir=out | app=system |
"{6C5D0AD7-B9DF-444E-87CE-E4E91B845EE6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A2BE9F89-3620-4055-83A9-30F67A1E5F61}" = lport=137 | protocol=17 | dir=in | app=system |
"{C315D65D-D84B-4193-A58B-59B5E811866E}" = lport=139 | protocol=6 | dir=in | app=system |
"{CB136DBD-9C44-4A4C-BCB9-1EF3CC551496}" = rport=138 | protocol=17 | dir=out | app=system |
"{D627A2A2-5166-4277-9E43-53B31F4591E3}" = rport=445 | protocol=6 | dir=out | app=system |
"{F12CFBA4-A224-47D4-874B-49DCD06AE484}" = rport=137 | protocol=17 | dir=out | app=system |
"{F2AE6323-D29B-4219-B126-51CF47D66AD1}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03591FAF-A8AF-4A42-BECC-84F8CC5F7A3E}" = protocol=1 | dir=in | [email protected],-28543 |
"{12AA434E-2542-4320-A8C1-8EAC25A60242}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{179B33F0-9F83-47AB-86DD-096E3CE9ADA4}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{2398A473-7F37-48D2-A67E-9CDBAC84816D}" = protocol=58 | dir=in | [email protected],-28545 |
"{246B9278-0D80-452A-BDC1-0F4E9C33B8AC}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\updatemgr.exe |
"{2D66DF4D-7960-4F52-9642-8D37618AF7EF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{305853EC-6056-4A7A-8224-3A22A5AF33E9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{32D479C1-B24B-460B-9AF4-99F351620F30}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{341610B8-62F9-4EE1-AF57-EE6F159E0DAC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{37D81FF8-4A32-42E6-A016-81F1ECDFB167}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\updatemgr.exe |
"{403E3D49-F7F0-409B-97A9-EF8798B30D46}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{4223E971-1F2A-4A0C-86F7-28B63EA3D5B8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{46DAA085-0819-4E49-A367-01A127026350}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{49FFF804-E299-4EE4-8C42-395450B891BD}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{4CB52879-E6AD-46EE-BF7D-6DC6AFA246FB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{530D8390-4C05-4EDE-942A-C82AEAB300E5}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\updatemgr.exe |
"{5B45A686-8EF0-4AFA-98FC-E45E28D67C5F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5DCF8EB7-4680-4C9F-8CA6-32533678E59D}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\ttax.exe |
"{5F7ED48E-08F6-4FE5-A901-0FB914EE30E7}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\ttax.exe |
"{6240A3ED-BE33-4317-BE0F-E30597CBA8A2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{69230CBC-C151-42D6-BB51-159C294E3F9A}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\ttax.exe |
"{6A64B439-31B4-4965-95BC-4F9960F460BC}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{7090B610-F641-4F78-9198-6EE042591B20}" = protocol=58 | dir=out | [email protected],-28546 |
"{78FECB4A-0AE7-42C8-ABDD-73D4429DC4A4}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{80A43F80-83C1-4EF2-9394-F67A8FE4A128}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\ttax.exe |
"{9559D611-38C0-4A81-9F2E-1DCF3F39806E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A3A20CE0-7336-42C0-84D0-9BF2B9EE01A2}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{A559DE06-25C3-4090-8696-E4D1862D4884}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{A8B53190-7907-47AA-8C43-14B3402B3E4D}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{A986F075-F016-47E7-8861-936F62490740}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AECDC053-0419-4B7E-A460-A9B90C5D6C73}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AF857652-D3F9-49D8-9CB0-198E3B2EA038}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B24B18A3-36C0-404E-97DE-EF3DD10675B4}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{B87B5263-711F-4B5D-8A66-10EF4D8F126A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D457B5C1-6649-4F6D-AE50-7ADF21C89F40}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\updatemgr.exe |
"{E386E558-0554-442F-97BB-1C3C768BD7E8}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F0BC1E06-4E6A-4D72-A1DA-BF40942C1198}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F23D9C8F-5996-4E71-8D02-C6AB1267B706}" = protocol=1 | dir=out | [email protected],-28544 |
"{F74BFC7A-8AD4-4FC0-9635-97B2AD5D72A9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1076622A-395D-4E64-B401-56E644A7B6F3}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{365B0893-EB00-4671-A046-FCDD32C818CA}C:\users\norm\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\norm\desktop\utorrent.exe |
"TCP Query User{A5D32FDE-D87D-4E7B-B689-6EE8EB164757}C:\users\norm\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\norm\desktop\utorrent.exe |
"TCP Query User{C91FC30A-E53D-4CFF-8BD5-11B9CEE7F0E4}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{E1C41D6C-AF2D-4EBD-B865-61A26696653B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F81E09F7-A7E4-4869-8870-7CD9FA297886}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0F428288-77C5-4B71-9A02-5C8F047B28F0}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{7F183E89-823B-4D50-BA89-D563B0560F98}C:\users\norm\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\norm\desktop\utorrent.exe |
"UDP Query User{A0D76982-91A8-471F-9D3E-D709626E1E16}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{C4BA58B4-6A55-4583-AEBC-CD817DB08576}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CE052D58-50DD-4836-9B42-678BD5EE40BD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F2CF3949-44B9-44B7-A751-8D695BF2D0CD}C:\users\norm\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\norm\desktop\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25F6C900-C138-4888-A56C-91D3D063023A}" = HP Update
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{39523EA4-F914-4447-A551-2513766095F5}" = ESU for Microsoft Vista
"{3A05B900-A3E7-11DE-A9B7-005056806466}" = Google Earth
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset
"{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00006
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C838521-15F3-41E0-B240-62627E935BE3}" = HP User Guides 0083
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3
"{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}" = Canon MF4360-4390
"{BAE4D301-FE3F-4B41-813C-81165BD1FB30}" = VirtualFem
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and Free Tools
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"AccessPORT Map Manager" = AccessPORT Map Manager 1.6.7.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Blaze Media Pro" = Blaze Media Pro
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"cyple_is1" = Cypherix LE
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Free RAR Extract Frog" = Free RAR Extract Frog
"FreeVimager" = FreeVimager
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Outlook Attachment Sniffer_is1" = Outlook Attachment Sniffer 4.1.0.1
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax Basic 2004" = TurboTax Basic 2004
"TurboTax Basic 2005" = TurboTax Basic 2005
"TurboTax Business 2008" = TurboTax Business 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Premier Investments 2006" = TurboTax Premier Investments 2006
"Virtual Magnifying Glass_is1" = Virtual Magnifying Glass v3.3
"WildTangent hplaptop Master Uninstall" = My HP Games
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"XobniMain" = Xobni
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2009 7:02:53 AM | Computer Name = norm-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module CLDemuxer.ax, version 1.0.0.3113, time stamp 0x42d4ac62,
exception code 0xc0000005, fault offset 0x00014a3c, process id 0x11fc, application
start time 0x01ca48d00876741e.

Error - 10/9/2009 7:03:08 AM | Computer Name = norm-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module CLDemuxer.ax, version 1.0.0.3113, time stamp 0x42d4ac62,
exception code 0xc0000005, fault offset 0x00014a3c, process id 0x1308, application
start time 0x01ca48d01277bb9e.

Error - 10/9/2009 7:03:22 AM | Computer Name = norm-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module CLDemuxer.ax, version 1.0.0.3113, time stamp 0x42d4ac62,
exception code 0xc0000005, fault offset 0x00014a3c, process id 0x1370, application
start time 0x01ca48d019d75dfe.

Error - 10/9/2009 7:03:35 AM | Computer Name = norm-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module CLDemuxer.ax, version 1.0.0.3113, time stamp 0x42d4ac62,
exception code 0xc0000005, fault offset 0x00014a3c, process id 0x1508, application
start time 0x01ca48d021cf585e.

Error - 10/9/2009 7:03:52 AM | Computer Name = norm-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module CLDemuxer.ax, version 1.0.0.3113, time stamp 0x42d4ac62,
exception code 0xc0000005, fault offset 0x00014a3c, process id 0x17dc, application
start time 0x01ca48d029d59afe.

Error - 10/9/2009 7:04:05 AM | Computer Name = norm-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module CLDemuxer.ax, version 1.0.0.3113, time stamp 0x42d4ac62,
exception code 0xc0000005, fault offset 0x00014a3c, process id 0x1050, application
start time 0x01ca48d033a2843e.

Error - 10/9/2009 7:04:17 AM | Computer Name = norm-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module CLDemuxer.ax, version 1.0.0.3113, time stamp 0x42d4ac62,
exception code 0xc0000005, fault offset 0x00014a3c, process id 0xba4, application
start time 0x01ca48d03bad899e.

Error - 10/9/2009 7:04:30 AM | Computer Name = norm-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module CLDemuxer.ax, version 1.0.0.3113, time stamp 0x42d4ac62,
exception code 0xc0000005, fault offset 0x00014a3c, process id 0x1284, application
start time 0x01ca48d042dff1de.

Error - 10/9/2009 7:04:42 AM | Computer Name = norm-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module CLDemuxer.ax, version 1.0.0.3113, time stamp 0x42d4ac62,
exception code 0xc0000005, fault offset 0x00014a3c, process id 0x1468, application
start time 0x01ca48d04a4ddc7e.

Error - 10/9/2009 7:04:55 AM | Computer Name = norm-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module CLDemuxer.ax, version 1.0.0.3113, time stamp 0x42d4ac62,
exception code 0xc0000005, fault offset 0x00014a3c, process id 0x1570, application
start time 0x01ca48d051b4a2fe.

[ OSession Events ]
Error - 10/27/2007 10:51:17 AM | Computer Name = norm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 404464
seconds with 149880 seconds of active time. This session ended with a crash.

Error - 10/27/2007 12:15:17 PM | Computer Name = norm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2678
seconds with 2460 seconds of active time. This session ended with a crash.

Error - 11/4/2007 6:53:44 PM | Computer Name = norm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2685
seconds with 2640 seconds of active time. This session ended with a crash.

Error - 11/8/2007 8:23:58 PM | Computer Name = norm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13405
seconds with 5040 seconds of active time. This session ended with a crash.

Error - 11/13/2007 6:26:12 PM | Computer Name = norm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13811
seconds with 12420 seconds of active time. This session ended with a crash.

Error - 12/6/2007 11:10:52 PM | Computer Name = norm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 140
seconds with 120 seconds of active time. This session ended with a crash.

Error - 8/5/2008 4:58:33 AM | Computer Name = norm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1108
seconds with 900 seconds of active time. This session ended with a crash.

Error - 9/20/2008 11:04:00 AM | Computer Name = norm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 164
seconds with 120 seconds of active time. This session ended with a crash.

Error - 9/20/2008 11:30:31 AM | Computer Name = norm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1568
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/9/2009 3:55:54 AM | Computer Name = norm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12179
seconds with 2280 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/7/2009 2:08:52 PM | Computer Name = norm-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/7/2009 2:08:52 PM | Computer Name = norm-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/7/2009 2:11:40 PM | Computer Name = norm-PC | Source = DCOM | ID = 10005
Description =

Error - 10/9/2009 6:58:00 AM | Computer Name = norm-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:13:05 PM on 10/7/2009 was unexpected.

Error - 10/9/2009 6:59:25 AM | Computer Name = norm-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/9/2009 6:59:25 AM | Computer Name = norm-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 10/9/2009 7:00:26 AM | Computer Name = norm-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/9/2009 7:00:28 AM | Computer Name = norm-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/9/2009 7:05:13 AM | Computer Name = norm-PC | Source = DCOM | ID = 10010
Description =

Error - 10/9/2009 5:42:31 PM | Computer Name = norm-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

#6
emeraldnzl

Posted 09 October 2009 - 05:41 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello zumata,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#7
zumata

Posted 09 October 2009 - 07:01 PM

Member

Topic Starter
Member
23 posts

Hi Emeraldnzl

McAfee will not let me disable unless logged on as administrator. Administrator ID in the repetitive loop so cannot get to it.
Run anyway?

Zumata

#8
emeraldnzl

Posted 09 October 2009 - 07:17 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Yep

#9
zumata

Posted 09 October 2009 - 08:35 PM

Member

Topic Starter
Member
23 posts

Hi Emeraldnzl
New Problem
Lost Internet Explorer
Get Message:
"Illegal operation attempted on a registry key that has been marked for deletion"

Am writing you again from another machine.

HERE IS LOG - HAD TO PRINT AND SCAN - SO OCR MAY NOT BE PERFECT.

Zumata

I I
log
21:40.1.2 - NTFSx86 6.0.6002.2.1252.1.1033.18.1982.961 [GMT
ComboFix 09-10-08.04 - norm 10/09/2009 Microsoft® windows Vistam Home Premium -4:00]
Running from: c:\users\Jean\Downloads\comboFix.exe
SP: windows Defender *enabled* (updated) {D68DDC3A-831F-4FAE-9E44-DA132CLACF46} * Resident AV is active
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\$recycle.bin\S-1-5-21-124847036-3595962268-3106044827-500 c:\$recycle.bin\S-1-5-21-2042097643-1105500679-279569008-500 c:\windows\Installer\56b36.msi c:\windows\system32\skinboxer43.dll
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
2009-10-10 02:00 . 2009-10-10 02:00 c:\users\norm\AppData\Local\temp 2009-10-10 02:00 . 2009-10-10 02:00 c:\users\Default\AppData\Local\temp 2009-10-10 01:40 . 2009-10-10 01:40 c:\users\Jean\AppData\Local\Apple
2009-10-06 12:13 . 2009-10-06 12:13 --------
c:\users\Jean\AppData\Roaming\Malwarebytes
2009-10-05 21:16 . 2009-10-05 21:16 --------
files\ERuNT
2009-10-05 20:46 . 2009-10-05 20:48 c:\windows\system32\ca-ES
2009-10-05 20:46 . 2009-10-05 20:47 c:\windows\system32\eu-ES
2009-10-05 20:46 . 2009-10-05 20:47 c:\windows\system32\vi-VN
2009-10-05 20:04 . 2009-10-05 20:04 c:\windows\system32\EventProviders 2009-10-05 15:37 . 2009-10-05 15:38 c:\users\norm\AppData\Roaming\Roxio 2009-10-05 01:16 . 2009-10-05 01:16 c:\users\norm\AppData\Roaming\uniblue 2009-10-05 01:03 . 2009-10-05 01:03
files\virtualF
2009-10-03 11:18 . 2009-10-01 14:29 c:\windows\system32\MpsigStub.exe 2009-09-19 04:34 . 2009-03-30 04:42 c:\windows\system32\mscoree.dll 2009-09-19 04:33 . 2009-04-11 06:28 c:\windows\system32\mswstr10.dll 2009-09-19 04:32 . 2009-04-11 06:28 c:\windows\system32\offfilt.dll 2009-09-19 04:31 . 2009-04-11 06:27 c:\windows\system32\fc.exe
2009-09-19 04:30 . 2009-04-11 06:28 c:\windows\system32\wbem\wmiutils.dll 2009-09-19 04:30 . 2009-04-11 06:28 c:\windows\system32\wbem\wbemcore.dll 2009-09-19 04:30 . 2009-04-11 06:28 c:\windows\system32\wbem\wbemprox.dl1
d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-
c:\program
c:\program
195440
------w-
278848
----a-w-
618496
----a-w-
194560
----a-w-
19968
----a-w-
83968
----a-w-
744448
----a-w-
30208
----a-w-
page 1

log
2009-09-19 04:30 . 2009-04-11 06:28 265728 ----a-w-
c:\windows\system32\wbem\repdrvfs.dll
2009-09-19 04:30 . 2009-04-11 06:28 189440 ----a-w-
c:\windows\system32\wbem\mofd.dll
2009-09-19 04:30 . 2009-04-11 06:28 614912 ----a-w-
c:\windows\system32\wbem\fastprox.dl1
2009-09-19 04:30 . 2009-04-11 06:28 265728 ----a-w-
c:\windows\system32\wbem\esscli.dll
2009-09-19 04:30 . 2009-04-11 06:28 705536 ----a-w-
c:\windows\system32\SmiEngine.dll
2009-09-19 04:30 . 2009-04-11 06:28 218624 ----a-w-
c:\windows\system32\wdscore.dll
2009-09-19 04:30 . 2009-04-11 06:27 130560 ----a-w-
c:\windows\system32\PkgMgr.exe
2009-09-19 04:30 . 2009-04-11 06:28 247808 ----a-w-
c:\windows\system32\drvstore.dll
2009-09-15 05:32 . 2009-09-15 05:32 -------- d-----w-
files\Free RAR Extract Frog
2009-09-12 13:46 . 2009-09-12 13:46 -------- d-----w-
files\iphone configuration utility
2009-09-12 13:09 . 2008-04-17 17:12 107368 ----a-w-
c:\windows\system32\GEARASpi.dll
2009-09-12 13:09 . 2009-05-18 18:17 26600 ----a-w-
c:\windows\system32\drivers\GEARASpiwDM.SYS
2009-09-12 13:06 . 2009-09-12 13:06 -------- d-----w-
files\ipod
2009-09-12 13:06 . 2009-09-12 13:09 -------- d-----w-
c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 13:06 2009-09-12 13:09 -------- d-----w-
files\iTunes
2009-09-12 12:59 . 2009-09-12 13:01 -------- d-----w-
files\QuickTime
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-10-10 01:28 . 2007-08-09 03:38 1076 ----a-w-
c:\windows\bthservsdp.dat
2009-10-10 00:56 . 2008-06-30 18:33 12978 ----a-w-
c:\users\Jean\AppData\Roaming\nvModes.dat
2009-10-10 00:56 . 2007-09-05 22:00 12978 ----a-w-
c:\users\norm\AppData\Roaming\nvModes.dat
2009-10-09 21:54 . 2009-02-24 00:06 -------- d-----w-
files\Malwarebytes' Anti-Malware
2009-10-06 12:13 . 2008-06-30 18:20 105048 ----a-w-
c:\users\Jean\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w-
files\windows calendar
2009-10-05 20:48 . 2006-11-02 11:18 -------- d-----w-
files\windows Mail
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w-
files\windows Sidebar
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w-
files\windows Journal
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w-
files\windows collaboration
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w-
files\windows photo Gallery
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w-
files\windows Defender
2009-10-05 18:27 . 2007-09-06 00:40 -------- d-----w-
c:\users\norm\AppData\Roaming\uTorrent
page 2
c:\program c:\program
c:\program
c:\program c:\program
c:\program
c:\program c:\program c:\program c:\program c:\program c:\program c:\program

log
2009-10-05 15:37 . 2007-06-26 15:10 --------
c:\programdata\sonic
2009-10-05 01:21 . 2009-06-12 00:46 --------
c:\users\norm\AppData\Roaming\PDF reDirect
2009-10-05 01:21 . 2009-06-02 21:35 --------
files\Nitro PDF
2009-09-29 10:21 . 2007-09-06 00:13 --------
c:\users\norm\AppData\Roaming\Apple computer
2009-09-26 04:15 2008-06-03 06:24 --------
files\Google
2009-09-20 17:00 . 2009-07-26 00:53 --------
files\McAfee
2009-09-19 09:22 . 2007-10-31 16:00 --------
c:\programdata\McAfee
2009-09-12 13:37 . 2008-04-01 03:07 --------
files\safari
2009-09-12 13:06 . 2007-12-24 01:01 --------
files\common Files\Apple
2009-09-12 13:06 . 2007-12-17 07:49 --------
c:\programdata\Apple computer
2009-09-10 18:54 . 2009-02-24 00:06 38224 c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-02-24 00:06 19160 c:\windows\system32\drivers\mbam.sys
2009-08-29 00:27 . 2009-09-02 21:39 4240384
c:\windows\system32\GameuxLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:39 28672
c:\windows\system32\Apphlpdm.dll
2009-08-22 20:57 . 2009-08-22 20:57 --------
files\gs
2009-08-22 20:51 . 2009-08-22 20:51 --------
c:\programdata\plotsoft
2009-08-22 20:51 . 2009-08-22 20:51 --------
files\plotSoft
2009-08-17 15:09 . 2009-08-17 15:09 --------
c:\programdata\NcH swift sound
2009-08-17 15:09 . 2009-08-17 15:09 --------
files\NcH Software
2009-08-17 15:09 . 2009-08-17 15:07 --------
files\NcH Swift sound
2009-08-14 16:27 . 2009-09-09 03:14 904776
c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 03:13 17920
c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 03:14 9728
c:\windows\system32\TcpSVCS.EXE
2009-08-14 13:49 . 2009-09-09 03:13 11264
c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 03:13 17920
c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 03:14 27136
c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 03:14 19968
c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 03:13 8704
c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 03:13 10240
c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 03:14 30720
c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 03:14 105984
c:\windows\system32\netiohlp.dll
2009-08-06 16:02 . 2009-05-11 02:24 55656
page 3
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
----a-w-
d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-
d-----w-d-----w-d-----w-d-----w-d-----w-d-----w-
c:\program
c:\program c:\program
c:\program c:\program
c:\program
c:\program
c:\program c: \program

log c:\windows\system32\drivers\avgntflt.sys
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w-
c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w-
c:\windows\system32\oGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w-
c:\windows\system32\OGAExEC.exe
2009-07-27 15:22 . 2007-09-05 12:06 105048 ----a-w-
c:\users\norm\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-21 21:52 . 2009-07-29 11:41 915456 ----a-w-
c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:41 109056 ----a-w-
c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:41 71680 ----a-w-
c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:41 133632 ----a-w-
c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-15 20:20 71680 ----a-w-
c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-15 20:20 8147456 ----a-w-
c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-15 20:20 313344 ----a-w-
c:\windows\system32\wmpdxm.dl1
2009-07-15 12:39 . 2009-08-15 20:20 4096 ----a-w-
c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-15 20:20 7680 ----a-w-
c:\windows\system32\spwmp.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\windows\currentversion\RunJ
"Si debar"="c: \program fi 1 es\wi ndows si debar\si debar. exe" [2009-04-11 1233920J "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-15 39408J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\currentversion\RunJ
"windows Defender"="c:\program files\windows Defender\MsAscui .exe" [2008-01-19 1008184J
"hpwirelessAssistant"="c:\program files\Hewlett-packard\HP wireless Assistant\HPwAMain.exe" [2007-03-01 472776J
"WAwifiMessagel="c:\program files\Hewlett-packard\HP wireless Assistant\wiFiMsg.exe" [2007-01-10 317128J
"NVSVC"=lc:\windows\system32\nvsvc.dll" [2007-01-14 90191J "NvcplDaemon"=Ic:\windows\system32\Nvcpl.dll" [2007-01-14 7766016J "NvMediacenterl="c:\windows\system32\NvMcTray.dll" [2007-01-14 81920J "mxomssmenu"="c:\program files\Maxtor\oneTouch Status\maxmenumgr.exe" [2007-09-06 169264J
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328J "snp2uvc"="c: \wi ndows\ vsnp2uvc. exe" [2008-08-02 675840J
"Qui ckTi me Task"="c: \program fi 1 esvou i ckr i me\QTTask. exe" [2009-09-05 417792J "ApplesyncNotifier"="c:\program files\common Files\Apple\Mobile Device Support\bin\ApplesyncNotifier.exe" [2009-08-13 177440J "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440J "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\currentversion\RunonceJ
page 4

~
I
i
=
I
=
I
log mLauncher"="c:\windows\sMINST\launcher.exe" [2006-11-08 44128J
[HKEY_USERS\.DEFAULT\Software\Microsoft\windows\Currentversion\RunOnce] noelayshred"="c:\progra-1\mcafee\mshr\ShrCL.EXE" [2009-07-08 113168J
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\systemJ "EnableUIADesktopToggle"= 0 COxO)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\currentControlset\Control\safeBoot\Minimal\aawservice] @="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\currentControlSet\control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\safeBoot\Minimal\McoDS]
@=IIII
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\control\safeBoot\Minimal\winDefend] @="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center] "uacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001
"AutoupdateDi sableNotify"=dword: 00000001
=HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "D;sableMonitoring"=dword:00000001
=HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntispyware] "'D; sabl eMoni tori ng"=dword: 00000001
=HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntivirus] 'D-isableMonitoring"=dword:00000001
)+KEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\symantecFirewall] "'DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\svcJ "v;staSp2"=hexCb):e4,f5,7c,b8,fe,45,ca,01
[HKLM\-\services\sharedaccess\parameters\firewallpolicy\Domainprofile] "EnableFirewall"= 0 COxO)
[HKLM\-\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{9559D611-38CO-4A81-9F2E-1DCF3F39806E}"= UDP:c:\program files\Microsoft Office\office12\oNENOTE.ExE:Microsoft Office OneNote "{AF857652-D3F9-49D8-9CBO-198E3B2EA038}"= TCP:c:\program files\Microsoft Office\office12\oNENOTE.ExE:Microsoft office OneNote "{305853EC-6056-4A7A-8224-3A22A5AF33E9}"= c:\program files\HP\QuickplaY\QP.exe:Quick Play
"{A3A20CEO-7336-42CO-84DO-9BF2B9EE01A2}"= c:\program files\HP\QuickplaY\QPservice.exe:Quick play Resident program "{46DAA085-0819-4E49-A367-01A127026350}"= UDP:c:\program files\earthlink totalaccess\Taskpanl.exe:taskpanl "{2D66DF4D-7960-4F52-9642-8D37618AF7EF}"= TCP:c:\program files\earthlink totalaccess\Taskpanl.exe:taskpanl "{6240A3ED-BE33-4317-BEOF-E30597CBA8A2}"= UDP:c:\program files\earthlink totalaccess\Taskpanl.exe:taskpanl "{FOBC1E06-4E6A-4D72-A1DA-BF40942C1198}"= TCP:c:\program files\earthlink totalaccess\Taskpanl.exe:taskpanl
page 5

log "{4CB52879-E6AD-46EE-BF7D-6DC6AFA246FB}"= UDP:c:\program files\earthlink totalaccess\Taskpanl.exe:taskpanl
"{4223E971-1F2A-4AOC-86F7-28B63EA3D5B8}"= TCp:c:\program files\earthlink totalaccess\Taskpanl.exe:taskpanl
"TCP Query user{A5D32FDE-D87D-4E7B-B689-6EE8EB164757}c:\\users\\norm\\desktop\\utorrent.exe"= UDP:c:\users\norm\desktop\utorrent.exe:utorrent.exe
"UDP Query user{F2cF3949-44B9-44B7-A751-8D695BF2DOCD}c:\\users\\norm\\desktop\\utorrent.exe"= TCP:c:\users\norm\desktop\utorrent.exe:utorrent.exe
"TCP Query User{1076622A-395D-4E64-B401-56E644A7B6F3}c:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:c:\program files\hp\hp software update\hpwucli.exe:HP Software update Client
"UDP Query user{AOD76982-91A8-471F-9D3E-D709626EIE16}c:\\program files\\hp\\hp software update\ \hpwucl i . exe"= TCP: c: \program fi 1 es\hp\hp software update\hpwucli.exe:HP Software update client "{69230CBC-C151-42D6-BB51-159C294E3F9A}"= UDP:c:\program files\TurboTax\premier 2006\32bit\ttax.exe:TurboTax
"{5DCF8EB7-4680-4C9F-8CA6-32533678E59D}"= TCp:c:\program files\TurboTax\premier 2006\32bit\ttax.exe:TurboTax
"{37D81FF8-4A32-42E6-A016-81F1ECDFB167}"= UDP:c:\program files\TurboTax\premier 2006\32bit\updatemgr.exe:TurboTax update Manager "{D457B5Cl-6649-4F6D-AE50-7ADF21C89F40}"= TCP:c:\program files\TurboTax\premier 2006\32bit\updatemgr.exe:TurboTax update Manager "{49FFF804-E299-4EE4-8C42-395450B891BD}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{403E3D49-F7FO-409B-97A9-EF8798B30D46}"= TCp:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{B24B18A3-36cO-404E-97DE-EF3DDI0675B4}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax update Manager "{A559DE06-25C3-4090-8696-E4D1862D4884}"= TCp:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax update Manager "{E386E558-0554-442F-97BB-IC3C768BD7E8}"= UDP:c:\program files\uTorrent\uTorrent.exe:~Torrent (Tcp-In) "{l2M434E-2542-4320-A8Cl-8EAC25A60242}"= TCP:c:\program files\uTorrent\uTorrent.exe:~Torrent (UDP-In) "{AECDC053-0419-4B7E-A460-A9B90C5D6C73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A986F075-F016-47E7-8861-936F62490740}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
n{F74BFC7A-8AD4-4FCO-9635-97B2AD5D72A9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{5B45A686-8EFO-4AFA-98FC-E45E28D67C5F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{F81E09F7-A7E4-4869-8870-7CD9FA297886}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:lnternet Explorer
"UDP Query User{C4BA58B4-6A55-4583-AEBC-CD817DB08576}c:\\program files\\internet explorer\\iexplore.exe"= TCp:c:\program files\internet explorer\iexplore.exe:lnternet Explorer "{5F7ED48E-08F6-4FE5-A901-0FB914EE30E7}"= UDP:c:\program files\TurboTax\premier 2006\32bit\ttax.exe:TurboTax
"{80A43F80-83Cl-4EF2-9394-F67A8FE4A128}"= TCP:c:\program files\TurboTax\premier 2006\32bit\ttax.exe:TurboTax
"{246B9278-0D80-452A-BDCI-OF4E9C33B8AC}"= UDP:c:\program files\TurboTax\premier 2006\32bit\updatemgr.exe:TurboTax update Manager "{530D8390-4C05-4EDE-942A-C82AEAB300E5}"= TCP:c:\program files\TurboTax\premier 2006\32bit\updatemgr.exe:TurboTax update Manager "{32D479cI-B24B-460B-9AF4-99F351620F30}"= profile=privateIProfile=publiclc:\program files\common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network A~ent "{78FECB4A-OAE7-42C8-ABDD-73D4429DC4A4}"= UDP:c:\program f,les\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{6A64B439-31B4-4965-95BC-4F9960F460BC}"= TCP:c:\program files\TurboTax\Deluxe page 6

log 2007\32bit\ttax.exe:TurboTax
"{179B33FO-9F83-47AB-86DD-096E3CE9ADA4}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax update Manager "{A8B53190-7907-47AA-8C43-14B3402B3E4D}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax update Manager "{B87B5263-711F-4B5D-8A66-10EF4D8F126A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{341610B8-62F9-4EE1-AF57-EE6F159EODAC}"= TCp:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\publicprofile] "EnableFirewall"= 0 COxO)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 COxO)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedAp p'lications\List]
'c:\\program Files\\EarthLink TotalAccess\\Taskpanl.exe"= c:\program files\EarthLink TotalAccess\Taskpanl.exe:*:Enabled:Earthlink
R2 cyphxdrv;cyphxdrv;c:\windows\system32\drivers\cyphxdrv.sys [12/18/2008 6:41 AM 100728]
R2 Intuitupdateservice;Intuit update service;c:\program files\common Files\Intuit\update service\Intuitupdateservice.exe [10/10/2008 5:45 AM 13088]
R2 xobniservice;xobniservice;c:\program files\xobni\xobniservice.exe [7/22/2008 7:17 PM 36352]
S2 cypherixservice;Cypherix service;cypherixsrv.exe --> cypherixsrv.exe [7] S2 gupdate;Google update service Cgupdate);c:\program files\Google\update\Googleupdate.exe [9/21/2009 6:00 PM 133104]
s3 Flash1;Flash1;c:\swsetup\SP38062\winphlash\FLASH1.sys [3/1/2006 6:54 PM 3456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ Bthserv
HPZ12 REG_MULTI_SZ pml Driver HPz12 Net Driver HPz12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11DO-8953-00AOC90347FF}] "c:\windows\System32\rundl132.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActivesetup SIGNUP
Contents of the 'scheduled Tasks' folder
2009-10-10 c:\windows\Tasks\GoogleupdateTaskMachinecore.job
- c:\program files\Google\update\Googleupdate.exe [2009-09-21 22:00]
2009-10-10 c:\windows\Tasks\GoogleupdateTaskMachineuA.job
- c:\program files\Google\Update\Googleupdate.exe [2009-09-21 22:00]
2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~l\mcafee\mqc\QcConsol.exe [2009-09-19 01:26]
2009-07-26 c:\windows\Tasks\McQcTask.job
- c:\progra~l\mcafee\mqc\Qcconsol.exe [2009-09-19 01:26]
2009-10-09 c:\windows\Tasks\user_Feed_synchronization-{B6014A4D-258B-4E21-B182-B71BE04F750D}.jo b
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
------- supplementary Scan -------
Page 7

log uStart page = hxxp://www.slate.com/ uInternet Settin~s,proxyoverride = *.local
IE: E&xport to Mlcrosoft Excel - c:\progra-1\MICROS-3\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device ... - c:\program files\WIDCOMM\Bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device ... - c:\program files\WIDCOMM\Bluetooth software\btsendto_ie.htm
Trusted Zone: turbotax.com
- - - - ORPHANS REMOVED - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) webBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-servicecontrol - (no file)
**************************************************************************
catchme 0.3.1398 W2K/Xp/vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 22:00 windows 6.0.6002 service pack 2 NTFS
scanning hidden processes scanning hidden autostart entries scanning hidden files ...
scan completed successfully hidden files: 0
**************************************************************************
--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\system\ControlSet001\control\Class\{4D36E96D-E325-11CE-BFC1-0800 2BE10318}\0000\AlluserSettings]
@Denied: (A) (users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:OOOOOOOO
Completion time: 2009-10-10 22:06 comboFix-quarantined-files.txt 2009-10-10 02:06
Pre-Run: 85,859,311,616 bytes free
Post-Run: 85,750,312,960 bytes free
275
--- E 0 F ---
2009-10-09 21:50

#10
emeraldnzl

Posted 09 October 2009 - 09:55 PM

GeekU Instructor

GeekU Moderator
20,051 posts

HERE IS LOG - HAD TO PRINT AND SCAN - SO OCR MAY NOT BE PERFECT.

Please use Notepad to save to and then copy and paste here. Make sure word wrap is turned off in Notepad.

To do this, open Notepad, choose Format, then make sure Word Wrap is Un-checked. Word Wrap makes reading your log difficult and will prevent fixes using notepad from working.

"Illegal operation attempted on a registry key that has been marked for deletion"

That will have come from one of your anti-malware programs, possibly a firewall.

Lost Internet Explorer

Internet Explorer is disabled by ComboFix but is usually restored after CF has finished.

Now

You have had Norton Antivirus on your computer at some stage. It has not been properly removed.

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

I don't know whether you can get to your Control Panel yet but if you can:

Firstly please go to Start > Control Panel > Add or remove Programs (Programs in Vista) and remove all items with Symantec or Norton in the name if any are there.

Go here Norton Removal Tool to remove left over bits of the Norton AntiVirus Program. Choose the link for the version you had and then download and run the removal progam. If you don't know the version just proceed, it should still work.

Step 2

Again I don't know whether you are able to do this but if you can.

We need to disable Windows Defender to stop it interfering with the tools we are using. There seem to be two intances of Windows Defender running on your machine. I have not seen this before and wonder if it is part of the problem. Let's see if we can turn it off.

How to turn Windows Defender on or off

Applies to all editions of Windows Vista.

1. Open Windows Defender by clicking the Start button , clicking All Programs, and then clicking Windows Defender.

2. Click Tools, and then click Options.

3. Under Administrator options, select or clear the Use Windows Defender check box, and then click Save.

Administrator permission required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Next

Please run ComboFix again.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#11
zumata

Posted 10 October 2009 - 02:29 AM

Member

Topic Starter
Member
23 posts

Hi Emeraldnzl

Cannot get to CONTROL PANEL, WINDOWS DEFENDER, or COMBOFIX.

Error message with each.

Zumata

#12
emeraldnzl

Posted 10 October 2009 - 01:24 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello zumata,

Have you tried to see whether last known good configuration will get you into Windows?

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
3) Instead of Windows loading as normal, the Advanced Options Menu should appear;
4) Select Last Known Good Configuration and proceed.

If that works follow the actions in my last post. Otherwise come back and tell me.

#13
zumata

Posted 10 October 2009 - 03:01 PM

Member

Topic Starter
Member
23 posts

Hi Emeraldnzl

Went to last good config
Removed Symantic
Shut off Defender
Ran Combofix

Ran fine this time. Got log. But have no access to programs again.

Zumata

#14
emeraldnzl

Posted 10 October 2009 - 06:51 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again zumata,

Got log.

So are you able to post that log?

But have no access to programs again

Can you get into Windows again using last know configuration?

If so, don't close your computer down until we have looked at that ComboFix log and I have posted a reply.

Also, tell me if, when your downloaded ComboFix, did it load the Recovery Console?

#15
zumata

Posted 10 October 2009 - 11:16 PM

Member

Topic Starter
Member
23 posts

Hi Emeraldnzl

How do I tell if ComboFix loaded Discovery Console?

Have not tried Last Config but am confident it will work again.

Waiting for instruction.

Zumata

ComboFix 09-10-10.01 - norm 10/10/2009 16:22.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.986 [GMT -4:00]
Running from: c:\users\Jean\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-10 20:40 . 2009-10-10 20:41 -------- d-----w- c:\users\norm\AppData\Local\temp
2009-10-10 20:40 . 2009-10-10 20:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-10 20:40 . 2009-10-10 20:40 -------- d-----w- c:\users\Jean\AppData\Local\temp
2009-10-10 20:40 . 2009-10-10 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-10 19:38 . 2009-10-10 19:38 -------- d-----w- c:\users\Jean\AppData\Roaming\Yahoo!
2009-10-10 01:40 . 2009-10-10 01:40 -------- d-----w- c:\users\Jean\AppData\Local\Apple
2009-10-06 12:13 . 2009-10-06 12:13 -------- d-----w- c:\users\Jean\AppData\Roaming\Malwarebytes
2009-10-05 21:16 . 2009-10-05 21:16 -------- d-----w- c:\program files\ERUNT
2009-10-05 20:46 . 2009-10-05 20:48 -------- d-----w- c:\windows\system32\ca-ES
2009-10-05 20:46 . 2009-10-05 20:47 -------- d-----w- c:\windows\system32\eu-ES
2009-10-05 20:46 . 2009-10-05 20:47 -------- d-----w- c:\windows\system32\vi-VN
2009-10-05 20:04 . 2009-10-05 20:04 -------- d-----w- c:\windows\system32\EventProviders
2009-10-05 15:37 . 2009-10-05 15:38 -------- d-----w- c:\users\norm\AppData\Roaming\Roxio
2009-10-05 01:16 . 2009-10-05 01:16 -------- d-----w- c:\users\norm\AppData\Roaming\Uniblue
2009-10-05 01:03 . 2009-10-05 01:03 -------- d-----w- c:\program files\VirtualF
2009-10-03 11:18 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-19 04:34 . 2009-03-30 04:42 278848 ----a-w- c:\windows\system32\mscoree.dll
2009-09-19 04:33 . 2009-04-11 06:28 618496 ----a-w- c:\windows\system32\mswstr10.dll
2009-09-19 04:32 . 2009-04-11 06:28 194560 ----a-w- c:\windows\system32\offfilt.dll
2009-09-19 04:31 . 2009-04-11 06:27 19968 ----a-w- c:\windows\system32\fc.exe
2009-09-19 04:30 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-19 04:30 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-19 04:30 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-19 04:30 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-19 04:30 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-19 04:30 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-19 04:30 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-19 04:30 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-19 04:30 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-19 04:30 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-19 04:30 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-15 05:32 . 2009-09-15 05:32 -------- d-----w- c:\program files\Free RAR Extract Frog
2009-09-12 13:46 . 2009-09-12 13:46 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-12 13:09 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-12 13:09 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-12 13:06 . 2009-09-12 13:06 -------- d-----w- c:\program files\iPod
2009-09-12 13:06 . 2009-09-12 13:09 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 13:06 . 2009-09-12 13:09 -------- d-----w- c:\program files\iTunes
2009-09-12 12:59 . 2009-09-12 13:01 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 20:07 . 2007-06-26 15:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-10 17:24 . 2007-08-09 03:38 1076 ----a-w- c:\windows\bthservsdp.dat
2009-10-10 00:56 . 2008-06-30 18:33 12978 ----a-w- c:\users\Jean\AppData\Roaming\nvModes.dat
2009-10-10 00:56 . 2007-09-05 22:00 12978 ----a-w- c:\users\norm\AppData\Roaming\nvModes.dat
2009-10-09 21:54 . 2009-02-24 00:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 12:13 . 2008-06-30 18:20 105048 ----a-w- c:\users\Jean\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-05 20:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-05 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-05 18:27 . 2007-09-06 00:40 -------- d-----w- c:\users\norm\AppData\Roaming\uTorrent
2009-10-05 15:37 . 2007-06-26 15:10 -------- d-----w- c:\programdata\Sonic
2009-10-05 01:21 . 2009-06-12 00:46 -------- d-----w- c:\users\norm\AppData\Roaming\PDF reDirect
2009-10-05 01:21 . 2009-06-02 21:35 -------- d-----w- c:\program files\Nitro PDF
2009-09-29 10:21 . 2007-09-06 00:13 -------- d-----w- c:\users\norm\AppData\Roaming\Apple Computer
2009-09-26 04:15 . 2008-06-03 06:24 -------- d-----w- c:\program files\Google
2009-09-20 17:00 . 2009-07-26 00:53 -------- d-----w- c:\program files\McAfee
2009-09-19 09:22 . 2007-10-31 16:00 -------- d-----w- c:\programdata\McAfee
2009-09-12 13:37 . 2008-04-01 03:07 -------- d-----w- c:\program files\Safari
2009-09-12 13:06 . 2007-12-24 01:01 -------- d-----w- c:\program files\Common Files\Apple
2009-09-12 13:06 . 2007-12-17 07:49 -------- d-----w- c:\programdata\Apple Computer
2009-09-10 18:54 . 2009-02-24 00:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-02-24 00:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-29 00:27 . 2009-09-02 21:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-22 20:57 . 2009-08-22 20:57 -------- d-----w- c:\program files\gs
2009-08-22 20:51 . 2009-08-22 20:51 -------- d-----w- c:\programdata\PlotSoft
2009-08-22 20:51 . 2009-08-22 20:51 -------- d-----w- c:\program files\PlotSoft
2009-08-17 15:09 . 2009-08-17 15:09 -------- d-----w- c:\programdata\NCH Swift Sound
2009-08-17 15:09 . 2009-08-17 15:09 -------- d-----w- c:\program files\NCH Software
2009-08-17 15:09 . 2009-08-17 15:07 -------- d-----w- c:\program files\NCH Swift Sound
2009-08-14 16:27 . 2009-09-09 03:14 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 03:13 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 03:14 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 03:13 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 03:13 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 03:14 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 03:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 03:13 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 03:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 03:14 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 03:14 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-06 16:02 . 2009-05-11 02:24 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-27 15:22 . 2007-09-05 12:06 105048 ----a-w- c:\users\norm\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-21 21:52 . 2009-07-29 11:41 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-15 20:20 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-15 20:20 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-15 20:20 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-15 20:20 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-15 20:20 7680 ----a-w- c:\windows\system32\spwmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-10_02.01.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-10-10 19:38 73900 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-05 11:51 . 2009-10-10 20:23 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-05 11:51 . 2009-10-10 01:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-05 11:51 . 2009-10-10 20:23 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-05 11:51 . 2009-10-10 01:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-05 11:51 . 2009-10-10 20:23 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-09-05 11:51 . 2009-10-10 01:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-09-07 02:05 . 2009-10-05 21:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-07 02:05 . 2009-10-10 19:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-07 02:05 . 2009-10-05 21:52 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-07 02:05 . 2009-10-10 19:40 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-07 02:05 . 2009-10-05 21:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-07 02:05 . 2009-10-10 19:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-05 17:13 . 2009-10-10 19:38 2032 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-124847036-3595962268-3106044827-1002_UserData.bin
+ 2009-10-10 19:34 . 2009-10-10 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-10 01:29 . 2009-10-10 01:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-10 01:29 . 2009-10-10 01:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-10 19:34 . 2009-10-10 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-22 22:31 . 2009-10-10 17:18 312826 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-10-10 19:43 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-10 01:35 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-10 01:35 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-10 19:43 101350 c:\windows\System32\perfc009.dat
- 2007-09-05 22:43 . 2009-10-10 01:28 1223040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2007-09-05 22:43 . 2009-10-10 17:22 1223040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-14 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-14 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-14 81920]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2009-07-08 113168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e4,f5,7c,b8,fe,45,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9559D611-38C0-4A81-9F2E-1DCF3F39806E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AF857652-D3F9-49D8-9CB0-198E3B2EA038}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{305853EC-6056-4A7A-8224-3A22A5AF33E9}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A3A20CE0-7336-42C0-84D0-9BF2B9EE01A2}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{46DAA085-0819-4E49-A367-01A127026350}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2D66DF4D-7960-4F52-9642-8D37618AF7EF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6240A3ED-BE33-4317-BE0F-E30597CBA8A2}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F0BC1E06-4E6A-4D72-A1DA-BF40942C1198}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4CB52879-E6AD-46EE-BF7D-6DC6AFA246FB}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4223E971-1F2A-4A0C-86F7-28B63EA3D5B8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{A5D32FDE-D87D-4E7B-B689-6EE8EB164757}c:\\users\\norm\\desktop\\utorrent.exe"= UDP:c:\users\norm\desktop\utorrent.exe:utorrent.exe
"UDP Query User{F2CF3949-44B9-44B7-A751-8D695BF2D0CD}c:\\users\\norm\\desktop\\utorrent.exe"= TCP:c:\users\norm\desktop\utorrent.exe:utorrent.exe
"TCP Query User{1076622A-395D-4E64-B401-56E644A7B6F3}c:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{A0D76982-91A8-471F-9D3E-D709626E1E16}c:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"{69230CBC-C151-42D6-BB51-159C294E3F9A}"= UDP:c:\program files\TurboTax\Premier 2006\32bit\ttax.exe:TurboTax
"{5DCF8EB7-4680-4C9F-8CA6-32533678E59D}"= TCP:c:\program files\TurboTax\Premier 2006\32bit\ttax.exe:TurboTax
"{37D81FF8-4A32-42E6-A016-81F1ECDFB167}"= UDP:c:\program files\TurboTax\Premier 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{D457B5C1-6649-4F6D-AE50-7ADF21C89F40}"= TCP:c:\program files\TurboTax\Premier 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{49FFF804-E299-4EE4-8C42-395450B891BD}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{403E3D49-F7F0-409B-97A9-EF8798B30D46}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{B24B18A3-36C0-404E-97DE-EF3DD10675B4}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{A559DE06-25C3-4090-8696-E4D1862D4884}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{E386E558-0554-442F-97BB-1C3C768BD7E8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{12AA434E-2542-4320-A8C1-8EAC25A60242}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{AECDC053-0419-4B7E-A460-A9B90C5D6C73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A986F075-F016-47E7-8861-936F62490740}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F74BFC7A-8AD4-4FC0-9635-97B2AD5D72A9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5B45A686-8EF0-4AFA-98FC-E45E28D67C5F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{F81E09F7-A7E4-4869-8870-7CD9FA297886}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C4BA58B4-6A55-4583-AEBC-CD817DB08576}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{5F7ED48E-08F6-4FE5-A901-0FB914EE30E7}"= UDP:c:\program files\TurboTax\Premier 2006\32bit\ttax.exe:TurboTax
"{80A43F80-83C1-4EF2-9394-F67A8FE4A128}"= TCP:c:\program files\TurboTax\Premier 2006\32bit\ttax.exe:TurboTax
"{246B9278-0D80-452A-BDC1-0F4E9C33B8AC}"= UDP:c:\program files\TurboTax\Premier 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{530D8390-4C05-4EDE-942A-C82AEAB300E5}"= TCP:c:\program files\TurboTax\Premier 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{32D479C1-B24B-460B-9AF4-99F351620F30}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{78FECB4A-0AE7-42C8-ABDD-73D4429DC4A4}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{6A64B439-31B4-4965-95BC-4F9960F460BC}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{179B33F0-9F83-47AB-86DD-096E3CE9ADA4}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{A8B53190-7907-47AA-8C43-14B3402B3E4D}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{B87B5263-711F-4B5D-8A66-10EF4D8F126A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{341610B8-62F9-4EE1-AF57-EE6F159E0DAC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R2 cyphxdrv;cyphxdrv;c:\windows\System32\drivers\cyphxdrv.sys [12/18/2008 6:41 AM 100728]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [7/22/2008 7:17 PM 36352]
S2 cypherixservice;Cypherix service;cypherixsrv.exe --> cypherixsrv.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/21/2009 6:00 PM 133104]
S3 Flash1;Flash1;c:\swsetup\SP38062\winphlash\FLASH1.sys [3/1/2006 6:54 PM 3456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 22:00]

2009-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 22:00]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-19 01:26]

2009-07-26 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-19 01:26]

2009-10-10 c:\windows\Tasks\User_Feed_Synchronization-{B6014A4D-258B-4E21-B182-B71BE04F750D}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.slate.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: turbotax.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 16:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-10 16:46
ComboFix-quarantined-files.txt 2009-10-10 20:46
ComboFix2.txt 2009-10-10 02:06

Pre-Run: 81,272,385,536 bytes free
Post-Run: 80,882,741,248 bytes free

293 --- E O F --- 2009-10-09 21:50