Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista 64 Bit Browser Redirect Victim - Help!

Started by cr1s , Oct 03 2010 08:01 PM

  • Please log in to reply

#1
cr1s
Posted 03 October 2010 - 08:01 PM

cr1s

    New Member

  • Member
  • Pip
  • 1 posts
Uh oh. Might I be one of the first casualties of the new 64-bit Rootkit era? I have Vista 64 bit and my computer had been humming along fine and then I started noticing many errors. IE 8 began having difficulties launching, would shut down: "Internet Explorer stopped working" and then began redirecting to a work at home site. Also, Microsoft Security Essentials seems to shut down--or at least not appear in the system tray, though popping open the Security Center shows that it is operational. Whatever it is, it remains undetected by just about everything: MSE, Malwarebytes, Norton Online Security scan, Trend Micro online security scan, etc. Which leads me to believe it has dug in deep and determined to stay there.

I'll list all my diagnostic/result files here.

One odd note: When I opened GMER, only "Services", "Registry", "Files", "ADS" and the C:\ drive is selected. I cannot select any other option ("System", "Sections", etc.)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-03 21:27:51
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x88 0xED 0x0A 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x88 0xED 0x0A 0x2A ...

---- EOF - GMER 1.0.15 ----




OTL logfile created on: 10/3/2010 9:29:45 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Paul\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142.12 Gb Total Space | 36.74 Gb Free Space | 25.85% Space Free | Partition Type: NTFS
Drive D: | 34.19 Gb Total Space | 34.09 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
Drive E: | 677.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 7.39 Gb Total Space | 7.39 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL-PC
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/03 16:50:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/04/15 01:36:30 | 000,959,672 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
PRC - [2009/04/15 01:32:04 | 000,376,272 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/04/15 01:18:36 | 004,352,928 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/01 11:59:26 | 000,125,424 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2008/06/11 16:54:30 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 20:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/12 04:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010/10/03 16:50:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/07/31 18:31:16 | 000,055,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/29 22:27:24 | 002,287,488 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 18:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/09 05:26:26 | 001,472,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/15 01:33:18 | 000,826,352 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/01/09 08:46:25 | 001,122,304 | R--- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/14 00:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/14 00:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/14 00:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)
SRV - [2008/08/01 11:59:26 | 000,125,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/02/12 04:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\RxFilter.sys -- (RxFilter)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/08/09 05:36:42 | 000,048,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/28 20:48:52 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/21 20:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/08/08 14:34:18 | 001,581,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV:64bit: - [2009/08/08 14:34:12 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2009/08/08 14:34:12 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2009/08/08 14:34:09 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/08/01 01:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2008/08/01 01:00:00 | 000,026,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2008/08/01 01:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/06/27 04:02:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/06/10 23:13:00 | 000,264,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/04/15 20:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/14 22:14:40 | 000,062,040 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008/04/07 22:46:44 | 000,051,928 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2008/03/25 19:51:16 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/25 19:47:06 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/03/25 19:45:44 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/01/30 06:46:24 | 000,062,480 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/17 23:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/10/18 18:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/06/19 01:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/08/11 10:53:16 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/06/11 14:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...=PTB&M=P-7811FX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...=PTB&M=P-7811FX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...=PTB&M=P-7811FX

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...=PTB&M=P-7811FX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 6A C6 61 32 D6 C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Value error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2156.0\Firefox [2010/09/26 15:22:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files (x86)\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe (Seagate)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BlackArmorBackupMonitor.exe] C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe (Seagate)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe (Sonic Solutions)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: X:\My Documents\My Pictures\FirstKodakPix\2009-10-11 Me Leaving UK XXX\Sofi xxx 4.jpg
O24 - Desktop BackupWallPaper: X:\My Documents\My Pictures\FirstKodakPix\2009-10-11 Me Leaving UK XXX\Sofi xxx 4.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/08/13 17:05:24 | 001,572,864 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001/07/25 18:36:12 | 000,000,135 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4116eafb-cc28-11de-ae16-001d72c86765}\Shell - "" = AutoRun
O33 - MountPoints2\{4116eafb-cc28-11de-ae16-001d72c86765}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4116eafb-cc28-11de-ae16-001d72c86765}\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\{ebfdfc75-af3c-11dd-ab41-0016ea714e7c}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{ebfdfc7a-af3c-11dd-ab41-0016ea714e7c}\Shell - "" = AutoRun
O33 - MountPoints2\{ebfdfc7a-af3c-11dd-ab41-0016ea714e7c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fe7ef4eb-3acc-11df-981e-001d72c86765}\Shell - "" = AutoRun
O33 - MountPoints2\{fe7ef4eb-3acc-11df-981e-001d72c86765}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{fe7ef4eb-3acc-11df-981e-001d72c86765}\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - File not found
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - lvcodec2.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/03 20:29:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\TFC.exe
[2010/10/03 20:28:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\erunt
[2010/10/03 16:49:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/10/03 16:33:45 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Paul\Desktop\SUPERAntiSpyware.exe
[2010/10/03 16:30:03 | 001,033,690 | ---- | C] ( ) -- C:\Users\Paul\Desktop\tswsetup.exe
[2010/10/02 16:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/29 01:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/29 01:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/29 01:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/29 00:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/29 00:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/09/26 16:30:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/26 16:30:18 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/26 16:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/09/26 16:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/26 15:40:46 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/09/26 15:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/09/26 15:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/09/26 15:18:07 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Windows Live
[2010/09/20 16:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/20 16:46:14 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Bitrix Security
[2010/09/20 06:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/09/19 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\IObit
[2010/09/19 19:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/09/19 15:10:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2010/09/19 15:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/19 15:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/19 03:09:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\DoctorWeb
[2010/09/16 17:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/15 16:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/09/15 14:06:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\My Weblog Posts
[2010/09/13 18:37:34 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Severance Response
[2010/09/12 21:27:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Mozilla
[2010/09/07 16:35:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Outlook Files
[2010/09/07 16:25:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/09/07 16:25:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/09/07 15:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/09/07 15:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/09/07 15:49:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/07 15:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/09/07 15:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/09/06 16:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/08/13 09:39:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[1 C:\Users\Paul\AppData\Local\*.tmp files -> C:\Users\Paul\AppData\Local\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/03 21:32:00 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DE82DB28-0292-4B41-837D-C55C06CD9944}.job
[2010/10/03 21:29:04 | 005,767,168 | ---- | M] () -- C:\Users\Paul\ntuser.dat
[2010/10/03 21:27:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2147623829-2238141192-3143908-1000UA.job
[2010/10/03 21:09:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/03 20:49:54 | 000,293,376 | ---- | M] () -- C:\Users\Paul\Desktop\gmer.exe
[2010/10/03 20:40:22 | 000,327,870 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/03 20:40:21 | 000,327,870 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/03 20:40:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/10/03 20:40:13 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/03 20:40:06 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 20:40:06 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 20:40:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/03 20:39:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/03 20:37:35 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\ntuser.dat{273733d7-c46d-11df-9b21-001d72c86765}.TMContainer00000000000000000001.regtrans-ms
[2010/10/03 20:37:35 | 000,065,536 | -HS- | M] () -- C:\Users\Paul\ntuser.dat{273733d7-c46d-11df-9b21-001d72c86765}.TM.blf
[2010/10/03 20:37:33 | 003,546,983 | -H-- | M] () -- C:\Users\Paul\AppData\Local\IconCache.db
[2010/10/03 20:32:23 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\TFC.exe
[2010/10/03 18:45:59 | 000,001,890 | ---- | M] () -- C:\Users\Paul\Desktop\HijackThis.lnk
[2010/10/03 16:50:05 | 000,284,915 | ---- | M] () -- C:\Users\Paul\Desktop\gmer.zip
[2010/10/03 16:50:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/10/03 16:33:56 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Paul\Desktop\SUPERAntiSpyware.exe
[2010/10/03 16:30:18 | 001,033,690 | ---- | M] ( ) -- C:\Users\Paul\Desktop\tswsetup.exe
[2010/10/02 23:44:29 | 000,002,239 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/01 12:27:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2147623829-2238141192-3143908-1000Core.job
[2010/10/01 01:08:30 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/01 01:08:30 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/01 01:08:30 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/30 09:45:14 | 666,487,213 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/27 19:46:06 | 002,521,320 | ---- | M] () -- C:\Windows\umcat_01.db
[2010/09/26 17:29:33 | 000,001,053 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail Beta.lnk
[2010/09/26 15:51:46 | 000,119,064 | ---- | M] () -- C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/26 15:49:29 | 000,428,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/25 16:30:48 | 000,023,551 | ---- | M] () -- C:\Users\Paul\Desktop\https___www.toysrus.com_checkout.jsp.pdf
[2010/09/25 14:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\ntuser.dat{273733d7-c46d-11df-9b21-001d72c86765}.TMContainer00000000000000000002.regtrans-ms
[2010/09/22 12:46:27 | 000,162,565 | ---- | M] () -- C:\Users\Paul\Desktop\sStaples_Confirmation.pdf
[2010/09/20 16:49:51 | 000,363,520 | ---- | M] () -- C:\Users\Paul\Desktop\apples.exe
[2010/09/20 07:41:02 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\ntuser.dat{345c236b-71b2-11de-85db-001d72c86765}.TMContainer00000000000000000001.regtrans-ms
[2010/09/20 07:41:02 | 000,065,536 | -HS- | M] () -- C:\Users\Paul\ntuser.dat{345c236b-71b2-11de-85db-001d72c86765}.TM.blf
[2010/09/19 13:59:24 | 000,034,144 | ---- | M] () -- C:\ProgramData\.wtav
[2010/09/19 04:10:19 | 000,009,380 | ---- | M] () -- C:\Users\Paul\AppData\Local\d3d9caps64.dat
[2010/09/17 12:02:52 | 016,279,742 | ---- | M] () -- C:\Windows\SysNative\ELC BNY Mellon Shareowner 1.pdf
[2010/09/16 16:11:15 | 000,053,304 | ---- | M] () -- C:\Users\Paul\Desktop\usairwaysmastercard.pdf
[2010/09/15 16:30:35 | 000,001,849 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\MP Navigator 1.1.lnk
[2010/09/10 00:20:08 | 000,001,866 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2010/09/07 16:15:42 | 000,000,928 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/09/07 16:06:07 | 000,721,764 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/07 15:58:52 | 000,000,244 | ---- | M] () -- C:\Windows\win.ini
[2010/08/08 22:39:21 | 000,393,728 | ---- | M] () -- C:\Users\Paul\Desktop\Screenplay - Mismatched.doc
[1 C:\Users\Paul\AppData\Local\*.tmp files -> C:\Users\Paul\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/03 18:45:59 | 000,001,890 | ---- | C] () -- C:\Users\Paul\Desktop\HijackThis.lnk
[2010/10/03 16:50:00 | 000,284,915 | ---- | C] () -- C:\Users\Paul\Desktop\gmer.zip
[2010/10/02 23:44:27 | 000,002,239 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/09/27 19:45:13 | 002,521,320 | ---- | C] () -- C:\Windows\umcat_01.db
[2010/09/26 17:29:33 | 000,001,053 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail Beta.lnk
[2010/09/25 16:30:48 | 000,023,551 | ---- | C] () -- C:\Users\Paul\Desktop\https___www.toysrus.com_checkout.jsp.pdf
[2010/09/22 12:46:26 | 000,162,565 | ---- | C] () -- C:\Users\Paul\Desktop\sStaples_Confirmation.pdf
[2010/09/20 16:49:47 | 000,363,520 | ---- | C] () -- C:\Users\Paul\Desktop\apples.exe
[2010/09/20 10:55:08 | 000,524,288 | -HS- | C] () -- C:\Users\Paul\ntuser.dat{273733d7-c46d-11df-9b21-001d72c86765}.TMContainer00000000000000000002.regtrans-ms
[2010/09/20 10:55:08 | 000,524,288 | -HS- | C] () -- C:\Users\Paul\ntuser.dat{273733d7-c46d-11df-9b21-001d72c86765}.TMContainer00000000000000000001.regtrans-ms
[2010/09/20 10:55:08 | 000,065,536 | -HS- | C] () -- C:\Users\Paul\ntuser.dat{273733d7-c46d-11df-9b21-001d72c86765}.TM.blf
[2010/09/19 09:13:42 | 000,034,144 | ---- | C] () -- C:\ProgramData\.wtav
[2010/09/17 12:02:46 | 016,279,742 | ---- | C] () -- C:\Windows\SysNative\ELC BNY Mellon Shareowner 1.pdf
[2010/09/16 16:11:15 | 000,053,304 | ---- | C] () -- C:\Users\Paul\Desktop\usairwaysmastercard.pdf
[2010/09/15 16:30:35 | 000,001,849 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\MP Navigator 1.1.lnk
[2010/09/10 00:20:08 | 000,001,866 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2010/09/07 16:22:05 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/09/07 16:22:05 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2010/09/07 16:22:05 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/09/07 16:22:05 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2010/09/07 16:22:05 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/09/07 16:22:05 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/09/07 16:15:42 | 000,000,928 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/09/07 16:06:07 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/28 12:22:50 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2147623829-2238141192-3143908-1000UA.job
[2010/08/28 12:22:49 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2147623829-2238141192-3143908-1000Core.job
[2010/08/08 14:51:00 | 000,393,728 | ---- | C] () -- C:\Users\Paul\Desktop\Screenplay - Mismatched.doc
[2010/05/17 20:50:06 | 000,228,536 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_ATL90SP1_KB973924MSI09AB.txt
[2010/05/17 20:50:06 | 000,011,764 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_ATL90SP1_KB973924UI09AB.txt
[2010/05/09 13:28:50 | 000,578,340 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_vcredistMSI43CF.txt
[2010/05/09 13:24:50 | 000,015,886 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_vcredistUI43CF.txt
[2010/04/25 23:55:59 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\rx_image32.Cache
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/26 22:05:50 | 000,697,010 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_vcredistMSI6490.txt
[2010/03/26 22:05:38 | 000,017,746 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_vcredistUI6490.txt
[2010/01/15 00:45:39 | 000,000,036 | ---- | C] () -- C:\Users\Paul\AppData\Local\housecall.guid.cache
[2009/11/15 10:03:14 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/11/15 10:02:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/28 23:35:32 | 000,522,906 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_ATL80SP1_KB973923MSI1B52.txt
[2009/07/28 23:35:32 | 000,064,808 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_ATL80SP1_KB973923UI1B52.txt
[2009/07/28 23:35:25 | 000,520,400 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_ATL80SP1_KB973923MSI1B1E.txt
[2009/07/28 23:35:16 | 000,064,760 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_ATL80SP1_KB973923UI1B1E.txt
[2009/07/19 12:30:26 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/05/27 22:10:12 | 000,009,380 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps64.dat
[2009/05/13 23:09:54 | 000,000,680 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
[2009/01/20 21:31:32 | 000,024,226 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\UserTile.png
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/10/05 09:06:38 | 001,878,760 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_NET_Framework35_x64_MSI2AED.txt
[2008/10/05 09:06:11 | 000,200,043 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/10/05 09:06:09 | 000,002,584 | ---- | C] () -- C:\Users\Paul\AppData\Local\uxeventlog.txt
[2008/10/05 09:06:09 | 000,000,002 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_dotnetfx35error.txt
[2008/10/05 09:06:08 | 000,210,406 | ---- | C] () -- C:\Users\Paul\AppData\Local\dd_dotnetfx35install.txt
[2008/09/30 11:17:11 | 000,045,056 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/30 06:05:43 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/07/14 13:00:54 | 000,327,870 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/07/14 13:00:36 | 000,327,870 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll

========== LOP Check ==========

[2010/04/25 22:43:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Audacity
[2009/10/24 14:00:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Auslogics
[2010/09/26 16:50:45 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Bitrix Security
[2010/09/20 07:50:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Bullzip
[2010/09/17 14:26:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Canon
[2010/10/03 20:41:14 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Dropbox
[2010/04/25 20:01:44 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FreeAudioPack
[2008/10/05 08:53:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo
[2010/09/19 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\IObit
[2009/08/08 14:29:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Leadertech
[2008/10/25 17:49:22 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Musicmatch
[2010/09/20 07:50:19 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Participatory Culture Foundation
[2009/11/02 13:13:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PCF-VLC
[2009/01/20 21:31:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PeerNetworking
[2009/11/01 16:02:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Regensoft
[2009/08/08 15:10:53 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Seagate
[2009/09/13 19:56:19 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\VSO
[2010/09/27 00:21:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Windows Live Writer
[2010/10/03 20:37:39 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/03 21:32:00 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DE82DB28-0292-4B41-837D-C55C06CD9944}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/06/11 16:40:32 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2008/06/11 16:54:21 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2010/10/03 20:39:47 | 308,240,383 | -HS- | M] () -- C:\pagefile.sys
[2008/06/11 16:39:54 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2010/10/02 13:38:19 | 000,000,429 | ---- | M] () -- C:\rkill.log
[2009/01/15 12:38:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/29 17:18:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/01/15 12:38:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/29 17:18:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/03/28 21:35:24 | 815,699,472 | ---- | M] () -- C:\YR1.mdf
[2010/03/28 21:35:24 | 000,003,048 | ---- | M] () -- C:\YR1.mds

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9638A27E
< End of report >



OTL Extras logfile created on: 10/3/2010 9:29:45 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Paul\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142.12 Gb Total Space | 36.74 Gb Free Space | 25.85% Space Free | Partition Type: NTFS
Drive D: | 34.19 Gb Total Space | 34.09 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
Drive E: | 677.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 7.39 Gb Total Space | 7.39 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL-PC
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = D1 B9 B1 D6 06 66 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0151B4B2-5918-4967-88E7-DFB8080896F2}" = lport=137 | protocol=17 | dir=in | app=system |
"{01940C68-5300-4A5A-97E9-2DD6EAB73022}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{03F07EFB-D01D-4F43-A7A8-314BDA3C273B}" = rport=445 | protocol=6 | dir=out | app=system |
"{06B14789-F116-4E38-B74A-6E9427673F3F}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{0D06ECF3-75CA-42A9-8E03-995CA63F373C}" = lport=138 | protocol=17 | dir=in | app=system |
"{12C8C6AD-093E-41FE-81C1-0FA76562CF25}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{2FC05697-3951-4A4D-9C88-70CD3EA5CA72}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{349D0F18-9D24-485E-9E3F-103D84BEEADC}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{41E58F5A-42FA-4547-85F6-24ADDF6461ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B6B591F-6AF9-471D-82A6-0475F851AECE}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4BB0F263-06AB-43D3-8824-91077F4601A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{4FB025E8-6F0A-4830-BBC3-FC30B7AC0C22}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{527683B3-439A-4227-9079-01658FAC5E3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{537718FD-CE1C-45BC-8868-58BDBE8A4E38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64CAC8C4-E512-4D89-AA7C-256DD160CDCE}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{658C566C-E3FE-45AD-9CA5-BC9F5868BD4A}" = lport=139 | protocol=6 | dir=in | app=system |
"{698BBA17-AA8A-4B92-AFA4-EC62B547F1FA}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{6C3CAF84-6220-4EA2-BD3B-D29E81C97806}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{70489A14-549E-4844-9321-180A7AEBBDDB}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{7444ACF9-4D68-4FEC-829F-760F72F58EA8}" = lport=5358 | protocol=6 | dir=in | app=system |
"{758E2987-F29B-4163-A602-F4037BEAFD71}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7A8EFAF8-8293-41DE-A19A-9608F9183DA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BFDC22D-6F3B-4EC6-BCB1-9C07C3D479C2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{8D94B2FB-53E1-42C3-8A4A-9A2B95A1AEEF}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{95AD057C-AA21-4A4B-B401-6DCF207DAE3E}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{982DFEE8-0FE1-4DBB-9ED3-345DCFF1DAB9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9984E624-F1E0-41C1-80DD-247D8B51E915}" = rport=5358 | protocol=6 | dir=out | app=system |
"{9D15E9E8-1F87-42F3-9DA4-123053AE1382}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9E16D8EE-2954-4F1F-8374-7459BE35AF0C}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{A03CAE9F-8736-42DA-BE5D-8CFF034E005A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A65A9CBE-88D9-4B7A-999A-0B89FE450610}" = lport=5357 | protocol=6 | dir=in | app=system |
"{B1265A2D-AEA5-46DC-8104-9DEFB93ADB4B}" = rport=137 | protocol=17 | dir=out | app=system |
"{BB6BB2D3-B2EA-4B04-ABBB-E1808D03F704}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{BFA9A315-2E9B-4550-9D24-6F29477CDACD}" = rport=139 | protocol=6 | dir=out | app=system |
"{BFD44DA1-622E-4F17-A1E1-0B6101D87303}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BFD68A2B-758F-4855-821F-62010586F667}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{C117A616-E44F-46D0-8224-B5C63CFB66E1}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{C385400D-6979-4B2A-9549-156D87CBA851}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D613D384-6586-4E47-AD67-93C49DC8AB83}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{D908FD3A-5FD9-47AF-A98F-63A63345B90C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF287FEB-8E81-4001-B00C-340BE7BDCAC2}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{E49D4D24-FA05-4A6A-934D-ED7046874A0D}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{E73A0E2E-97D8-41BC-B883-D2CBBDAEE685}" = rport=5357 | protocol=6 | dir=out | app=system |
"{E873B704-A10B-4457-B3CC-743E8F7150E0}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{ECCDB0C7-63F8-417F-A2FF-3633398A515E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EFB9A45E-8B08-4345-A337-449685995F8C}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035EEABB-9A40-4708-B743-D8DA8E60EC8F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{04F4245F-5853-4EA7-80C0-6C040E139D4F}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{0DAE04BC-1D1E-490F-B0D9-1C023C48A400}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{0E942BE0-D114-4F60-AABE-3290FA8023EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17DA252D-029F-454B-B64A-61EAEF68406D}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1C44D935-DDBD-43DF-A1B5-C10E58EA5A36}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{1C9AE234-F76E-42A0-A8C6-810898742896}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{1D1E0C7B-8737-406F-B9A4-5C70CCF84DFF}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{212ECD84-EE0E-4E21-915D-E46CEC993D24}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{2A27E397-582B-4D84-B01D-87381702060F}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{2E698AA3-9150-43DE-9748-47DDEE229A80}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{365CB159-C021-4BDD-8B55-418CD2A59366}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3F66FDC5-47C6-4768-A670-F25318D0DEDB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{490145DD-EBD6-4C9A-9228-D2BAF2F8BFA7}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{4D34D9E6-7BAE-4CCE-825A-BDD5E0506B89}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{500D92FA-EA43-4398-811E-44F5E306A693}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{52FD62E7-FA05-4687-A705-5E1C8773BA4B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{55D21B5D-7843-4E6B-9202-40D6FBA70900}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{58C05740-0E46-4BED-B6F8-7CB51DCFCCE7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5ACCBA4A-68D6-4F58-AC81-C1464F599299}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{654961A0-CA9A-464A-A17E-44B93AFE697D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{6631A4D6-FA24-47EA-93A4-D8AFDC5824FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{6AF8D5AD-F5D1-4DC4-9EAD-4CE7862149C1}" = protocol=1 | dir=out | [email protected],-28544 |
"{76E57B08-90BE-47C2-812F-EEEE864C0048}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{774C9641-0E84-49A9-AEBF-832C699E4549}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{77542C19-1E16-472E-82C1-2257463E83B6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7C0F09BF-F115-497C-ABF6-57EE55EC5118}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{7E55BE91-D2D5-4186-A6A6-622760C9FAD9}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{7FC638C8-839C-46DE-83B5-3562893FE184}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8380667C-62B3-4F23-AAAB-998D94507BDE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89E79203-35C0-4989-85F5-7154F0E45DF2}" = protocol=58 | dir=in | [email protected],-28545 |
"{8A8EABD3-4BF4-4EB9-8B70-459ABE02166F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{8D0569F9-05CF-4F87-A2C8-F0FBD00A10E3}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8E201E07-33F6-43C7-AA00-9657213D2485}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{96698D2C-66D1-4485-A987-0036468679D1}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{9B312BEC-7E15-47A7-8B4D-754D558994FC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A3E6DC7C-3244-4FE7-B515-5A2627F15FD9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A5C1AB25-F99B-4F9A-90D2-F2A77FEDC1FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{A903A53C-175C-44AC-B31B-D4363E68F198}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B2A5FE0A-9EF3-48A6-87E3-B6E99D26A8F7}" = protocol=6 | dir=in | app=c:\users\paul\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B919FCF1-A4B7-4398-9C78-30C0EB38ECBF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BA16CEC6-495A-45BC-AA65-2A7DC2EB1016}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{BD43BAE0-CF0F-4898-AF00-D53E674BB490}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{BE61A22C-B43A-4A8F-BDD8-939114310FC5}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{BE720572-81BA-4002-B931-6151B2B02179}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C11D6E5E-F65D-4535-8866-02775558BA3A}" = protocol=1 | dir=in | [email protected],-28543 |
"{D034DF29-D6AF-49E0-A2A1-BBC209770F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D86610FB-24F5-4C32-9ED6-3A8BBC9C43C1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DC9DE11E-D278-4CEF-A9D7-878CB053ACCD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{DDB9E0AE-EDC4-4466-B3C6-4EC37450457C}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{DF060B24-E398-4191-BC17-561350DBF5EB}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{DF49DE2C-D4E7-4376-A250-AA7D3C2966E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E2B5B9E5-86BE-40F5-BE37-C9FACFFC25AD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9BE044C-90AA-49FE-908E-D3C958642CC6}" = protocol=58 | dir=out | [email protected],-28546 |
"{EC5AED29-86A5-4114-A487-50C50FB9B4F6}" = protocol=17 | dir=in | app=c:\users\paul\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{EF38ED9D-A177-4407-9DFC-F0C0C0D21CCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF7116C8-CBBA-47BB-B832-A5B57B2A0A0B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F43853B5-A275-4631-AB21-F9DBBEEDCA95}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FDBBC445-BCC8-441E-98EB-304981F7EE87}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"TCP Query User{B5F3E752-F05E-44A4-AD0A-8A554A5D7A25}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{BAADB380-E1FD-4551-BAB9-7F4B4BB84411}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{C13B7863-E40A-4961-ABC9-9986E7051BD7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{C89F03F2-0F02-4440-90F5-89FE9A878660}C:\westwood\ra2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\gamemd.exe |
"TCP Query User{DDA3C1AE-BABF-42BE-B981-B5E3AB9C111D}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{8B0CBFE9-09FB-4D37-A896-C486378772AA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{8C4F30FA-7034-4CEF-A8A7-6EF5139D05FE}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{A0DA22DF-22A9-4E5A-98BF-AA888312BDC0}C:\westwood\ra2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\gamemd.exe |
"UDP Query User{D378994C-3564-4C84-89E2-5A4EAE92D08B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F47B09C9-3111-4232-B65A-3066F1AF9995}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{40B38ACD-8720-48F0-B5B0-29C37ADCDECB}" = Windows Live Language Selector
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{43602F34-1AA3-44FB-AEB2-D08C2C737440}" = Paint.NET v3.36
"{45D7A5CC-D03E-4AD9-BDD5-67D96C843349}" = Windows Live Remote Service
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)
"{79A68C93-ED14-4E92-A960-FBB5B6578562}" = Windows Live MIME IFilter
"{82B3C254-537C-4C6D-9C79-7671A011536A}" = O2Micro Flash Memory Card Reader Driver (x64)
"{8A90CB5C-A6D1-440F-A86D-7F32CEABE062}" = Image Resizer Powertoy Clone for Windows
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
"{9151385C-9B53-4058-8DC6-6257BE5CB4E9}" = Windows Live ID Sign-in Assistant
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{95D01D6E-EA9D-4AC8-8B56-844A37091803}" = Windows Live Remote Service Resources
"{9BEA9A7D-2FE1-4315-B93C-44C5B373DC40}" = Windows Live Family Safety
"{A336F8B0-7ADD-48E8-98A2-296040C1EC3F}" = MobileMe Control Panel
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA28586D-6AAF-48E3-ACAE-C0D457641985}" = Windows Live Remote Client Resources
"{BBB56AF7-E80F-411B-8B0D-E94352F7CFB7}" = Windows Live Remote Client
"{C648B105-94EA-4AE0-8083-F08A4291841A}" = Windows Live Family Safety
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE8083CD-259A-453c-BC4A-5A6C15BB5C12}" = Canon MP760
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07766F89-EFAA-4635-86B7-636B89EA2C0D}" = Bing Bar Platform
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{09EA3E66-F60C-45EF-9C16-6CA2262E21C4}" = Roxio Creator 2009 Ultimate
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{19DD26A7-F0DD-472E-887F-44128C31163C}" = Windows Live Messenger
"{1A5B743C-FD87-48D0-9386-C4CCB5D3552C}" = Windows Live Sync Beta
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Central
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3932CA01-E514-48A1-8D2D-B9DA712C58B5}" = Windows Live Writer
"{394A36B7-A693-48FD-AA14-DC17E291A378}" = Windows Live Writer
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.9
"{3F26BD75-95CD-4754-926F-E44C4528D0B9}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41A15ABD-081B-43DC-91A5-8727265E8D77}" = Windows Live Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F88F5D8-767A-4EB4-9AFA-A7CBCC69D767}" = Windows Live SOXE
"{52CDDA92-56B6-4BA5-BD8D-E13B186008CB}" = D3DX10
"{54488589-76BC-4A3F-AC4F-71EBAD657850}" = Windows Live Communications Platform
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5BFD1EBB-0BC8-47AE-BD7C-8368E9CDD006}" = Windows Live Photo Gallery Beta
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6425C9F0-D520-4F5B-9F68-C0DC643787AA}" = Windows Live Messenger
"{66069562-D3AF-4515-B1FD-7EE4DE5CE7D2}" = Windows Live PIMT Platform
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Creator 2009 Ultimate
"{7E432D8D-D78A-44A8-9FE8-B8942F7FD01F}" = Windows Live UX Platform
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{915F574A-CFE9-4A13-851B-E37D58A41BF2}" = Windows Live Writer
"{91973772-A002-446D-8A67-B410553AD8F9}" = Windows Live SOXE Definitions
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95A4E899-87EF-43C7-99E3-9ED5342FBF12}" = Windows Live Movie Maker
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9DF6EC22-733E-4EDC-AC88-54CAD4BF4E7B}" = BlackArmor Backup
"{A7920A06-258A-4E57-B391-95B8E3B92A3A}" = Windows Live Essentials Beta
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA749D64-3741-4D5F-B804-B0BC05D179D1}" = Roxio CinePlayer
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B33CAFFE-01C2-4D10-9E74-74C1E13E0C04}" = Windows Live Messenger Companion Core
"{C0A30BAA-295D-4F7F-8776-FD09FD57E2E2}" = Windows Live Installer
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3A232BD-D257-468B-9086-BBDFD4EE5809}" = Messenger Companion
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB0BAFE9-B307-4FB7-8977-E09CA551246E}" = Windows Live Sync Beta
"{CED9B1E8-FFCB-4497-9DFC-F0B20146896E}" = Windows Live Mail
"{CF092689-6ADF-4C86-A8DA-31B0B448A36C}" = Junk Mail filter update
"{CF119AF4-6943-407F-B416-B4D77E6A7BDD}" = Windows Live Sync ActiveX Control for Remote Connections
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBCC555E-9DC5-4095-8B87-FDE406010689}" = Windows Live UX Platform Language Pack
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EAD90079-5C9F-4BB0-98D2-93CD2F29EB09}" = Windows Live Writer Resources
"{EC7A11C6-B776-43A5-8C40-E468B5476D16}" = Windows Live Photo Common Beta
"{ED486248-8800-40E1-AA2D-C6228CEB9679}" = Windows Live Mail
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB5AEB8B-D920-4F21-8336-16CFA828B145}" = Mesh Runtime
"{FCE7CF00-581E-4B9B-8794-24A196BBFBC0}" = Windows Live Photo Gallery
"Active@ KillDisk FREE Suite" = Active@ KillDisk FREE Suite
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Money2007b" = Microsoft Money Essentials
"MP Navigator 1.1" = Canon MP Navigator 1.1
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Red Alert 2" = Command & Conquer Red Alert 2
"WinLiveSuite" = Windows Live Essentials Beta
"WOLAPI" = Westwood Shared Internet Components
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/26/2010 4:19:13 PM | Computer Name = Paul-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/26/2010 4:19:45 PM | Computer Name = Paul-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/26/2010 4:19:45 PM | Computer Name = Paul-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/26/2010 4:20:13 PM | Computer Name = Paul-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/26/2010 4:20:13 PM | Computer Name = Paul-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/26/2010 4:20:43 PM | Computer Name = Paul-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/26/2010 4:20:43 PM | Computer Name = Paul-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/26/2010 4:26:07 PM | Computer Name = Paul-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/26/2010 4:26:07 PM | Computer Name = Paul-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 9/26/2010 4:55:58 PM | Computer Name = Paul-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 1/18/2009 3:36:16 PM | Computer Name = Paul-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 1/18/2009 3:39:26 PM | Computer Name = Paul-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 1/18/2009 3:45:48 PM | Computer Name = Paul-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 10/2/2010 1:36:52 PM | Computer Name = Paul-PC | Source = Print | ID = 64
Description = The attempt to install printer Microsoft XPS Document Writer 6.0.6002.18005
into an offline operating system image failed with Win32 error code 3016 (0xbc8).
This can occur if the printer driver requires user input or displays a user interface
(UI) during installation.

Error - 10/2/2010 1:37:14 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/3/2010 2:26:57 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/3/2010 2:28:12 PM | Computer Name = Paul-PC | Source = Print | ID = 64
Description = The attempt to install printer Microsoft XPS Document Writer 6.0.6002.18005
into an offline operating system image failed with Win32 error code 3016 (0xbc8).
This can occur if the printer driver requires user input or displays a user interface
(UI) during installation.

Error - 10/3/2010 4:50:06 PM | Computer Name = Paul-PC | Source = DCOM | ID = 10010
Description =

Error - 10/3/2010 8:25:50 PM | Computer Name = Paul-PC | Source = Print | ID = 64
Description = The attempt to install printer Microsoft XPS Document Writer 6.0.6002.18005
into an offline operating system image failed with Win32 error code 3016 (0xbc8).
This can occur if the printer driver requires user input or displays a user interface
(UI) during installation.

Error - 10/3/2010 8:25:57 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/3/2010 8:32:41 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/3/2010 8:40:24 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/3/2010 8:40:40 PM | Computer Name = Paul-PC | Source = Print | ID = 64
Description = The attempt to install printer Microsoft XPS Document Writer 6.0.6002.18005
into an offline operating system image failed with Win32 error code 3016 (0xbc8).
This can occur if the printer driver requires user input or displays a user interface
(UI) during installation.


< End of report >



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:27 PM, on 10/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Paul\Desktop\gmer.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...=PTB&M=P-7811FX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...=PTB&M=P-7811FX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...=PTB&M=P-7811FX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...=PTB&M=P-7811FX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...=PTB&M=P-7811FX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BlackArmorBackupMonitor.exe] C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support....veX/MSDcode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14246 bytes




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4736

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

10/3/2010 10:26:05 PM
mbam-log-2010-10-03 (22-26-05).txt

Scan type: Quick scan
Objects scanned: 159018
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Also, ran TDSSkiller and have the following results. Looks like I had something...


2010/10/03 22:46:06.0147 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/10/03 22:46:06.0147 ================================================================================
2010/10/03 22:46:06.0147 SystemInfo:
2010/10/03 22:46:06.0147
2010/10/03 22:46:06.0147 OS Version: 6.0.6002 ServicePack: 2.0
2010/10/03 22:46:06.0147 Product type: Workstation
2010/10/03 22:46:06.0147 ComputerName: PAUL-PC
2010/10/03 22:46:06.0147 UserName: Paul
2010/10/03 22:46:06.0147 Windows directory: C:\Windows
2010/10/03 22:46:06.0147 System windows directory: C:\Windows
2010/10/03 22:46:06.0147 Running under WOW64
2010/10/03 22:46:06.0147 Processor architecture: Intel x64
2010/10/03 22:46:06.0147 Number of processors: 2
2010/10/03 22:46:06.0147 Page size: 0x1000
2010/10/03 22:46:06.0147 Boot type: Normal boot
2010/10/03 22:46:06.0147 ================================================================================
2010/10/03 22:46:06.0147 Utility is running under WOW64
2010/10/03 22:46:06.0709 Initialize success
2010/10/03 22:46:10.0921 ================================================================================
2010/10/03 22:46:10.0921 Scan started
2010/10/03 22:46:10.0921 Mode: Manual;
2010/10/03 22:46:10.0921 ================================================================================
2010/10/03 22:46:11.0841 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/10/03 22:46:11.0950 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/10/03 22:46:12.0013 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/10/03 22:46:12.0044 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/10/03 22:46:12.0106 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/10/03 22:46:12.0590 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/10/03 22:46:12.0871 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/10/03 22:46:12.0902 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/10/03 22:46:12.0949 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/10/03 22:46:12.0980 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/10/03 22:46:13.0011 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/10/03 22:46:13.0089 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/10/03 22:46:13.0120 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/10/03 22:46:13.0152 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/03 22:46:13.0198 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/10/03 22:46:13.0276 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/10/03 22:46:13.0354 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/03 22:46:13.0401 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/03 22:46:13.0417 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/10/03 22:46:13.0464 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/10/03 22:46:13.0479 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/10/03 22:46:13.0510 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/03 22:46:13.0542 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/10/03 22:46:13.0557 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/10/03 22:46:13.0620 CAXHWAZL (cd69e6640bc4778eb4159d34a707106e) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2010/10/03 22:46:13.0651 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/03 22:46:13.0698 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/03 22:46:13.0744 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/10/03 22:46:13.0807 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/10/03 22:46:13.0916 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/03 22:46:13.0947 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/10/03 22:46:14.0010 CnxtHdAudService (491cbd050ce600b0fb8e71d01d76e0f9) C:\Windows\system32\drivers\CHDRT64.sys
2010/10/03 22:46:14.0041 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/03 22:46:14.0056 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/03 22:46:14.0119 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/10/03 22:46:14.0181 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/10/03 22:46:14.0244 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/10/03 22:46:14.0306 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/03 22:46:14.0368 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/10/03 22:46:14.0400 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/10/03 22:46:14.0462 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/10/03 22:46:14.0509 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/10/03 22:46:14.0634 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/10/03 22:46:14.0680 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/10/03 22:46:14.0758 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/03 22:46:14.0790 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/10/03 22:46:14.0836 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/10/03 22:46:14.0868 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/03 22:46:14.0914 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/10/03 22:46:14.0992 fssfltr (96ac62f059225e543e4ab0fc44db6024) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/10/03 22:46:15.0039 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/03 22:46:15.0070 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/03 22:46:15.0117 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/03 22:46:15.0180 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2010/10/03 22:46:15.0273 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/03 22:46:15.0336 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/10/03 22:46:15.0367 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/10/03 22:46:15.0414 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/03 22:46:15.0445 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/10/03 22:46:15.0507 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2010/10/03 22:46:15.0616 HSF_DPV (ebdba99c2362457be429f024396b63be) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2010/10/03 22:46:15.0710 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/10/03 22:46:15.0757 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/10/03 22:46:15.0819 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/03 22:46:15.0897 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
2010/10/03 22:46:15.0928 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/10/03 22:46:15.0975 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/10/03 22:46:16.0100 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
2010/10/03 22:46:16.0131 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/10/03 22:46:16.0162 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/03 22:46:16.0225 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/03 22:46:16.0272 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/03 22:46:16.0318 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/03 22:46:16.0381 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/10/03 22:46:16.0412 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/10/03 22:46:16.0474 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/03 22:46:16.0506 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/10/03 22:46:16.0537 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/10/03 22:46:16.0568 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/03 22:46:16.0615 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/03 22:46:16.0693 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/03 22:46:16.0786 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/10/03 22:46:16.0833 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/03 22:46:16.0880 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/03 22:46:16.0911 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/03 22:46:16.0958 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/03 22:46:17.0005 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/10/03 22:46:17.0114 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
2010/10/03 22:46:17.0176 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
2010/10/03 22:46:17.0208 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/10/03 22:46:17.0254 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/10/03 22:46:17.0301 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/10/03 22:46:17.0379 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/10/03 22:46:17.0410 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/03 22:46:17.0457 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/03 22:46:17.0473 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/03 22:46:17.0504 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/10/03 22:46:17.0566 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/10/03 22:46:17.0613 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/10/03 22:46:17.0660 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/10/03 22:46:17.0676 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/03 22:46:17.0738 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/03 22:46:17.0769 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/10/03 22:46:17.0832 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/03 22:46:18.0081 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/03 22:46:18.0190 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/03 22:46:18.0237 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/03 22:46:18.0284 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/10/03 22:46:18.0315 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/10/03 22:46:18.0362 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/10/03 22:46:18.0409 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/03 22:46:18.0440 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/03 22:46:18.0471 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/10/03 22:46:18.0518 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/10/03 22:46:18.0565 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/03 22:46:18.0596 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/10/03 22:46:18.0627 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/10/03 22:46:18.0690 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/03 22:46:18.0768 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/10/03 22:46:18.0877 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/03 22:46:18.0924 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/03 22:46:18.0970 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/03 22:46:19.0002 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/10/03 22:46:19.0033 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/03 22:46:19.0080 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/03 22:46:19.0267 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
2010/10/03 22:46:19.0407 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/10/03 22:46:19.0454 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/10/03 22:46:19.0501 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/03 22:46:19.0579 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/10/03 22:46:19.0657 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/10/03 22:46:19.0719 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
2010/10/03 22:46:20.0140 nvlddmkm (c496cfedeecc02b654ebed3954d47b1b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/03 22:46:20.0406 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/10/03 22:46:20.0437 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/10/03 22:46:20.0484 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/10/03 22:46:20.0593 O2MDRDR (6531dced1f12f8863f5c335c4a89a02e) C:\Windows\system32\DRIVERS\o2mdx64.sys
2010/10/03 22:46:20.0624 O2SDRDR (e91b345d7e8ffaf29164b81311623941) C:\Windows\system32\DRIVERS\o2sdx64.sys
2010/10/03 22:46:20.0655 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/03 22:46:20.0718 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/10/03 22:46:20.0780 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/10/03 22:46:20.0811 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/10/03 22:46:20.0858 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2010/10/03 22:46:20.0889 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/10/03 22:46:20.0983 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/10/03 22:46:21.0092 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/03 22:46:21.0123 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/10/03 22:46:21.0186 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/03 22:46:21.0248 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/10/03 22:46:21.0310 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/10/03 22:46:21.0388 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/10/03 22:46:21.0451 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/03 22:46:21.0482 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/03 22:46:21.0544 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/03 22:46:21.0607 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/03 22:46:21.0654 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/03 22:46:21.0716 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/03 22:46:21.0763 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/03 22:46:21.0810 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/10/03 22:46:21.0825 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/03 22:46:21.0888 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/10/03 22:46:21.0997 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/03 22:46:22.0059 Sahdad64 (2cd0c2afebb9f036c8f10ca03e5f10d7) C:\Windows\system32\Drivers\Sahdad64.sys
2010/10/03 22:46:22.0106 Saibad64 (6fcbd69a26715c9764e87291ae139d8e) C:\Windows\system32\Drivers\Saibad64.sys
2010/10/03 22:46:22.0137 SaibVdAd64 (1996857c9e5c95f911eac51411b30e51) C:\Windows\system32\Drivers\SaibVdAd64.sys
2010/10/03 22:46:22.0184 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/10/03 22:46:22.0246 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/03 22:46:22.0293 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/10/03 22:46:22.0340 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2010/10/03 22:46:22.0371 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2010/10/03 22:46:22.0402 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/10/03 22:46:22.0449 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/10/03 22:46:22.0480 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/03 22:46:22.0496 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/03 22:46:22.0527 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/10/03 22:46:22.0590 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/10/03 22:46:22.0621 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/10/03 22:46:22.0668 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/10/03 22:46:22.0746 snapman380 (001901f10423616ca0d4aecdcce8b855) C:\Windows\system32\DRIVERS\snman380.sys
2010/10/03 22:46:22.0792 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/10/03 22:46:22.0855 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2010/10/03 22:46:22.0855 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/10/03 22:46:22.0855 sptd - detected Locked file (1)
2010/10/03 22:46:22.0933 srv (cb5bd298e62aed1b4af3cc44811a30a5) C:\Windows\system32\DRIVERS\srv.sys
2010/10/03 22:46:23.0026 srv2 (26cd9130775c59439b77ece2f6df9c4c) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/03 22:46:23.0089 srvnet (caea15e0e52fb15a2c8b505643228057) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/03 22:46:23.0214 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/03 22:46:23.0260 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/10/03 22:46:23.0276 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/10/03 22:46:23.0307 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/10/03 22:46:23.0370 SynTP (b432c6063d4c621241c2b6e05ca0c3e3) C:\Windows\system32\DRIVERS\SynTP.sys
2010/10/03 22:46:23.0479 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/10/03 22:46:23.0635 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/03 22:46:23.0697 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/03 22:46:23.0728 TcUsb (cbd13e809e81b07116c8d51aa199f69b) C:\Windows\system32\Drivers\tcusb.sys
2010/10/03 22:46:23.0775 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/10/03 22:46:23.0869 tdrpman174 (0b7757583ebbd877c275859899fef5cb) C:\Windows\system32\DRIVERS\tdrpm174.sys
2010/10/03 22:46:23.0962 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/10/03 22:46:24.0025 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/03 22:46:24.0072 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/03 22:46:24.0118 tifsfilter (156ef5e1164bba862eee84400c7ba034) C:\Windows\system32\DRIVERS\tifsfilt.sys
2010/10/03 22:46:24.0165 timounter (8a474022c0465797b13a4ea7535d4c5b) C:\Windows\system32\DRIVERS\timntr.sys
2010/10/03 22:46:24.0259 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/03 22:46:24.0290 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/03 22:46:24.0337 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/03 22:46:24.0368 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/10/03 22:46:24.0415 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/03 22:46:24.0462 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/03 22:46:24.0508 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/10/03 22:46:24.0555 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/10/03 22:46:24.0618 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/10/03 22:46:24.0680 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/03 22:46:24.0742 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2010/10/03 22:46:24.0805 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys
2010/10/03 22:46:24.0836 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/03 22:46:24.0883 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/10/03 22:46:24.0930 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/03 22:46:24.0961 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/03 22:46:24.0992 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/10/03 22:46:25.0054 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/03 22:46:25.0101 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/03 22:46:25.0148 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/03 22:46:25.0164 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/03 22:46:25.0210 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2010/10/03 22:46:25.0242 UVCFTR (fa3ca291f80ee13a1ac210492a7dfbb9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2010/10/03 22:46:25.0320 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/03 22:46:25.0335 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/10/03 22:46:25.0366 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/10/03 22:46:25.0398 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/10/03 22:46:25.0460 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/10/03 22:46:25.0507 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/10/03 22:46:25.0554 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/10/03 22:46:25.0585 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/10/03 22:46:25.0632 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/03 22:46:25.0663 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/03 22:46:25.0694 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/10/03 22:46:25.0756 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/03 22:46:25.0912 winachsf (9e6c63f94d2c3d884a8936e448b1028b) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2010/10/03 22:46:26.0037 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/03 22:46:26.0115 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/03 22:46:26.0162 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/03 22:46:26.0224 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/03 22:46:26.0256 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
2010/10/03 22:46:26.0334 yukonx64 (62554a8c1daa7401d60727f45909528b) C:\Windows\system32\DRIVERS\yk60x64.sys
2010/10/03 22:46:26.0396 \HardDisk1\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/03 22:46:26.0396 ================================================================================
2010/10/03 22:46:26.0396 Scan finished
2010/10/03 22:46:26.0396 ================================================================================
2010/10/03 22:46:26.0412 Detected object count: 2
2010/10/03 22:47:20.0856 Locked file(sptd) - User select action: Skip
2010/10/03 22:47:20.0902 \HardDisk1\MBR - will be cured after reboot
2010/10/03 22:47:20.0902 Rootkit.Win32.TDSS.tdl4(\HardDisk1\MBR) - User select action: Cure
2010/10/03 22:47:56.0751 Deinitialize success

Edited by cr1s, 03 October 2010 - 08:57 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP