Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Application error 0xc000005

Started by LukyMike , Aug 11 2010 11:13 PM

  • This topic is locked This topic is locked

#1
LukyMike
Posted 11 August 2010 - 11:13 PM

LukyMike

    New Member

  • Member
  • Pip
  • 3 posts
Hi recently I was infected with a Malware/Virus called "Security Tools" and was disabling me to open my application I use on my laptop. I got my anti-malware/virus/spyware opened and starting scanning my computer until It detected the virus and I got rid of it. Than after I got rid of Security Tools I noticed when I open some programs I get an error (ex. Maplestory error 0xc000005 or Google Chrome error 0xc0000022) and also I noticed when I googled something and clicked on a link it would no let me go directly into it. When I get a error it says "The application was unable to start correctly (0xc000005). Click OK to close the application". I would have to copy the link and open a new tab and paste to go to the website. Also my laptop could have possibly slowed down after the infection. So bottom line is that can anybody here give me the solution to this problem?

Here is my Hijack Log
_____________________
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:32:55 PM, on 8/13/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\SysWOW64\CTsvcCDA.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
C:\Program Files (x86)\Nakido\nakido.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\USERS\PERSONAL\APPDATA\LOCAL\TEMP\RAR$EX00.949\PROCEXP.EXE
C:\Program Files (x86)\Opera\opera.exe
D:\Programs\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\program files (x86)\microsoft\desktoplayer.exe,c:\program files (x86)\aim\aimsrv.exe,c:\users\personal\appdata\local\temp\19aqpsrv.exe,c:\users\mike\appdata\local\temp\19aqpsrv.exe,c:\users\personal\appdata\roaming\atzait\osodsrv.exe,,c:\program files (x86)\adobe\acrobat 9.0\acrobat\acrodistsrv.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Personal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [{C43CAEDC-337C-65F8-DB81-1656244767C9}] C:\Users\Personal\AppData\Roaming\Peev\omqa.exe
O4 - HKLM\..\Policies\Explorer\Run: [jgyo0w] C:\Users\Personal\AppData\Local\Temp\19aqp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3495711180-3437875855-2106924724-1001\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US (User 'Mike')
O4 - HKUS\S-1-5-21-3495711180-3437875855-2106924724-1001\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Mike')
O4 - S-1-5-21-3495711180-3437875855-2106924724-1001 Startup: AutorunsDisabled (User 'Mike')
O4 - S-1-5-21-3495711180-3437875855-2106924724-1001 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Mike')
O4 - S-1-5-21-3495711180-3437875855-2106924724-1001 User Startup: AutorunsDisabled (User 'Mike')
O4 - S-1-5-21-3495711180-3437875855-2106924724-1001 User Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Mike')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.m...Installer64.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: 1257150087 (.1257150087) - Unknown owner - C:\Program Files (x86)\1257150087\Mike1257150087L.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_479cd30f1d9fb233\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\SysWOW64\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nakido - Nakido - C:\Program Files (x86)\Nakido\nakido.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_479cd30f1d9fb233\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Optimizer (WMOptimizer) - Unknown owner - C:\Windows\system32\scvhost.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17505 bytes

Edited by LukyMike, 13 August 2010 - 03:34 PM.

  • 0

Advertisements

#2
Aaron
Posted 16 August 2010 - 10:23 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi, welcome to Geeks to Go :) !
My name is Maser00 and I will be helping you with your problem(s).

Before we start I need to mention a few things:
  • I am still in training (here at GeekU), therefore my instructions will be checked by someone of the malware staff first. It could take a little bit more time then usual because of this.
  • Please post all the requested logs directly in your reply, do not attach them unless asked to or unless you are unable to post them.
  • It's best to read all my instructions at least once before carrying them out, this will make sure you understand them before you start.
  • Try to reply every one-two days, I'll try to do the same. At some point your computer will run better (hopefully :)), but keep following my instructions because there can still be malware on your computer. I'll tell you when were done.
  • Please don't run any other malware removal tools/programs or instructions that I didn't asked for.

Please follow these steps:

============ Step one ============

Download OTL to your Desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select Scan all users
Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%|bak;true;false;false /fp
%systemroot%\system32|bak;true;false;false /fp
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.

============ Step two ============

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

Please post the logs of OTL and GMER in your next reply.

- Maser00
  • 0

#3
LukyMike
Posted 16 August 2010 - 12:32 PM

LukyMike

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I finished scanning with OTL although at first it didn't produce Extras.txt than I tried it again with success. Unfortuanatley for GMER I get this unusual error and it lets me scan ok but the some of the boxes are greyed out and once its done scanning I saved a ark.txt file but there was no information inside whatsoever.

OTL.TXT
________
OTL logfile created on: 8/16/2010 1:20:27 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = D:\Programs
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 43.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 89.99 Gb Total Space | 8.24 Gb Free Space | 9.16% Space Free | Partition Type: NTFS
Drive D: | 76.19 Gb Total Space | 5.93 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-PC
Current User Name: Personal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/16 12:35:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Programs\OTL.exe
PRC - [2010/08/14 20:20:12 | 000,394,240 | ---- | M] (Nakido) -- C:\Program Files (x86)\Nakido\nakido.exe
PRC - [2010/08/14 20:15:19 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2010/08/14 20:09:10 | 000,151,552 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
PRC - [2010/08/13 14:55:18 | 000,209,408 | ---- | M] (xmo) -- C:\Users\Personal\AppData\Roaming\Peev\omqa.exe
PRC - [2010/07/22 21:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/21 15:53:00 | 010,358,568 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
PRC - [2010/06/30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2010/06/10 21:18:20 | 000,019,760 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/03 13:45:42 | 000,012,592 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/01/01 16:31:21 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2009/11/26 16:01:14 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/10/11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/07/01 19:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/06/18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/03 10:32:28 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Personal\AppData\Local\Temp\Rar$EX00.195\procexp.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [1999/12/12 12:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/16 12:35:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Programs\OTL.exe
MOD - [2009/07/13 20:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2009/07/13 20:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\scvhost.exe -- (WMOptimizer)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/08/14 20:09:10 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)
SRV:64bit: - [2009/11/05 20:57:08 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 20:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 20:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2008/10/27 02:18:10 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_479cd30f1d9fb233\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 18:53:08 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_479cd30f1d9fb233\AESTSr64.exe -- (AESTFilters)
SRV - [2010/08/14 20:20:12 | 000,394,240 | ---- | M] (Nakido) [Auto | Running] -- C:\Program Files (x86)\Nakido\nakido.exe -- (Nakido)
SRV - [2010/08/14 20:15:19 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/01 16:31:21 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/11/26 16:01:14 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/09/14 03:49:52 | 000,423,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\1257150087\Mike1257150087L.exe -- (.1257150087)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/01 22:26:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/05/19 14:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/15 17:07:16 | 000,337,200 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [1999/12/12 12:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/11/02 03:13:43 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/09 03:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/08 04:01:22 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2009/08/28 20:42:44 | 000,021,504 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 20:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 20:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 18:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 18:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/02 23:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 23:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 23:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 23:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/09 02:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 16:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/10/31 13:49:44 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/27 02:18:56 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/05 16:20:20 | 000,058,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2007/04/27 07:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2007/02/05 18:36:48 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV:64bit: - [2006/11/18 14:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2006/11/17 18:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/28 11:53:16 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/28 11:53:16 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/28 11:53:14 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/02/10 20:23:10 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {5a8b3cf0-87bd-20d4-b2c1-e527fb2ab4bd}:4.6.6.8
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..extensions.enabledItems: {056F816F-3719-4014-9DAE-CB1840639479}:1.9.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/12 22:06:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{056F816F-3719-4014-9DAE-CB1840639479}: C:\Users\Personal\AppData\Local\{056F816F-3719-4014-9DAE-CB1840639479}\ [2010/08/09 13:37:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/14 17:27:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/14 17:27:39 | 000,000,000 | ---D | M]

[2010/07/22 20:48:51 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Mozilla\Extensions
[2010/08/15 20:35:29 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Mozilla\Firefox\Profiles\q3ednnwo.default\extensions
[2010/08/14 02:26:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Personal\AppData\Roaming\Mozilla\Firefox\Profiles\q3ednnwo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/26 21:05:35 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Mozilla\Firefox\Profiles\q3ednnwo.default\extensions\[email protected]
[2010/08/15 20:35:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/13 21:58:21 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{5a8b3cf0-87bd-20d4-b2c1-e527fb2ab4bd}
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

O1 HOSTS File: ([2010/08/10 02:46:37 | 000,001,073 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 a204-2-160-40.deploy.akamaitechnologies.com
O1 - Hosts: 127.0.0.1 symantec.com.102.112.2o7.net
O1 - Hosts: 127.0.0.1 a96-7-151-238.deploy.akamaitechnologies.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005..\Run: [{C43CAEDC-337C-65F8-DB81-1656244767C9}] C:\Users\Personal\AppData\Roaming\Peev\omqa.exe (xmo)
O4 - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\etbaex.exe (rqipbu)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\oseky.exe (rqipbu)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\vynuvo.exe (okuc)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\etbaex.exe (rqipbu)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\oseky.exe (rqipbu)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\vynuvo.exe (okuc)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\heik.exe (rqipbu)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\maethy.exe (rqipbu)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taos.exe (okuc)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2009/11/27 13:10:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avzeu.exe (rqipbu)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igib.exe (rqipbu)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\udanc.exe (okuc)
O4 - Startup: C:\Users\Personal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...Installer64.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\microsoft\desktoplayer.exe) - c:\Program Files (x86)\Microsoft\DesktopLayer.exe ()
O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\aim\aimsrv.exe) - c:\Program Files (x86)\AIM\aimSrv.exe (fvnvo)
O20 - HKLM Winlogon: UserInit - (c:\users\personal\appdata\local\temp\19aqpsrv.exe) - c:\users\personal\appdata\local\temp\19aqpsrv.exe File not found
O20 - HKLM Winlogon: UserInit - (c:\users\mike\appdata\local\temp\19aqpsrv.exe) - c:\users\mike\appdata\local\temp\19aqpsrv.exe File not found
O20 - HKLM Winlogon: UserInit - (c:\users\personal\appdata\roaming\atzait\osodsrv.exe) - c:\Users\Personal\AppData\Roaming\Atzait\osodSrv.exe (fvnvo)
O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\adobe\acrobat 9.0\acrobat\acrodistsrv.exe) - c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroDistSrv.exe (fvnvo)
O20 - HKLM Winlogon: UserInit - (c:\users\personal\appdata\roaming\peev\omqasrv.exe) - c:\Users\Personal\AppData\Roaming\Peev\omqaSrv.exe (fvnvo)
O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanagersrv.exe) - c:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManagerSrv.exe (fvnvo)
O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32serversrv.exe) - c:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32serverSrv.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Key error. - C:\Program Files (x86)\Stardock\MyColors\fast64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\PERSONAL\APPDATA\LOCAL\TEMP\RAR$EX00.195\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\PERSONAL\APPDATA\LOCAL\TEMP\RAR$EX00.195\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: instgMgr - (C:\Windows\convbsvc.dll) - C:\Windows\convbsvc.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/16 03:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner
[2010/08/16 00:29:21 | 000,000,000 | ---D | C] -- C:\Users\Personal\Desktop\New folder
[2010/08/15 15:13:29 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Nero
[2010/08/15 14:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\rivi
[2010/08/14 21:57:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/14 21:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/13 17:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2010/08/12 22:38:19 | 000,000,000 | ---D | C] -- C:\_CLTUI_E894D6B5_E3CA_4561_A244_272400640573_Session1
[2010/08/12 22:38:19 | 000,000,000 | ---D | C] -- C:\_CLTUI_E894D6B5_E3CA_4561_A244_272400640573_Session0
[2010/08/12 17:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/08/12 17:19:57 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Threat Expert
[2010/08/12 17:11:24 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\PackageAware
[2010/08/11 03:34:36 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/11 02:54:44 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\PACE Anti-Piracy
[2010/08/11 02:54:44 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\PACE Anti-Piracy
[2010/08/11 02:54:39 | 000,000,000 | ---D | C] -- C:\Users\Personal\Documents\Adobe
[2010/08/10 22:44:41 | 000,000,000 | ---D | C] -- C:\Users\Personal\Documents\Vindictus
[2010/08/10 22:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2010/08/10 13:31:56 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Tific
[2010/08/10 13:31:50 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Tific
[2010/08/10 02:15:59 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\CrashDumps
[2010/08/10 02:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1257150087
[2010/08/10 00:46:09 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/10 00:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trapcode Particular ffx
[2010/08/09 21:11:43 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\ElevatedDiagnostics
[2010/08/09 18:59:29 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Google
[2010/08/09 14:01:16 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Peev
[2010/08/09 13:39:37 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Malwarebytes
[2010/08/09 13:37:37 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\{056F816F-3719-4014-9DAE-CB1840639479}
[2010/08/09 13:36:47 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\hvyupfrrv
[2010/08/09 13:34:30 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\FAC2A774D0FEDC2824280904D74E5269
[2010/08/09 13:24:16 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Windows Server
[2010/08/09 13:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\riv
[2010/08/09 02:57:35 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\PMB Files
[2010/08/09 01:23:56 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Egexs
[2010/08/08 18:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-HSI
[2010/08/08 18:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATT-HSI
[2010/08/08 18:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/08/08 18:16:09 | 000,000,000 | ---D | C] -- C:\Windows\Roaming
[2010/08/08 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/08/04 09:36:36 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Atzait
[2010/07/29 21:22:40 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Hyhur
[2010/07/28 20:29:10 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Ixekg
[2010/07/27 18:16:34 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Poneyc
[2010/07/26 20:54:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/26 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Miof
[2010/07/26 00:29:53 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Ibibel
[2010/07/25 00:56:18 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Publish Providers
[2010/07/25 00:56:14 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\DivX
[2010/07/25 00:55:59 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Sony
[2010/07/25 00:55:59 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Sony
[2010/07/24 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Personal\Tracing
[2010/07/23 15:14:22 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\TechSmith
[2010/07/23 15:13:13 | 000,000,000 | ---D | C] -- C:\Users\Personal\Documents\Camtasia Studio
[2010/07/23 15:12:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010/07/23 15:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/07/23 15:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2010/07/23 04:15:04 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\AskToolbar
[2010/07/23 02:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/07/23 02:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/07/23 02:16:16 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\uTorrent
[2010/07/23 00:57:16 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\WinRAR
[2010/07/22 22:55:02 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Dell
[2010/07/22 22:54:59 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Stardock_Corporation
[2010/07/22 21:20:54 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\acccore
[2010/07/22 21:20:50 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\AIM
[2010/07/22 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\AOL
[2010/07/22 20:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/22 20:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/22 20:48:39 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\AIM Toolbar
[2010/07/22 20:47:02 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Apple
[2010/07/22 20:44:52 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Mozilla
[2010/07/22 20:44:52 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Mozilla
[2010/07/22 20:44:50 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Opera
[2010/07/22 20:44:50 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Opera
[2010/07/22 20:44:25 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Stardock
[2010/07/22 20:44:24 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Apple Computer
[2010/07/22 20:44:22 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Broadcom
[2010/07/22 20:44:22 | 000,000,000 | ---D | C] -- C:\Users\Personal\Documents\Bluetooth Exchange Folder
[2010/07/22 20:44:21 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Apple Computer
[2010/07/22 20:44:21 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Adobe
[2010/07/22 20:44:20 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Adobe
[2010/07/22 20:44:14 | 000,000,000 | R--D | C] -- C:\Users\Personal\Searches
[2010/07/22 20:44:14 | 000,000,000 | -H-D | C] -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/22 20:44:13 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Identities
[2010/07/22 20:44:12 | 000,000,000 | R--D | C] -- C:\Users\Personal\Contacts
[2010/07/22 20:44:04 | 000,000,000 | --SD | C] -- C:\Users\Personal\AppData\Roaming\Microsoft
[2010/07/22 20:44:04 | 000,000,000 | R--D | C] -- C:\Users\Personal\Videos
[2010/07/22 20:44:04 | 000,000,000 | R--D | C] -- C:\Users\Personal\Saved Games
[2010/07/22 20:44:04 | 000,000,000 | R--D | C] -- C:\Users\Personal\Pictures
[2010/07/22 20:44:04 | 000,000,000 | R--D | C] -- C:\Users\Personal\Music
[2010/07/22 20:44:04 | 000,000,000 | R--D | C] -- C:\Users\Personal\Links
[2010/07/22 20:44:04 | 000,000,000 | R--D | C] -- C:\Users\Personal\Favorites
[2010/07/22 20:44:04 | 000,000,000 | R--D | C] -- C:\Users\Personal\Downloads
[2010/07/22 20:44:04 | 000,000,000 | R--D | C] -- C:\Users\Personal\My Documents
[2010/07/22 20:44:04 | 000,000,000 | R--D | C] -- C:\Users\Personal\Desktop
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\AppData\Local\Temporary Internet Files
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\Templates
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\Start Menu
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\SendTo
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\Recent
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\PrintHood
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\NetHood
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\Documents\My Videos
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\Documents\My Pictures
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\Documents\My Music
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\My Documents
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\Local Settings
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\AppData\Local\History
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\Cookies
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\Application Data
[2010/07/22 20:44:04 | 000,000,000 | -HSD | C] -- C:\Users\Personal\AppData\Local\Application Data
[2010/07/22 20:44:04 | 000,000,000 | -H-D | C] -- C:\Users\Personal\AppData
[2010/07/22 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Temp
[2010/07/22 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Microsoft Help
[2010/07/22 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\Microsoft
[2010/07/22 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Media Center Programs
[2010/07/22 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Macromedia
[2010/07/21 19:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BannedStory
[2010/07/20 17:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AhnLab
[2010/07/18 16:24:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/14 07:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/06/24 20:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plugins
[2010/06/22 22:30:48 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010/06/19 12:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/19 12:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/05/31 15:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix
[2010/05/29 01:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010/05/26 22:38:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe

========== Files - Modified Within 90 Days ==========

[2025/08/31 12:30:31 | 000,796,016 | ---- | M] (Symantec Corporation) -- C:\cltLMSx.dll
[2010/08/16 13:20:47 | 004,718,592 | -HS- | M] () -- C:\Users\Personal\NTUSER.DAT
[2010/08/16 13:19:11 | 000,024,435 | ---- | M] () -- C:\Users\Personal\Desktop\Capture.PNG
[2010/08/16 12:54:30 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495711180-3437875855-2106924724-1005UA.job
[2010/08/16 12:25:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495711180-3437875855-2106924724-1001UA.job
[2010/08/16 12:12:53 | 000,211,248 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/16 12:12:53 | 000,211,248 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/16 12:12:33 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/08/16 12:12:30 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/08/16 12:12:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/16 12:12:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/16 12:12:05 | 3018,596,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/16 04:01:46 | 000,015,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/16 04:01:46 | 000,015,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/16 04:01:39 | 002,353,123 | -H-- | M] () -- C:\Users\Personal\AppData\Local\IconCache.db
[2010/08/16 03:31:30 | 000,001,059 | ---- | M] () -- C:\Users\Personal\Desktop\Eusing Free Registry Cleaner.lnk
[2010/08/16 02:32:10 | 000,002,334 | ---- | M] () -- C:\Users\Personal\Desktop\Google Chrome.lnk
[2010/08/16 00:30:07 | 000,001,456 | ---- | M] () -- C:\Users\Personal\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/16 00:23:12 | 000,000,132 | ---- | M] () -- C:\Users\Personal\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/08/15 19:54:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495711180-3437875855-2106924724-1005Core.job
[2010/08/15 13:25:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495711180-3437875855-2106924724-1001Core.job
[2010/08/14 20:49:10 | 000,000,134 | ---- | M] () -- C:\Windows\SysWow64\msexcr.ini
[2010/08/14 17:27:41 | 000,001,969 | ---- | M] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/14 17:27:41 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/14 17:15:31 | 000,001,139 | ---- | M] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/14 01:59:47 | 000,795,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/14 01:59:47 | 000,671,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/14 01:59:47 | 000,125,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/12 22:38:22 | 005,041,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 17:11:43 | 000,001,984 | ---- | M] () -- C:\Users\Personal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/08/12 04:01:39 | 000,161,717 | ---- | M] () -- C:\Users\Personal\Desktop\teachers.jpg
[2010/08/12 04:00:13 | 000,024,472 | ---- | M] () -- C:\Users\Personal\Desktop\aj.jpg
[2010/08/12 00:36:19 | 000,028,672 | ---- | M] () -- C:\Users\Personal\Desktop\informativefinal.doc
[2010/08/12 00:21:24 | 000,015,184 | ---- | M] () -- C:\Users\Personal\Desktop\mediateachercomments.docx
[2010/08/12 00:11:36 | 000,028,672 | ---- | M] () -- C:\Users\Personal\Desktop\thus essay.doc
[2010/08/11 03:21:11 | 000,000,000 | -H-- | M] () -- C:\Users\Personal\Documents\Default.rdp
[2010/08/11 02:54:45 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2010/08/10 02:46:37 | 000,001,073 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/10 02:41:49 | 000,000,081 | ---- | M] () -- C:\Windows\wininit.ini
[2010/08/10 00:09:00 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.nav
[2010/08/09 23:43:38 | 000,122,696 | ---- | M] () -- C:\Users\Personal\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/09 19:43:15 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.msn
[2010/08/09 19:19:31 | 000,000,058 | -HS- | M] () -- C:\Windows\SysWow64\User.ini
[2010/08/09 19:19:18 | 000,151,552 | ---- | M] () -- C:\Windows\SysWow64\szetyj67vx.exe
[2010/08/09 18:57:28 | 000,002,515 | ---- | M] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/09 18:57:28 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/08/09 18:50:19 | 000,204,328 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/09 17:50:42 | 2020,913,976 | ---- | M] () -- C:\Users\Personal\Desktop\MSSetupv88.exe
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At88.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At84.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At68.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At66.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At50.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At319.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At307.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At294.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At292.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At284.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At276.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At247.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At241.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At226.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At216.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At204.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At195.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At188.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At184.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At166.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At160.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At133.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At132.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At125.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At108.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At104.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At95.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At90.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At86.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At65.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At56.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At52.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At311.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At309.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At303.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At297.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At293.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At283.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At275.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At270.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At265.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At257.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At246.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At231.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At197.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At185.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At175.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At156.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At131.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At129.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At127.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At124.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At101.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At82.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At71.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At54.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At44.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At42.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At323.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At318.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At316.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At301.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At291.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At279.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At252.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At228.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At215.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At211.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At205.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At186.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At169.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At165.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At164.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At147.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At115.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At110.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At89.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At79.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At69.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At64.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At53.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At51.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At274.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At256.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At254.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At237.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At229.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At221.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At161.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At130.job
[2010/08/09 02:55:21 | 000,000,363 | ---- | M] () -- C:\Users\Personal\Recent Places - Shortcut.lnk
[2010/08/03 16:30:24 | 000,048,640 | -H-- | M] () -- C:\Windows\convbsvc.dll
[2010/08/02 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At249.job
[2010/07/28 04:08:31 | 000,789,718 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/26 17:22:32 | 000,005,120 | ---- | M] () -- C:\Users\Personal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/26 02:58:04 | 000,000,003 | ---- | M] () -- C:\Windows\treeskp.sys
[2010/07/26 02:58:04 | 000,000,003 | ---- | M] () -- C:\Windows\sbacknt.bin
[2010/07/26 02:46:46 | 000,152,904 | ---- | M] () -- C:\Windows\SysWow64\vghd.scr
[2010/07/26 00:16:50 | 000,000,132 | ---- | M] () -- C:\Users\Personal\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/23 18:50:51 | 000,524,288 | -HS- | M] () -- C:\Users\Personal\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/23 18:50:51 | 000,524,288 | -HS- | M] () -- C:\Users\Personal\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/23 18:50:51 | 000,065,536 | -HS- | M] () -- C:\Users\Personal\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/23 15:12:56 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/07/23 02:16:31 | 000,000,973 | ---- | M] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/23 00:55:26 | 000,000,355 | ---- | M] () -- C:\Users\Personal\Desktop\My Computer.lnk
[2010/07/22 20:53:33 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/22 20:48:36 | 000,001,443 | ---- | M] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/22 20:44:53 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/07/22 20:44:04 | 000,000,020 | -HS- | M] () -- C:\Users\Personal\ntuser.ini
[2010/07/14 07:19:41 | 000,001,038 | -H-- | M] () -- C:\IPH.PH
[2010/07/14 07:19:37 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/07/07 23:12:19 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/07/07 12:59:09 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/06/22 22:30:48 | 000,411,480 | ---- | M] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010/06/19 12:47:19 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2010/08/16 13:19:11 | 000,024,435 | ---- | C] () -- C:\Users\Personal\Desktop\Capture.PNG
[2010/08/16 03:31:30 | 000,001,059 | ---- | C] () -- C:\Users\Personal\Desktop\Eusing Free Registry Cleaner.lnk
[2010/08/16 02:32:10 | 000,002,334 | ---- | C] () -- C:\Users\Personal\Desktop\Google Chrome.lnk
[2010/08/16 00:27:35 | 000,001,456 | ---- | C] () -- C:\Users\Personal\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/16 00:23:12 | 000,000,132 | ---- | C] () -- C:\Users\Personal\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/08/14 19:54:33 | 000,000,134 | ---- | C] () -- C:\Windows\SysWow64\msexcr.ini
[2010/08/14 17:15:31 | 000,001,139 | ---- | C] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/14 02:10:51 | 000,001,969 | ---- | C] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/14 02:10:51 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/12 17:11:43 | 000,001,984 | ---- | C] () -- C:\Users\Personal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/08/12 05:26:59 | 000,250,102 | ---- | C] () -- C:\Users\Personal\Desktop\Trinh toc kieu.jpg
[2010/08/12 05:26:59 | 000,112,645 | ---- | C] () -- C:\Users\Personal\Desktop\Thuy Cua.jpg
[2010/08/12 05:26:59 | 000,031,247 | ---- | C] () -- C:\Users\Personal\Desktop\Bon co.jpg
[2010/08/12 05:26:59 | 000,025,961 | ---- | C] () -- C:\Users\Personal\Desktop\Cua Trinh.jpg
[2010/08/12 05:26:59 | 000,021,086 | ---- | C] () -- C:\Users\Personal\Desktop\Jimmy.jpg
[2010/08/12 05:26:59 | 000,020,945 | ---- | C] () -- C:\Users\Personal\Desktop\PhongThuy.jpg
[2010/08/12 05:26:59 | 000,018,822 | ---- | C] () -- C:\Users\Personal\Desktop\Mong giua ban ngay.jpg
[2010/08/12 05:26:59 | 000,006,848 | ---- | C] () -- C:\Users\Personal\Desktop\ThuyTrinh.jpg
[2010/08/12 04:01:39 | 000,161,717 | ---- | C] () -- C:\Users\Personal\Desktop\teachers.jpg
[2010/08/12 04:00:13 | 000,024,472 | ---- | C] () -- C:\Users\Personal\Desktop\aj.jpg
[2010/08/12 00:36:18 | 000,028,672 | ---- | C] () -- C:\Users\Personal\Desktop\informativefinal.doc
[2010/08/12 00:21:23 | 000,015,184 | ---- | C] () -- C:\Users\Personal\Desktop\mediateachercomments.docx
[2010/08/12 00:11:34 | 000,028,672 | ---- | C] () -- C:\Users\Personal\Desktop\thus essay.doc
[2010/08/11 03:21:11 | 000,000,000 | -H-- | C] () -- C:\Users\Personal\Documents\Default.rdp
[2010/08/10 01:33:20 | 000,000,081 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/10 00:07:54 | 000,071,303 | ---- | C] () -- C:\Program Files (x86)\trapcodeparticularv2.log
[2010/08/09 19:19:31 | 000,000,058 | -HS- | C] () -- C:\Windows\SysWow64\User.ini
[2010/08/09 19:19:07 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\szetyj67vx.exe
[2010/08/09 18:59:35 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495711180-3437875855-2106924724-1005UA.job
[2010/08/09 18:59:34 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495711180-3437875855-2106924724-1005Core.job
[2010/08/09 02:58:18 | 2020,913,976 | ---- | C] () -- C:\Users\Personal\Desktop\MSSetupv88.exe
[2010/08/09 02:55:21 | 000,000,363 | ---- | C] () -- C:\Users\Personal\Recent Places - Shortcut.lnk
[2010/08/03 16:30:24 | 000,048,640 | -H-- | C] () -- C:\Windows\convbsvc.dll
[2010/07/29 15:04:15 | 000,002,515 | ---- | C] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/27 15:52:21 | 000,019,188 | ---- | C] () -- C:\Windows\Q883956Readme.rtf
[2010/07/26 02:46:48 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys
[2010/07/26 02:46:48 | 000,000,003 | ---- | C] () -- C:\Windows\sbacknt.bin
[2010/07/26 02:46:46 | 000,152,904 | ---- | C] () -- C:\Windows\SysWow64\vghd.scr
[2010/07/26 00:16:08 | 000,000,132 | ---- | C] () -- C:\Users\Personal\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/24 16:03:21 | 000,005,120 | ---- | C] () -- C:\Users\Personal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/23 15:12:56 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/07/23 02:16:31 | 000,000,973 | ---- | C] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/22 21:05:50 | 000,000,355 | ---- | C] () -- C:\Users\Personal\Desktop\My Computer.lnk
[2010/07/22 20:53:33 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/22 20:48:36 | 000,001,443 | ---- | C] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/22 20:44:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/22 20:44:04 | 004,718,592 | -HS- | C] () -- C:\Users\Personal\NTUSER.DAT
[2010/07/22 20:44:04 | 000,524,288 | -HS- | C] () -- C:\Users\Personal\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/22 20:44:04 | 000,524,288 | -HS- | C] () -- C:\Users\Personal\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/22 20:44:04 | 000,262,144 | -HS- | C] () -- C:\Users\Personal\ntuser.dat.LOG1
[2010/07/22 20:44:04 | 000,065,536 | -HS- | C] () -- C:\Users\Personal\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/22 20:44:04 | 000,000,290 | ---- | C] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/22 20:44:04 | 000,000,272 | ---- | C] () -- C:\Users\Personal\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/22 20:44:04 | 000,000,020 | -HS- | C] () -- C:\Users\Personal\ntuser.ini
[2010/07/22 20:44:04 | 000,000,000 | -HS- | C] () -- C:\Users\Personal\ntuser.dat.LOG2
[2010/06/19 12:47:19 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/29 01:14:47 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/05/12 22:31:01 | 000,036,868 | ---- | C] () -- C:\Program Files (x86)\uninst-Lux.exe
[2010/04/24 19:00:10 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/04/24 19:00:10 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2010/04/24 19:00:10 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2010/04/24 19:00:10 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010/04/24 19:00:10 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2010/04/24 19:00:10 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/01/21 20:33:06 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/01/01 16:29:11 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009/11/26 15:21:36 | 000,789,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/13 20:10:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/08 01:48:31 | 000,002,419 | ---- | C] () -- C:\Program Files (x86)\trapcodeStarglow.log
[2009/11/08 01:45:44 | 000,036,868 | ---- | C] () -- C:\Program Files (x86)\uninst-Echospace.exe
[2009/11/08 01:31:56 | 000,036,868 | ---- | C] () -- C:\Program Files (x86)\uninst-Particular.exe
[2009/11/07 00:46:58 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/11/02 07:36:25 | 000,211,248 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/02 07:36:18 | 000,211,248 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/13 20:15:07 | 000,000,009 | ---- | C] () -- C:\Windows\SysWow64\comsats.sys
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/03/24 12:40:54 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2008/04/02 14:43:55 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\RGSGrowBounds.aex

========== LOP Check ==========

[2010/08/14 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Blank\AppData\Roaming\Myok
[2010/08/14 20:58:45 | 000,000,000 | ---D | M] -- C:\Users\Blank\AppData\Roaming\Opera
[2010/08/14 20:58:28 | 000,000,000 | ---D | M] -- C:\Users\Blank\AppData\Roaming\Puka
[2010/08/14 20:57:47 | 000,000,000 | ---D | M] -- C:\Users\Blank\AppData\Roaming\Stardock
[2010/08/09 19:17:19 | 000,000,000 | ---D | M] -- C:\Users\ETC\AppData\Roaming\Opera
[2010/08/09 19:16:49 | 000,000,000 | ---D | M] -- C:\Users\ETC\AppData\Roaming\Stardock
[2010/07/22 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Opera
[2010/07/22 20:26:39 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Stardock
[2010/07/23 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\acccore
[2010/07/23 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AeroSnapApp
[2010/07/23 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ArcticLine
[2010/07/23 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Autodesk
[2010/07/23 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Bioshock
[2010/07/23 18:30:07 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Bump Technologies, Inc
[2010/07/23 18:30:07 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/07/23 18:30:07 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DAEMON Tools Lite
[2010/07/23 18:30:07 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DAEMON Tools Pro
[2009/08/30 13:17:55 | 000,000,000 | -H-D | M] -- C:\Users\Mike\AppData\Roaming\ijjigame
[2010/07/23 18:30:07 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Juce VST Host
[2010/07/23 18:30:08 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\mkvtoolnix
[2010/07/23 18:30:08 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\NeopleLauncherDFO
[2010/07/23 18:30:08 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Opera
[2010/07/23 18:30:08 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\OtakuSoftware
[2010/07/23 18:30:08 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PACE Anti-Piracy
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PeerNetworking
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Publish Providers
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Red Kawa
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Runiter
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Sony
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Sony Creative Software
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Stardock
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SystemRequirementsLab
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Template
[2010/07/23 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Thinstall
[2010/07/23 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Ubisoft
[2010/07/23 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\uTorrent
[2010/07/23 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Windows SideBar
[2010/07/22 21:21:15 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\acccore
[2010/08/09 18:08:53 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Atzait
[2010/08/09 01:23:56 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Egexs
[2010/08/09 13:34:32 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\FAC2A774D0FEDC2824280904D74E5269
[2010/08/11 00:40:53 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Hyhur
[2010/07/26 00:29:53 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Ibibel
[2010/08/09 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Ixekg
[2010/08/10 01:26:09 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Miof
[2010/07/22 20:44:50 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Opera
[2010/08/11 02:54:45 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\PACE Anti-Piracy
[2010/08/13 16:30:05 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Peev
[2010/08/14 02:11:23 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Poneyc
[2010/07/25 00:56:18 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Publish Providers
[2010/08/11 14:04:27 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Sony
[2010/07/22 20:44:25 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Stardock
[2010/08/10 13:31:50 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Tific
[2010/08/10 13:21:00 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\uTorrent
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At100.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At101.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At102.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At103.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At104.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At105.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At106.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At107.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At108.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At109.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At110.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At111.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At112.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At113.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At114.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At115.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At116.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At117.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At118.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At119.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At120.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At121.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At122.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At123.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At124.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At125.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At126.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At127.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At128.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At129.job
[2010/05/13 22:01:44 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At130.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At131.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At132.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At133.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At134.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At135.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At136.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At137.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At138.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At139.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At140.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At141.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At142.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At143.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At144.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At145.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At146.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At147.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At148.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At149.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At150.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At151.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At152.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At153.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At154.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At155.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At156.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At157.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At158.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At159.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At160.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At161.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At162.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At163.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At164.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At165.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At166.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At167.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At168.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At169.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At170.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At171.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At172.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At173.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At174.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At175.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At176.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At177.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At178.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At179.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At180.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At181.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At182.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At183.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At184.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At185.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At186.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At187.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At188.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At189.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At190.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At191.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At192.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At193.job
[2010/05/13 22:01:45 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At194.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At195.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At196.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At197.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At198.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At199.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At200.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At201.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At202.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At203.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At204.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At205.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At206.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At207.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At208.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At209.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At210.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At211.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At212.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At213.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At214.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At215.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At216.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At217.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At218.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At219.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At220.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At221.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At222.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At223.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At224.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At225.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At226.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At227.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At228.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At229.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At230.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At231.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At232.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At233.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At234.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At235.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At236.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At237.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At238.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At239.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At240.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At241.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At242.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At243.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At244.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At245.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At246.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At247.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At248.job
[2010/08/02 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At249.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At250.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At251.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At252.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At253.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At254.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At255.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At256.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At257.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At258.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At259.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At260.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At261.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At262.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At263.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At264.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At265.job
[2010/05/13 22:01:46 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At266.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At267.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At268.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At269.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At270.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At271.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At272.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At273.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At274.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At275.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At276.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At277.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At278.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At279.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At280.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At281.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At282.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At283.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At284.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At285.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At286.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At287.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At288.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At289.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At290.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At291.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At292.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At293.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At294.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At295.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At296.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At297.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At298.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At299.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At300.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At301.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At302.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At303.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At304.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At305.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At306.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At307.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At308.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At309.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At310.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At311.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At312.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At313.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At314.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At315.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At316.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At317.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At318.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At319.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At320.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At321.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At322.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At323.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At324.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At49.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At50.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At51.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At52.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At53.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At54.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At55.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At56.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At57.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At58.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At59.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At60.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At61.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At62.job
[2010/05/13 22:01:47 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At63.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At64.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At65.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At66.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At67.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At68.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At69.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At70.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At71.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At72.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At73.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At74.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At75.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At76.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At77.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At78.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At79.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At80.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At81.job
[2010/08/09 16:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At82.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At83.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At84.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At85.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At86.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At87.job
[2010/08/09 16:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At88.job
[2010/08/09 16:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At89.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At90.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At91.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At92.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At93.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At94.job
[2010/08/09 16:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At95.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At96.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At97.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At98.job
[2010/05/13 22:01:48 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\At99.job
[2010/07/08 17:28:43 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/01 23:07:28 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A31BAB66-4D89-48F5-9A6F-151C3103F5E1}.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< >

< %SYSTEMDRIVE%\*.* >
[2009/10/14 19:03:23 | 000,015,364 | -H-- | M] () -- C:\.DS_Store
[2009/07/17 02:47:30 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/08/20 21:46:09 | 000,004,096 | -H-- | M] () -- C:\._.TemporaryItems
[2009/08/20 02:28:24 | 000,004,096 | -H-- | M] () -- C:\._.Trashes
[2009/08/27 21:01:18 | 000,466,096 | ---- | M] () -- C:\AnalysisLog.sr0
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/11/02 02:55:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2025/08/31 12:30:31 | 000,796,016 | ---- | M] (Symantec Corporation) -- C:\cltLMSx.dll
[2009/06/24 19:52:02 | 000,004,691 | RH-- | M] () -- C:\dell.sdr
[2009/09/11 17:19:21 | 000,000,602 | ---- | M] () -- C:\deltaStartup.log
[2010/08/16 12:12:05 | 3018,596,352 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/11 08:13:14 | 000,001,084 | ---- | M] () -- C:\install86057.log
[2010/07/14 07:19:41 | 000,001,038 | -H-- | M] () -- C:\IPH.PH
[2010/02/18 13:02:46 | 002,838,200 | ---- | M] (Intel Corporation) -- C:\libmmd.dll
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/08/16 12:12:14 | 4024,799,232 | -HS- | M] () -- C:\pagefile.sys
[2009/07/02 00:51:56 | 000,000,159 | ---- | M] () -- C:\SetupLCV.log

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 15:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2008/04/02 14:44:15 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\RGSGrowBounds.aex
[2010/08/10 00:07:55 | 000,071,303 | ---- | M] () -- C:\Program Files (x86)\trapcodeparticularv2.log
[2010/05/12 22:32:01 | 000,002,419 | ---- | M] () -- C:\Program Files (x86)\trapcodeStarglow.log
[2010/05/12 22:30:22 | 000,036,868 | ---- | M] () -- C:\Program Files (x86)\uninst-Echospace.exe
[2010/05/12 22:31:01 | 000,036,868 | ---- | M] () -- C:\Program Files (x86)\uninst-Lux.exe
[2009/11/08 01:48:56 | 000,036,868 | ---- | M] () -- C:\Program Files (x86)\uninst-Particular.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%|bak;true;false;false /fp >

< %systemroot%\system32|bak;true;false;false /fp >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/08/13 17:01:13 | 000,000,000 | ---D | M](C:\Users\Personal\Documents\?? ???) -- C:\Users\Personal\Documents\넥슨 플러그
[2010/08/13 17:01:13 | 000,000,000 | ---D | C](C:\Users\Personal\Documents\?? ???) -- C:\Users\Personal\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\.DS_Store:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\._.Trashes:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\._.TemporaryItems:Mac_Metadata
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1098 bytes -> C:\ProgramData\Microsoft:y3tlSY2vttYtiwPoxYeO4UJEHkn
@Alternate Data Stream - 1092 bytes -> C:\Users\Personal\AppData\Local\Temp:Jz4DvaUl4yvAkrSWE7Ot965iwB6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 1048 bytes -> C:\ProgramData\Microsoft:7hIxygoqQ4FCSBfcGQq4
< End of report >

Extras.Txt
__________
OTL Extras logfile created on: 8/16/2010 1:20:27 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = D:\Programs
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 43.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 89.99 Gb Total Space | 8.24 Gb Free Space | 9.16% Space Free | Partition Type: NTFS
Drive D: | 76.19 Gb Total Space | 5.93 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-PC
Current User Name: Personal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3495711180-3437875855-2106924724-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{14A6AE78-F4D9-4E9A-B27B-BC1E47C93185}" = Trapcode Lux
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
"{5CE0BE99-8B5C-4C32-B562-91BF3EF1F48F}" = Trapcode EchoSpace
"{6D14F459-DA76-42A5-982F-CDE6BC7D64B2}" = Trapcode Form
"{71AC1C1B-CF68-4380-B040-AFBDF381C481}" = Trapcode Starglow
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}" = Autodesk 3ds Max 2010 64-bit
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{B9E591DD-DAAC-0409-B1B8-5667E359170B}" = Autodesk 3ds Max 2010 64-bit Components
"{C503B73F-3DE3-419D-9807-0282C340CDE8}" = Trapcode 3D Stroke
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CCF27C3E-E659-4132-8E1A-56F1AC604BE4}" = Trapcode SoundKeys
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{D4C0D93D-7924-486F-9B30-27ABD4EA3BB3}" = Trapcode Shine
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5456E56-BBFA-414A-965B-987A2C96A9E1}" = Trapcode Horizon
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2470011b-9df5-4e19-852c-28ff0c38f6fa}" = Nero 9
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{62C81505-65E8-BBFF-5A9B-23958770F694}" = BannedStory 3.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AA43110-17F5-445E-BC40-4D2BC47A3079}_is1" = particleView 3.2
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine®2 Sandbox™2
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-07-28
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F77685F4-49DC-4B8E-B41F-F399FE2787C7}_is1" = particleIllusion 3.0.4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp)
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"bs.BannedStory.B138736892407FF2891DACB3EC40AB4373DCB810.1" = BannedStory 3.0
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Crazybump" = Crazybump (remove only)
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Defraggler" = Defraggler
"Dell Dock" = Dell Dock
"DFO" = DFOLauncher
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Fences" = Fences
"FL Studio 9" = FL Studio 9
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Fraps" = Fraps (remove only)
"Graphing Calculator 3D_is1" = Graphing Calculator 3D 3.2
"Guitar Pro 5_is1" = Guitar Pro 5.2
"IL Download Manager" = IL Download Manager
"InstallShield_{14A6AE78-F4D9-4E9A-B27B-BC1E47C93185}" = Trapcode Lux
"InstallShield_{5CE0BE99-8B5C-4C32-B562-91BF3EF1F48F}" = Trapcode EchoSpace
"InstallShield_{6D14F459-DA76-42A5-982F-CDE6BC7D64B2}" = Trapcode Form
"InstallShield_{71AC1C1B-CF68-4380-B040-AFBDF381C481}" = Trapcode Starglow
"InstallShield_{C503B73F-3DE3-419D-9807-0282C340CDE8}" = Trapcode 3D Stroke
"InstallShield_{CCF27C3E-E659-4132-8E1A-56F1AC604BE4}" = Trapcode SoundKeys
"InstallShield_{D4C0D93D-7924-486F-9B30-27ABD4EA3BB3}" = Trapcode Shine
"InstallShield_{F5456E56-BBFA-414A-965B-987A2C96A9E1}" = Trapcode Horizon
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"MKVtoolnix" = MKVtoolnix 3.4.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nakido" = Nakido
"Nike+ Mini" = Nike+ Mini Screen Saver
"PoiZone" = PoiZone
"PopTag" = PopTag!
"PunkBusterSvc" = PunkBuster Services
"Sawer" = Sawer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Stardock MyColors" = Stardock MyColors
"Sure Delete_is1" = Sure Delete 5.1.1
"SysInfo" = Creative System Information
"TightVNC_is1" = TightVNC 1.3.10
"TinyPDF_is1" = TinyPDF
"Toxic Biohazard" = Toxic Biohazard
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode Starglow" = Trapcode Starglow
"UltraISO_is1" = UltraISO Premium V9.33
"uTorrent" = µTorrent
"Videora iPod Converter" = Videora iPod Converter 5.04
"Vindictus" = Vindictus
"vixy converter BETA_is1" = vixy converter uninstall
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3495711180-3437875855-2106924724-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2010 4:43:59 AM | Computer Name = Mike-PC | Source = Bonjour Service | ID = 100
Description = 212: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/16/2010 4:43:59 AM | Computer Name = Mike-PC | Source = Bonjour Service | ID = 100
Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/16/2010 4:43:59 AM | Computer Name = Mike-PC | Source = Bonjour Service | ID = 100
Description = 216: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/16/2010 4:43:59 AM | Computer Name = Mike-PC | Source = Bonjour Service | ID = 100
Description = 468: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/16/2010 4:43:59 AM | Computer Name = Mike-PC | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/16/2010 4:51:37 AM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 420 Start
Time: 01cb3d20293a7d90 Termination Time: 15 Application Path: C:\Windows\Explorer.EXE

Report
Id: 749f83c1-a913-11df-9544-00234de81ea3

Error - 8/16/2010 4:52:36 AM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MapleStory.exe, version: 1.0.0.1, time
stamp: 0x4c446d5e Faulting module name: convbsvc.dll, version: 0.0.0.0, time stamp:
0x3e317176 Exception code: 0xc0000005 Fault offset: 0x0000145c Faulting process id:
0xa78 Faulting application start time: 0x01cb3d205f5ad050 Faulting application path:
C:\Nexon\MapleStory\MapleStory.exe Faulting module path: C:\Windows\convbsvc.dll
Report
Id: 9db780f0-a913-11df-9544-00234de81ea3

Error - 8/16/2010 4:57:06 AM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\Programs\SoftonicDownloader18939.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 8/16/2010 1:34:27 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: OTL.exe, version: 3.2.9.1, time stamp:
0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0xed57c593 Faulting process id: 0x13c0 Faulting application
start time: 0x01cb3d69455ad828 Faulting application path: D:\Programs\OTL.exe Faulting
module path: unknown Report Id: 8445d290-a95c-11df-8a59-00234de81ea3

Error - 8/16/2010 1:34:44 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: OTL.exe, version: 3.2.9.1, time stamp:
0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0xed57c593 Faulting process id: 0xbd0 Faulting application
start time: 0x01cb3d69508cd390 Faulting application path: D:\Programs\OTL.exe Faulting
module path: unknown Report Id: 8e996860-a95c-11df-8a59-00234de81ea3

[ Media Center Events ]
Error - 12/23/2009 9:37:44 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 7:37:41 PM - Error connecting to the internet. 7:37:41 PM - Unable
to contact server..

Error - 12/23/2009 10:37:49 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 8:37:49 PM - Error connecting to the internet. 8:37:49 PM - Unable
to contact server..

Error - 12/23/2009 10:37:55 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 8:37:54 PM - Error connecting to the internet. 8:37:54 PM - Unable
to contact server..

Error - 1/3/2010 6:36:17 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 4:36:17 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 1/7/2010 6:40:11 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 4:40:11 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 1/27/2010 6:34:20 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 4:34:20 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 1/29/2010 6:35:28 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 4:35:28 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 2/11/2010 9:10:31 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 7:10:25 AM - Error connecting to the internet. 7:10:25 AM - Unable
to contact server..

Error - 2/11/2010 6:15:15 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 4:15:15 PM - Error connecting to the internet. 4:15:15 PM - Unable
to contact server..

Error - 2/11/2010 6:15:24 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 4:15:20 PM - Error connecting to the internet. 4:15:20 PM - Unable
to contact server..

[ System Events ]
Error - 8/16/2010 4:51:14 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Media Optimizer service failed to start due to the following
error: %%2

Error - 8/16/2010 4:51:14 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 8/16/2010 4:52:08 AM | Computer Name = Mike-PC | Source = DCOM | ID = 10010
Description =

Error - 8/16/2010 1:12:02 PM | Computer Name = Mike-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 8/16/2010 1:12:02 PM | Computer Name = Mike-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 8/16/2010 1:12:26 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the 1257150087
service to connect.

Error - 8/16/2010 1:12:26 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description = The 1257150087 service failed to start due to the following error:
%%1053

Error - 8/16/2010 1:12:30 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Media Optimizer service failed to start due to the following
error: %%2

Error - 8/16/2010 1:12:31 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 8/16/2010 1:15:00 PM | Computer Name = Mike-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >

Attached Thumbnails

  • Capture.PNG

  • 0

#4
Aaron
Posted 17 August 2010 - 01:43 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi

You have a lot of malware. I think you also use a lot of cracks, cracked software and P2P programs. They are probably the source of all these problems, you should not use them.

Do you know these documents:
[2010/08/13 17:01:13 | 000,000,000 | ---D | M](C:\Users\Personal\Documents\?? ???) -- C:\Users\Personal\Documents\넥슨 플러그
[2010/08/13 17:01:13 | 000,000,000 | ---D | C](C:\Users\Personal\Documents\?? ???) -- C:\Users\Personal\Documents\넥슨 플러그

============ Step one ============

I see that you are running no antivirussoftware, this is very dangerous! Before I start helping you, you have to download and install one, here are a few witch you can choose from:
An antivirus program is the very basic protection and without you have the chance of getting infected every day. Malware slows down your computer, steals your information, creates errors, redirects you will surfing... Those AV's listed above are free, good and wont slow down your computer to much.

============ Step two ============

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Ask Toolbar

============ Step three ============

Run OTL again

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\scvhost.exe -- (WMOptimizer)
    SRV - [2009/09/14 03:49:52 | 000,423,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\1257150087\Mike1257150087L.exe -- (.1257150087)
    FF - prefs.js..extensions.enabledItems: {5a8b3cf0-87bd-20d4-b2c1-e527fb2ab4bd}:4.6.6.8
    [2010/05/13 21:58:21 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{5a8b3cf0-87bd-20d4-b2c1-e527fb2ab4bd}
    FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
    FF - prefs.js..extensions.enabledItems: {056F816F-3719-4014-9DAE-CB1840639479}:1.9.1
    FF - HKLM\software\mozilla\Firefox\Extensions\\{056F816F-3719-4014-9DAE-CB1840639479}: C:\Users\Personal\AppData\Local\{056F816F-3719-4014-9DAE-CB1840639479}\ [2010/08/09 13:37:37 | 000,000,000 | ---D | M]
    [2010/08/09 13:37:37 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\{056F816F-3719-4014-9DAE-CB1840639479}
    [2010/07/26 21:05:35 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Mozilla\Firefox\Profiles\q3ednnwo.default\extensions\[email protected]
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKU\S-1-5-21-3495711180-3437875855-2106924724-1005..\Run: [{C43CAEDC-337C-65F8-DB81-1656244767C9}] C:\Users\Personal\AppData\Roaming\Peev\omqa.exe (xmo)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\etbaex.exe (rqipbu)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\oseky.exe (rqipbu)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\vynuvo.exe (okuc)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\etbaex.exe (rqipbu)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\oseky.exe (rqipbu)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\vynuvo.exe (okuc)
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\heik.exe (rqipbu)
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\maethy.exe (rqipbu)
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taos.exe (okuc)
    O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avzeu.exe (rqipbu)
    O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igib.exe (rqipbu)
    O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\udanc.exe (okuc)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
    O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\microsoft\desktoplayer.exe) - c:\Program Files (x86)\Microsoft\DesktopLayer.exe ()
    O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\aim\aimsrv.exe) - c:\Program Files (x86)\AIM\aimSrv.exe (fvnvo)
    O20 - HKLM Winlogon: UserInit - (c:\users\personal\appdata\local\temp\19aqpsrv.exe) - c:\users\personal\appdata\local\temp\19aqpsrv.exe File not found
    O20 - HKLM Winlogon: UserInit - (c:\users\mike\appdata\local\temp\19aqpsrv.exe) - c:\users\mike\appdata\local\temp\19aqpsrv.exe File not found
    O20 - HKLM Winlogon: UserInit - (c:\users\personal\appdata\roaming\atzait\osodsrv.exe) - c:\Users\Personal\AppData\Roaming\Atzait\osodSrv.exe (fvnvo)
    O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\adobe\acrobat 9.0\acrobat\acrodistsrv.exe) - c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroDistSrv.exe (fvnvo)
    O20 - HKLM Winlogon: UserInit - (c:\users\personal\appdata\roaming\peev\omqasrv.exe) - c:\Users\Personal\AppData\Roaming\Peev\omqaSrv.exe (fvnvo)
    O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanagersrv.exe) - c:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManagerSrv.exe (fvnvo)
    O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32serversrv.exe) - c:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32serverSrv.exe ()
    O36 - AppCertDlls: instgMgr - (C:\Windows\convbsvc.dll) - C:\Windows\convbsvc.dll ()
    [2010/08/15 14:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\rivi
    [2010/08/12 22:38:19 | 000,000,000 | ---D | C] -- C:\_CLTUI_E894D6B5_E3CA_4561_A244_272400640573_Session1
    [2010/08/12 22:38:19 | 000,000,000 | ---D | C] -- C:\_CLTUI_E894D6B5_E3CA_4561_A244_272400640573_Session0
    [2010/08/11 02:54:44 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\PACE Anti-Piracy
    [2010/08/11 02:54:44 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\PACE Anti-Piracy
    [2010/08/10 02:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1257150087
    [2010/08/09 14:01:16 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Peev
    [2010/08/09 13:37:37 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\{056F816F-3719-4014-9DAE-CB1840639479}
    [2010/08/09 13:36:47 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\hvyupfrrv
    [2010/08/09 13:34:30 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\FAC2A774D0FEDC2824280904D74E5269
    [2010/08/09 13:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\riv
    [2010/08/09 01:23:56 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Egexs
    [2010/08/04 09:36:36 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Atzait
    [2010/07/29 21:22:40 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Hyhur
    [2010/07/28 20:29:10 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Ixekg
    [2010/07/27 18:16:34 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Poneyc
    [2010/07/26 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Miof
    [2010/07/26 00:29:53 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Roaming\Ibibel
    [2010/07/23 04:15:04 | 000,000,000 | ---D | C] -- C:\Users\Personal\AppData\Local\AskToolbar
    [2010/07/23 02:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
    [2025/08/31 12:30:31 | 000,796,016 | ---- | M] (Symantec Corporation) -- C:\cltLMSx.dll
    [2010/08/14 20:49:10 | 000,000,134 | ---- | M] () -- C:\Windows\SysWow64\msexcr.ini
    [2010/08/09 19:19:18 | 000,151,552 | ---- | M] () -- C:\Windows\SysWow64\szetyj67vx.exe
    [2010/08/03 16:30:24 | 000,048,640 | -H-- | M] () -- C:\Windows\convbsvc.dll
    [2010/07/26 02:58:04 | 000,000,003 | ---- | M] () -- C:\Windows\treeskp.sys
    [2010/07/26 02:58:04 | 000,000,003 | ---- | M] () -- C:\Windows\sbacknt.bin
    [2010/07/26 02:46:46 | 000,152,904 | ---- | M] () -- C:\Windows\SysWow64\vghd.scr
    [2010/08/14 19:54:33 | 000,000,134 | ---- | C] () -- C:\Windows\SysWow64\msexcr.ini
    [2010/08/09 19:19:07 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\szetyj67vx.exe
    [2010/08/03 16:30:24 | 000,048,640 | -H-- | C] () -- C:\Windows\convbsvc.dll
    [2010/07/26 02:46:48 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys
    [2010/07/26 02:46:48 | 000,000,003 | ---- | C] () -- C:\Windows\sbacknt.bin
    [2010/07/26 02:46:46 | 000,152,904 | ---- | C] () -- C:\Windows\SysWow64\vghd.scr
    [2009/07/13 20:15:07 | 000,000,009 | ---- | C] () -- C:\Windows\SysWow64\comsats.sys
    [2010/08/14 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Blank\AppData\Roaming\Myok
    [2010/08/14 20:58:28 | 000,000,000 | ---D | M] -- C:\Users\Blank\AppData\Roaming\Puka
    [2010/07/23 18:30:08 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PACE Anti-Piracy
    [2010/08/09 18:08:53 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Atzait
    [2010/08/09 01:23:56 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Egexs
    [2010/08/09 13:34:32 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\FAC2A774D0FEDC2824280904D74E5269
    [2010/08/11 00:40:53 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Hyhur
    [2010/07/26 00:29:53 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Ibibel
    [2010/08/09 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Ixekg
    [2010/08/10 01:26:09 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Miof
    [2010/08/11 02:54:45 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\PACE Anti-Piracy
    [2010/08/13 16:30:05 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Peev
    [2010/08/14 02:11:23 | 000,000,000 | ---D | M] -- C:\Users\Personal\AppData\Roaming\Poneyc
    [2025/08/31 12:30:31 | 000,796,016 | ---- | M] (Symantec Corporation) -- C:\cltLMSx.dll
    [2009/09/11 08:13:14 | 000,001,084 | ---- | M] () -- C:\install86057.log
    @Alternate Data Stream - 20 bytes -> C:\.DS_Store:Mac_Metadata
    @Alternate Data Stream - 20 bytes -> C:\._.Trashes:Mac_Metadata
    @Alternate Data Stream - 20 bytes -> C:\._.TemporaryItems:Mac_Metadata
    @Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
    @Alternate Data Stream - 1098 bytes -> C:\ProgramData\Microsoft:y3tlSY2vttYtiwPoxYeO4UJEHkn
    @Alternate Data Stream - 1092 bytes -> C:\Users\Personal\AppData\Local\Temp:Jz4DvaUl4yvAkrSWE7Ot965iwB6
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 1048 bytes -> C:\ProgramData\Microsoft:7hIxygoqQ4FCSBfcGQq4

    :Services

    :Reg

    :Files
    C:\Windows\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and save the log it produces.
  • Open OTL again and click the Quick Scan button. Now post the log it produces together with the log you saved from running the fix. Post both logs in your next reply please.

============ Step four ============

Run OTL again:

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    C:\32788R22FWJFW\*.*
  • Set every item to none (processes, modules, services, drivers, standard & extra registry and files modified & created within)
  • Then click the Run Scan button at the top
  • Let the program run unhindered and post the log it produces in your next reply.

============ Step five ============

You can igore that error in GMER. Just continue following the instructions and post the log in your next reply.
I'll repost the instructions here:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

- Maser00
  • 0

#5
Aaron
Posted 23 August 2010 - 03:15 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP