Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AntiSpy Safeguard Virus


  • Please log in to reply

#1
moxiecillin

moxiecillin

    Member

  • Member
  • PipPip
  • 11 posts
When I boot into windows after entering the password for my brother's computer a window pops up and it says AntiSpy Safeguard, There is a button on the window that says safe startup. How am I supposed to run the scans if it starts up right away? Do I boot into safe mode then go from there? Thanks for your help!
  • 0

Advertisements


#2
moxiecillin

moxiecillin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I was able to boot into safe mode and ran Malwarebytes. Below is the malwarebytes log. I selected remove all and the virus does not pop up anymore. What else can I do to make sure my brother's computer is completely free of the virus?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4785

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18943

10/9/2010 3:49:28 PM
mbam-log-2010-10-09 (15-49-28).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 404628
Time elapsed: 1 hour(s), 5 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AnVi (Rogue.AnVi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FindXplorer Service (Adware.Zwangi) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kxikitogoloputu (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agent.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmsdk64_32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files (x86)\AnVi (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi (Rogue.AntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\FindXplorer\findxplorer.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\William\Desktop\0.04740717266200423.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\William\Desktop\0.7904057610446605.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\1515.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\asdA12C.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\asdA9F2.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\dhdhtrdhdrtr5y (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\tmp1100.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\tmp3227.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\tmpF4BA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\0.06578269027246453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\0.34506624417142384.bat (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\0.6422945242398657.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\0.7013532640292423.bat (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\0.7524493774616292.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\0.8743008485844201.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\0.909180747264224.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\aprat-update.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\ggKEcbNrca.exe (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\jfSdaBEQmb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\jUbbKxVPgK.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\KhQbDYJJmA.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\PqdLlEDHqw.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\TnrasrAhba.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\topwesitjh (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\Temp\Low\wIPIGvubLl.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Temp\FIN5FA2.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\FINA208.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\About.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Activate.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Antivirus Support.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Buy.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Scan.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Settings.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVi\Update.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\FindXplorer\findxplorer117.exe (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindXplorer\findxplorer.exe (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Local\nsvrfxi.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
C:\Users\William\AppData\Roaming\srsf.bat (Malware.Trace) -> Quarantined and deleted successfully.

Edited by moxiecillin, 09 October 2010 - 03:20 PM.

  • 0

#3
moxiecillin

moxiecillin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL LOg
OTL logfile created on: 10/9/2010 4:30:22 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\William\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
10.00 Gb Paging File | 8.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.21 Gb Total Space | 578.26 Gb Free Space | 84.15% Space Free | Partition Type: NTFS
Drive D: | 11.42 Gb Total Space | 1.53 Gb Free Space | 13.43% Space Free | Partition Type: NTFS
Drive E: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.81 Gb Total Space | 3.80 Gb Free Space | 99.80% Space Free | Partition Type: FAT32
Drive K: | 6.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WILLIAM-PC
Current User Name: William
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/09 16:22:00 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\William\Desktop\OTL.com
PRC - [2010/08/16 04:32:07 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/19 13:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/02/06 20:51:28 | 003,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/03/20 18:52:42 | 000,524,288 | ---- | M] (RCA) -- C:\Users\William\Documents\RCA EasyRip\EZDock.exe
PRC - [2007/10/23 10:17:36 | 004,632,576 | ---- | M] () -- C:\Users\William\AppData\Roaming\U3\000016267374DCE3\LaunchPad.exe
PRC - [2007/10/16 22:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2007/06/29 19:56:06 | 000,278,528 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe
PRC - [2007/06/29 19:54:16 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/07 04:56:47 | 000,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2006/12/19 13:27:54 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/12/19 13:27:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 13:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe


========== Modules (SafeList) ==========

MOD - [2010/10/09 16:22:00 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\William\Desktop\OTL.com
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 10:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2010/10/09 16:01:10 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/19 13:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/10/16 22:50:00 | 000,154,432 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2007/10/16 22:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2007/06/29 19:54:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006/12/19 13:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2009/02/23 18:26:27 | 000,310,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/02/23 18:26:27 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2008/06/09 15:36:54 | 000,459,776 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)
DRV:64bit: - [2008/02/12 10:50:14 | 000,286,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys -- (CAXHWBS3)
DRV:64bit: - [2008/02/12 10:48:10 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/02/12 10:47:08 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2007/12/26 13:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wg111v2.sys -- (RTL8187)
DRV:64bit: - [2007/10/18 10:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/10/16 22:50:00 | 000,249,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2007/10/16 22:50:00 | 000,093,000 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2007/10/16 22:50:00 | 000,080,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2007/10/16 22:50:00 | 000,066,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2007/04/23 16:15:48 | 000,031,016 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\rtlprot.sys -- (RtlProt)
DRV:64bit: - [2006/11/16 19:26:44 | 000,019,248 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/06/19 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 38 33 03 36 F1 C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{AC69FF8A-F2B0-4F88-BF6E-E764D418EBAA}: C:\Users\William\AppData\Local\{AC69FF8A-F2B0-4F88-BF6E-E764D418EBAA}\ [2010/06/21 18:30:00 | 000,000,000 | ---D | M]

[2009/03/18 20:32:10 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\mozilla\Firefox\extensions
[2009/05/24 14:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\William\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DT HPW] C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [Easy Dock] C:\Users\William\Documents\RCA EasyRip\EZDock.exe (RCA)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axis & Allies Registration.lnk = C:\Users\William\AppData\Local\Temp\{B610C8BE-37F4-414C-9C5E-4A87107A801E}\{47836B39-2465-4F39-9D7E-52F70A1C3D72}\ATR1.EXE File not found
O4 - Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = C:\Users\William\AppData\Local\Temp\{44A615F2-A429-4E51-BB88-A2E1FE36E961}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/08 16:13:25 | 000,000,058 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007/10/23 02:22:58 | 000,000,285 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5120083f-d36a-11df-aeed-e23ded911e5d}\Shell - "" = AutoRun
O33 - MountPoints2\{5120083f-d36a-11df-aeed-e23ded911e5d}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{7783140c-a3f8-11df-a7fc-001fc66fb9e2}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{7783140c-a3f8-11df-a7fc-001fc66fb9e2}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{7783140c-a3f8-11df-a7fc-001fc66fb9e2}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{7783140c-a3f8-11df-a7fc-001fc66fb9e2}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{7783140c-a3f8-11df-a7fc-001fc66fb9e2}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9439a497-2ce7-11dd-9669-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9439a497-2ce7-11dd-9669-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe -- [2008/09/18 13:38:35 | 006,981,048 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\iyvu9_32.dll ()

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk - C:\Program Files (x86)\America Online 8.0\aoltray.exe - (America Online, Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpReg: ccApp - hkey= - key= - c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe File not found
MsConfig:64bit - StartUpReg: RealTray - hkey= - key= - C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/09 16:26:11 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\William\Desktop\OTL.com
[2010/10/09 10:53:34 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Malwarebytes
[2010/10/09 10:53:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/09 10:53:16 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/09 10:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/09 10:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/09 10:52:41 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\U3
[2010/09/26 12:49:59 | 000,000,000 | ---D | C] -- C:\Users\William\Documents\My Games
[2010/09/10 22:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/27 21:10:56 | 000,000,000 | ---D | C] -- C:\Users\William\Documents\all
[2010/08/27 14:20:06 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2010/08/26 22:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TinyWord
[2010/08/26 22:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2010/08/26 22:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Surf Canyon
[2010/08/26 22:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\FindXplorer
[2010/08/26 22:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FindXplorer
[2010/08/26 22:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/08/26 22:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PriceGong
[2010/08/16 05:02:46 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Google
[2010/08/16 05:02:46 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\Google
[2010/08/16 04:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/08/16 04:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/08/16 04:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/08/11 19:28:38 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\AnVi
[2010/08/09 21:01:54 | 000,000,000 | ---D | C] -- C:\Users\William\Desktop\RCA Detective
[2010/08/09 21:01:43 | 000,000,000 | ---D | C] -- C:\Users\William\Documents\RCA EasyRip
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/09 10:53:20 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/26 11:55:15 | 000,004,984 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2010/09/26 11:47:22 | 000,000,680 | ---- | C] () -- C:\Users\William\AppData\Local\d3d9caps.dat
[2010/08/26 22:22:58 | 000,000,027 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/26 22:16:01 | 000,420,038 | ---- | C] () -- C:\Users\William\AppData\Local\dd_vcredistMSI4CC4.txt
[2010/08/26 22:16:00 | 000,016,144 | ---- | C] () -- C:\Users\William\AppData\Local\dd_vcredistUI4CC4.txt
[2010/08/16 05:20:39 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/16 05:20:39 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/12 19:21:45 | 000,524,288 | -HS- | C] () -- C:\Users\William\ntuser.dat{9e4b7f53-a670-11df-bff0-001fc66fb9e2}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 19:21:45 | 000,524,288 | -HS- | C] () -- C:\Users\William\ntuser.dat{9e4b7f53-a670-11df-bff0-001fc66fb9e2}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 19:21:45 | 000,065,536 | -HS- | C] () -- C:\Users\William\ntuser.dat{9e4b7f53-a670-11df-bff0-001fc66fb9e2}.TM.blf
[2010/06/21 18:30:01 | 000,000,120 | ---- | C] () -- C:\Users\William\AppData\Local\Hvetexugujeka.dat
[2010/06/21 18:30:01 | 000,000,000 | ---- | C] () -- C:\Users\William\AppData\Local\Cwojuju.bin
[2010/04/15 17:11:37 | 000,112,384 | ---- | C] () -- C:\Users\William\AppData\Local\dd_depcheckdotnetfx30.txt
[2010/04/15 17:11:31 | 000,128,050 | ---- | C] () -- C:\Users\William\AppData\Local\dd_dotnetfx3install.txt
[2010/04/15 17:11:31 | 000,006,858 | ---- | C] () -- C:\Users\William\AppData\Local\uxeventlog.txt
[2010/04/15 17:11:31 | 000,002,410 | ---- | C] () -- C:\Users\William\AppData\Local\dd_dotnetfx3error.txt
[2010/01/28 02:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/09/10 22:39:13 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/10 22:37:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/05/30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008/09/12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2008/08/04 01:38:24 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/01 18:32:35 | 000,000,177 | ---- | C] () -- C:\Users\William\AppData\Roaming\prefs.bin
[2008/08/01 00:04:21 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\epoPGPsdk.dll.sig
[2008/07/21 18:56:45 | 000,000,157 | ---- | C] () -- C:\Windows\disney.ini
[2008/07/19 23:20:35 | 000,000,253 | ---- | C] () -- C:\Windows\Creator.INI
[2008/07/19 15:49:01 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2008/07/15 23:06:49 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/07/15 23:06:10 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2008/07/15 23:06:10 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2008/07/15 23:06:10 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2008/07/14 23:12:51 | 000,003,156 | ---- | C] () -- C:\Users\William\AppData\Roaming\wklnhst.dat
[2008/07/14 23:09:18 | 000,003,584 | ---- | C] () -- C:\Users\William\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/13 20:52:54 | 000,003,435 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/05/21 03:54:33 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/21 03:54:33 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[1997/06/13 20:56:08 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/07/21 19:30:36 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/05/21 04:44:43 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/08/09 21:07:11 | 000,001,244 | ---- | M] () -- C:\EasyCD Ripper_log.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010/08/09 21:16:17 | 000,005,030 | ---- | M] () -- C:\EZ Dock_log.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/07/23 22:14:33 | 000,000,912 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/10/09 15:56:53 | 1118,171,135 | -HS- | M] () -- C:\pagefile.sys
[2006/10/06 17:42:22 | 000,002,853 | ---- | M] () -- C:\pdiports64.inf
[2008/07/13 20:48:19 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2009/03/29 02:25:00 | 000,000,621 | ---- | M] () -- C:\RHDSetup.log
[2009/08/04 23:16:17 | 000,000,425 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/25 21:04:13 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/05/19 15:26:24 | 001,819,917 | ---- | M] (Rhode Island Soft Systems, Inc.) -- C:\Windows\Calm Before the Storm.scr
[2009/02/06 21:03:18 | 000,307,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/19 18:18:59 | 000,000,286 | -HS- | M] () -- C:\Users\William\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/07/13 20:36:26 | 000,000,402 | -HS- | M] () -- C:\Users\William\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/03/13 01:57:53 | 000,003,435 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[1998/09/02 03:46:12 | 000,075,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/09/18 16:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\SysWOW64\acwizard.ico

< %systemroot%\system\*.dat >
[2008/07/13 20:35:54 | 000,000,044 | ---- | M] () -- C:\Windows\system\hpsysdrv.dat

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/09/26 12:49:55 | 000,524,194 | ---- | M] () -- C:\Windows\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/09 16:33:34 | 002,621,440 | -HS- | M] () -- C:\Users\William\ntuser.dat

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
[2008/07/23 22:14:24 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Visualizations\Annabelle.rpv
[2008/07/23 22:14:24 | 000,080,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Real\Visualizations\CosmicBelt.rpv
[2008/07/23 22:14:24 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Visualizations\Fire.rpv
[2008/07/23 22:14:24 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Visualizations\FreqBands.rpv
[2008/07/23 22:14:24 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Real\Visualizations\Nebula.rpv

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2008/07/13 20:25:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2008/07/23 22:14:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\America Online 7.0
[2009/07/27 19:29:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\America Online 8.0
[2008/07/23 19:05:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AOL Companion
[2009/05/24 14:10:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AskBarDis
[2008/07/15 23:09:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AT&T WorldNet Setup
[2008/07/23 18:47:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atari
[2010/04/15 17:13:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bethesda Softworks
[2010/03/06 23:56:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cat Daddy Games
[2010/08/16 03:52:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2008/08/15 15:48:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cornelsen
[2010/09/10 22:30:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2008/07/15 23:09:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\directx
[2009/06/23 02:33:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA Games
[2010/04/18 19:59:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eGames
[2010/01/11 19:42:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2010/09/09 16:42:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FindXplorer
[2008/07/15 15:21:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Firefly Studios
[2010/08/26 22:15:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2009/05/24 14:10:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FrostWire
[2008/07/14 23:17:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GameSpy Arcade
[2008/08/12 21:36:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Global Star Software
[2010/08/16 05:20:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/04/18 19:58:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Graboid
[2009/09/16 13:54:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Guild Wars
[2008/08/04 01:16:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2008/07/13 20:54:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2008/05/21 04:23:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2008/09/01 01:33:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Infogrames Interactive
[2010/09/26 12:50:51 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/08/15 22:43:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2008/05/21 04:14:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2008/07/19 23:20:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LEGO Media
[2008/05/21 04:13:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LightScribeTemplateLabeler
[2008/08/05 00:00:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lucas Learning
[2008/08/04 03:54:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LucasArts
[2010/10/09 10:53:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/02/17 20:09:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Maxis
[2008/08/01 00:04:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2009/03/30 13:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2008/08/14 02:37:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2010/04/15 17:10:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2008/07/22 14:06:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2009/03/30 13:42:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2009/03/30 13:40:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/08/15 21:57:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2009/12/26 04:20:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2008/07/22 14:06:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/04/18 19:57:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla ActiveX Control v1.7.12
[2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009/03/13 22:05:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2008/05/21 04:13:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\muvee Technologies
[2009/04/03 17:09:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCSoft
[2008/12/16 20:01:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NETGEAR
[2009/02/23 18:07:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oberon Media
[2008/07/13 20:25:24 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2008/05/21 04:32:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PC-Doctor 5 for Windows
[2008/07/17 00:20:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayFirst
[2008/07/13 20:47:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Portrait Displays
[2010/08/26 22:15:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PriceGong
[2010/05/28 00:51:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Primal 3D Body
[2008/08/05 00:01:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2008/07/23 19:04:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2008/05/21 04:00:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/01/17 18:50:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ScenicReflections
[2009/02/23 17:53:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sigma Team
[2010/10/09 16:02:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2010/08/26 22:16:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Surf Canyon
[2008/08/13 01:27:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Telltale Texas Hold 'Em
[2010/08/26 22:16:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TinyWord
[2009/02/11 19:36:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ubi Soft
[2009/02/23 18:22:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ubisoft
[2006/11/02 10:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/05/08 22:24:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Utherverse Digital Inc
[2010/04/18 19:56:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/05/15 16:04:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VistaCodecPack
[2009/08/25 22:13:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Warcraft III
[2009/09/25 21:30:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2008/01/20 22:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008/01/20 22:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/08/26 21:42:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2009/03/30 13:40:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/05/12 23:36:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2009/09/25 21:30:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006/11/02 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/09/25 21:30:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2009/09/25 21:30:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/08/27 14:17:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >
[2008/07/17 01:25:53 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %ProgramFiles%\Microsoft Office\OFFICE11\*.* >

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP