Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown Chinese program hangs on shutdown


  • Please log in to reply

#1
GrinningCrow

GrinningCrow

    New Member

  • Member
  • Pip
  • 3 posts
untitled.JPG

I recently tried to shutdown my XP SP3 and was presented with a "this program is not responding". Nothing particularly weird there. However, the name of the program seemed to be a mixture of east Asian characters (perhaps Chinese, but I don't know) and default 'squares'.



I'm a little concerned about this as I don't recall ever installing anything with an east Asian name, nor have I ever seen anything like this.

Thanks

Note: I was unable to complete an MBER scan

MBAM Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4792

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2010-10-10 11:03:00 PM
mbam-log-2010-10-10 (23-03-00).txt

Scan type: Quick scan
Objects scanned: 193561
Time elapsed: 23 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL.Txt:
OTL logfile created on: 2010-10-11 7:28:19 PM - Run 1
OTL by OldTimer - Version 3.2.15.0 Folder = C:\Documents and Settings\uname\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.71 Gb Total Space | 58.68 Gb Free Space | 25.22% Space Free | Partition Type: NTFS

Computer Name: LTuname | User Name: uname | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010-10-11 19:06:04 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uname\My Documents\Downloads\OTL.exe
PRC - [2010-02-25 04:08:38 | 000,240,808 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe
PRC - [2010-01-04 18:33:40 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyPro\mozyprostat.exe
PRC - [2009-08-06 23:51:54 | 000,613,128 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009-05-27 09:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2009-05-27 09:26:46 | 014,950,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
PRC - [2009-05-27 09:26:42 | 000,202,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
PRC - [2009-05-15 19:02:20 | 000,078,136 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyPro\mozyprobackup.exe
PRC - [2009-04-17 20:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009-03-30 01:28:54 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA001Mon.exe
PRC - [2009-03-17 02:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009-03-17 02:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R213367\stacsv.exe
PRC - [2009-03-17 02:57:14 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009-02-22 22:51:40 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009-02-22 22:51:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009-02-22 22:51:22 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009-02-22 22:51:22 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009-02-11 23:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009-02-11 23:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009-02-05 03:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009-01-28 02:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009-01-28 02:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009-01-28 02:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009-01-22 16:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2009-01-22 16:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008-11-25 04:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008-10-24 16:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008-07-10 09:22:18 | 001,106,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSRS10.LTuname\Reporting Services\ReportServer\bin\ReportingServicesService.exe
PRC - [2008-04-14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-08-31 19:58:50 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2007-08-09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007-04-19 11:56:36 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2006-11-17 19:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006-11-17 19:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006-11-17 19:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006-11-17 09:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe


========== Modules (SafeList) ==========

MOD - [2010-10-11 19:06:04 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uname\My Documents\Downloads\OTL.exe
MOD - [2008-04-14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010-06-30 18:47:26 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-02-25 04:08:38 | 000,240,808 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\system32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2009-10-28 16:06:15 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-09-23 22:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009-07-02 22:10:16 | 003,217,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2009-05-27 09:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2009-05-27 09:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009-05-27 09:26:46 | 014,950,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe -- (MSSQLServerOLAPService) SQL Server Analysis Services (MSSQLSERVER)
SRV - [2009-05-27 09:26:42 | 000,202,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer)
SRV - [2009-05-15 19:02:20 | 000,078,136 | ---- | M] (Mozy, Inc.) [Auto | Running] -- C:\Program Files\MozyPro\mozyprobackup.exe -- (mozyprobackup)
SRV - [2009-04-17 20:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009-03-17 02:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)
SRV - [2009-02-11 23:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009-01-28 02:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009-01-28 02:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009-01-22 16:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009-01-22 16:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008-11-25 04:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008-11-25 04:31:08 | 000,346,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2008-11-25 04:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008-11-25 04:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008-07-10 09:22:18 | 001,106,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSRS10.LTuname\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer$LTuname) SQL Server Reporting Services (LTuname)
SRV - [2007-08-09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007-06-22 15:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2007-04-19 11:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2006-11-17 19:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LVCM.sys -- (QCMerced)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pctnullport.sys -- (Nmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\uname\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010-06-09 18:47:33 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-02-25 04:08:02 | 000,025,160 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2010-02-25 04:07:56 | 000,022,600 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2010-02-25 04:07:48 | 000,079,944 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2010-02-25 04:06:34 | 000,027,208 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nglog.sys -- (NgLog)
DRV - [2009-09-10 17:21:30 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mozypro.sys -- (mozyproFilter)
DRV - [2009-07-21 07:20:42 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009-04-22 23:39:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009-04-03 05:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009-03-30 01:28:44 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009-03-30 01:28:42 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009-03-30 01:28:40 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Afx.sys -- (OA001Afx)
DRV - [2009-03-24 21:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009-03-17 02:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009-03-17 02:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009-02-22 23:59:26 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009-02-22 22:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009-02-12 00:10:20 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009-02-11 23:41:42 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009-01-28 02:50:00 | 000,177,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009-01-28 02:50:00 | 000,073,512 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009-01-28 02:50:00 | 000,065,000 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009-01-28 02:50:00 | 000,052,168 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009-01-28 02:50:00 | 000,034,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009-01-28 02:50:00 | 000,031,848 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2009-01-22 16:16:14 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008-10-15 17:58:34 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2008-10-15 17:58:34 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2008-10-15 17:58:34 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008-10-15 17:58:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008-10-15 17:58:26 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008-08-28 01:06:52 | 006,600,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-06-04 19:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008-04-14 13:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008-04-14 13:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008-04-14 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-14 07:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008-02-21 03:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007-09-04 22:53:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2007-07-23 21:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007-07-23 21:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007-07-23 21:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007-07-23 21:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007-07-23 21:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007-07-23 21:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007-07-23 21:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007-07-23 21:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007-07-23 20:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007-07-23 20:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007-07-23 20:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007-07-23 20:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006-06-14 17:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2001-08-18 03:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-18 03:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-18 03:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-18 03:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-18 03:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-18 02:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-18 02:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-18 02:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-18 02:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-18 02:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-18 02:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-18 02:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-18 02:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-18 02:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-18 02:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001-08-17 21:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.46
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-29 20:25:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-09-16 16:48:53 | 000,000,000 | ---D | M]

[2009-10-26 17:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Mozilla\Extensions
[2010-10-10 20:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Mozilla\Firefox\Profiles\niqv59na.default\extensions
[2009-12-08 16:29:14 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\uname\Application Data\Mozilla\Firefox\Profiles\niqv59na.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010-04-27 00:46:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\uname\Application Data\Mozilla\Firefox\Profiles\niqv59na.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-01-28 04:15:08 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\uname\Application Data\Mozilla\Firefox\Profiles\niqv59na.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2009-10-31 03:13:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\uname\Application Data\Mozilla\Firefox\Profiles\niqv59na.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010-10-10 20:46:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-09-16 16:48:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-07-17 11:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-01-13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009-12-24 00:32:33 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OA001Mon] C:\WINDOWS\OA001Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyPro Status.lnk = C:\Program Files\MozyPro\mozyprostat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\uname\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248818629296 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1256582034497 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MKTEAM.DMRI
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-04-25 22:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - lvcodec2.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010-10-10 22:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-10-08 09:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uname\Application Data\VMware
[2010-10-08 09:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2010-10-08 09:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010-09-20 16:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uname\Application Data\TeamViewer
[2010-09-20 16:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010-09-16 16:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010-09-16 16:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-09-12 15:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Qlock
[2010-09-09 18:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\StarUML
[2010-08-30 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2010-08-27 02:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010-08-27 02:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-10-11 18:50:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-25853599-1642161-1877560073-6745UA.job
[2010-10-11 18:50:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-25853599-1642161-1877560073-6745Core.job
[2010-10-11 18:33:45 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\uname\NTUSER.DAT
[2010-10-11 10:51:22 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\uname\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2007.lnk
[2010-10-11 07:54:10 | 000,789,638 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-10-11 07:54:10 | 000,631,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-10-11 07:54:10 | 000,141,236 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-10-11 07:53:33 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-10-11 07:53:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-10-11 07:53:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-10-11 07:51:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-10-11 07:50:52 | 000,149,814 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010-10-11 07:48:50 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-10-11 07:48:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-10-11 07:48:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-10-11 07:48:42 | 3208,536,064 | -HS- | M] () -- C:\hiberfil.sys
[2010-10-11 00:25:19 | 000,000,836 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010-10-11 00:23:37 | 000,190,150 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-10-10 22:34:04 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\uname\Desktop\NTREGOPT.lnk
[2010-10-10 22:34:04 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\uname\Desktop\ERUNT.lnk
[2010-10-10 21:23:19 | 001,438,720 | ---- | M] () -- C:\Documents and Settings\uname\Desktop\Doc1.doc
[2010-10-10 21:23:01 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\uname\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[2010-10-09 19:13:35 | 000,149,814 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010-10-07 23:56:52 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\uname\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-07 13:02:45 | 000,001,726 | -H-- | M] () -- C:\Documents and Settings\uname\My Documents\Default.rdp
[2010-10-07 08:16:17 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010-10-05 21:32:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\uname\ntuser.ini
[2010-09-24 23:59:38 | 005,054,803 | ---- | M] () -- C:\Documents and Settings\uname\Desktop\Cell suppression and disclosure.pdf
[2010-09-21 23:55:12 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\uname\Application Data\Microsoft\Internet Explorer\Quick Launch\FireFox.lnk
[2010-09-20 16:56:49 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-09-20 16:55:18 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010-09-20 16:03:06 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010-09-14 17:04:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010-08-27 03:09:21 | 000,000,264 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2010-08-13 13:19:35 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-07-31 18:58:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-10-11 07:53:32 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010-10-10 22:34:04 | 000,000,613 | ---- | C] () -- C:\Documents and Settings\uname\Desktop\NTREGOPT.lnk
[2010-10-10 22:34:04 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\uname\Desktop\ERUNT.lnk
[2010-09-29 21:10:53 | 004,750,336 | ---- | C] () -- C:\Documents and Settings\uname\Desktop\BSFP 2009 Draft reportv16.03.doc
[2010-09-29 19:50:06 | 000,001,067 | ---- | C] () -- C:\Documents and Settings\uname\Application Data\Microsoft\Internet Explorer\Quick Launch\BSFP OLAP project.sln.lnk
[2010-09-21 23:55:12 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\uname\Application Data\Microsoft\Internet Explorer\Quick Launch\FireFox.lnk
[2010-09-20 16:03:06 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010-09-12 15:52:48 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\uname\Start Menu\Programs\Startup\qlock.lnk
[2010-09-09 18:59:09 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\uname\Desktop\StarUML.lnk
[2010-08-27 03:09:21 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010-08-27 02:54:34 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\uname\Installer.log
[2010-06-29 20:45:07 | 000,342,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-04-14 02:05:06 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp60.log
[2010-04-10 02:02:31 | 000,006,397 | ---- | C] () -- C:\Documents and Settings\uname\Application Data\PrimoPDFSet.xml
[2010-04-10 02:02:29 | 000,000,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2010-02-25 04:10:54 | 000,127,656 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2010-02-24 03:50:04 | 000,014,832 | -HS- | C] () -- C:\Documents and Settings\uname\Local Settings\Application Data\Xi7h20PI0
[2010-01-15 22:40:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV200P.ini
[2009-11-20 17:14:52 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\uname\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-07 15:40:47 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009-11-07 15:40:41 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009-11-07 15:38:39 | 000,000,732 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009-11-07 15:33:10 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009-08-25 19:21:27 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\uname\Local Settings\Application Data\setup.txt
[2009-08-25 19:21:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\uname\Local Settings\Application Data\WavXMapDrive.bat
[2009-08-25 19:18:52 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009-08-21 20:04:35 | 000,000,416 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-08-03 22:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-08-01 21:16:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2009-08-01 21:16:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2009-08-01 20:59:06 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009-08-01 19:32:11 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009-07-21 09:39:17 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-07-21 09:39:17 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-07-21 09:39:17 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-07-21 09:39:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-07-21 09:37:49 | 000,001,156 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009-07-21 07:30:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009-07-21 07:24:22 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009-07-21 07:23:32 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009-07-21 07:09:46 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2009-07-21 07:07:23 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009-04-30 15:20:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Pitney Bowes Software.dll
[2009-04-27 05:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008-10-15 17:58:34 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008-08-15 14:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007-09-27 16:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007-09-27 16:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-09-27 16:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007-04-19 11:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007-04-19 11:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2006-06-30 18:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006-06-30 18:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2005-02-17 18:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005-02-17 18:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001-11-14 19:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001-07-06 23:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000-10-26 00:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2000-10-02 19:23:46 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\Rtspcomm.dll
[2000-10-02 19:23:38 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\Rtdpcomm.dll

========== LOP Check ==========

[2010-03-10 21:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2009-08-01 21:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2009-10-28 17:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009-10-28 16:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapInfo
[2009-08-21 19:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009-09-27 20:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2009-07-29 19:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009-08-01 19:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010-02-24 15:56:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009-12-15 17:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Amazon
[2009-10-28 16:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Aventail
[2009-07-21 07:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Broadcom
[2010-06-29 21:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\com.7digital.downloadmanager
[2010-01-15 22:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\EPSON
[2010-05-09 04:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Facebook
[2010-09-12 21:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\GenStat
[2009-10-28 17:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\GlobalSCAPE
[2010-09-03 02:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\ImportGFI
[2010-03-08 00:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Launchy
[2010-01-15 22:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Leadertech
[2010-01-14 18:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\MapInfo
[2010-01-18 20:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\MusE
[2009-11-02 15:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Opera
[2010-02-27 15:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Research In Motion
[2010-02-07 03:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Stardock
[2009-10-27 23:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Subversion
[2010-09-20 16:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\TeamViewer
[2009-07-21 07:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Wave Systems Corp
[2009-07-21 06:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Windows Desktop Search
[2009-11-19 19:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uname\Application Data\Windows Search
[2010-10-11 07:48:50 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-10-11 07:48:40 | 000,124,316 | ---- | M] () -- C:\aaw7boot.log
[2008-04-25 22:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-08-01 21:44:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-10-11 07:53:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004-08-04 06:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010-02-24 06:15:10 | 000,031,998 | ---- | M] () -- C:\ComboFix.txt
[2008-04-25 22:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-07-21 09:41:00 | 000,006,085 | RH-- | M] () -- C:\dell.sdr
[2010-10-11 07:48:42 | 3208,536,064 | -HS- | M] () -- C:\hiberfil.sys
[2008-04-25 22:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010-10-10 22:37:02 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008-04-25 22:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008-04-14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010-10-11 07:48:40 | 4290,772,992 | -HS- | M] () -- C:\pagefile.sys
[2010-02-22 12:54:47 | 000,167,424 | ---- | M] () -- C:\REPORT.xls
[2010-02-24 06:15:55 | 000,000,390 | ---- | M] () -- C:\rkill.log
[2010-05-23 17:25:35 | 000,000,000 | ---- | M] () -- C:\SavedPivot.dat

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008-04-25 10:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008-04-25 10:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008-04-25 10:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-05 08:43:39

< End of report >



Extras.Txt:
OTL Extras logfile created on: 2010-10-11 7:28:25 PM - Run 1
OTL by OldTimer - Version 3.2.15.0 Folder = C:\Documents and Settings\uname\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.71 Gb Total Space | 58.68 Gb Free Space | 25.22% Space Free | Partition Type: NTFS

Computer Name: LTuname | User Name: uname | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Complete -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4: Beyond the Sword -- (Firaxis Games)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- File not found
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1250E27F-7AF5-46F3-962A-36CE75C65F32}" = Infragistics NetAdvantage WPF 2009.2
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1C278B97-9D25-48B0-9A4E-F4F2BB992043}" = EPSON Perfection V200 Photo Scanner Driver Update
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.42.0
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005
"{23F70562-02F4-4805-ACF5-6E52BAD167C2}" = Microsoft SQL Server 2008 Reporting Services
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 21
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{275ABBA2-4817-4443-9AB8-ED43CA9AAA17}" = Microsoft SQL Server 2008 BI Development Studio
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2ACF3993-A0E7-4374-B926-68EA1FAE8A88}" = MapInfo Professional 10.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34C50CC3-108F-4850-AC52-71BD06F42592}" = .NET Framework Machine Code Access Security Policy
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3790EAC2-3274-481B-B507-B40E20970237}" = MapInfo Free Data
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4367C54D-A83D-4D94-9F72-3090C8DC7EB7}" = WinQuery 9.0 (Client Interview Version)
"{45528AEA-4883-413E-ABB5-471AA26C20D8}" = Enterprise Library 4.1 - October 2008
"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components
"{49E98741-B7A4-4A44-A536-6AFCA23106FE}" = Microsoft SQL Server 2008 Reporting Services
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}" = Microsoft SQL Server 2008 Client Tools
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{50B905E5-2466-4A3E-894E-CD5A25D54556}" = Microsoft SQL Server 2008 Books Online (August 2008)
"{51759BA2-9C73-4B8F-A2C3-B72982B25426}" = Microsoft SQL Server 2005 Upgrade Advisor (English)
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{53FA4D10-D5D5-4773-B9EF-7CAF84E4B8BF}" = .NET Framework Machine Code Access Security Policy
"{54A41AF7-7777-4471-94E1-03798403444C}" = TortoiseSVN 1.6.4.16808 (32 bit)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{60D46DEE-5221-47AA-B978-BA25C5D9F560}" = Microsoft SQL Server 2008 Client Tools
"{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}" = Microsoft SQL Server 2005 Notification Services
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6721AC10-3743-38F1-B178-C0EC6C9A4108}" = Microsoft Visual Studio Team System 2008 Development Edition - ENU
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel® PRO Alerting Agent
"{7048BE8E-264E-F293-51DC-D7C64AD52FAE}" = MozyPro Remote Backup
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78E884B8-7DB5-4708-AFE5-DAECEA900EE4}" = Diskeeper 2009 Professional
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7AE99502-ABB3-45F6-BC0C-73169A3BAF08}" = GenStat 10th Edition
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8415F660-5FDC-4601-97DD-43A783600F4B}" = SQLXML4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{8E67940F-CFDB-4B01-A83A-4D75923FAFC1}" = Microsoft Silverlight 3 Tools for Visual Studio 2008 SP1 - ENU
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{982DB00A-9C4E-436B-8707-18E113BAA44C}" = Microsoft SQL Server 2005 Analysis Services
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9A4A4F4E-8F50-437D-850D-5EED3477F952}" = MapXtreme 2008 6.8.0 NCP
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A29B7B4B-DE31-78D1-72DD-E827F254FD64}" = 7digital Download Manager
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC54DC1F-EDA7-448C-BA4C-218A92F5E985}" = Microsoft SQL Server 2008 BI Development Studio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{CFDD74D0-3E06-4A3C-8747-E9D4B0AA4659}" = i-map2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D590581D-5673-49CF-8F5B-AA2C7B82A8F0}" = DataMaster
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EB3F5C2A-0754-38B8-8722-7B537006BF46}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"com.7digital.downloadmanager" = 7digital Download Manager
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Webcam Central" = Dell Webcam Central
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"FLV Player" = FLV Player 2.0 (build 25)
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7AE99502-ABB3-45F6-BC0C-73169A3BAF08}" = GenStat 10th Edition
"M346 Data files and GenStat 10" = M346 Data files and GenStat 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapInfo MapX 4.0 OCX" = MapInfo MapX 4.0 OCX
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio Team System 2008 Development Edition - ENU" = Microsoft Visual Studio Team System 2008 Development Edition - ENU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoAdware 5.0_is1" = NoAdware v5.0
"NVIDIA Drivers" = NVIDIA Drivers
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"Qlock" = Qlock Lite
"Registry Fix_is1" = RegistryFix v7.1
"StarUML_is1" = StarUML 5.0.2.1570
"TeamViewer 5" = TeamViewer 5
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"ScrumWorks Basic Client" = ScrumWorks Basic Client
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-10-10 6:18:46 PM | Computer Name = LTuname | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 2010-10-10 7:21:59 PM | Computer Name = LTuname | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2010-10-10 7:21:59 PM | Computer Name = LTuname | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2010-10-10 7:22:02 PM | Computer Name = LTuname | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2010-10-11 2:49:10 AM | Computer Name = LTuname | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2010-10-11 2:49:10 AM | Computer Name = LTuname | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2010-10-11 2:49:10 AM | Computer Name = LTuname | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2010-10-11 3:10:22 AM | Computer Name = LTuname | Source = McLogEvent | ID = 259
Description = The file c:\Documents and Settings\uname\Desktop\Malware management\rkill.pif
contains the Generic.gk!tra Trojan. No cleaner available, file deleted successfully.
Detected using Scan engine version 5400.1158 DAT version 6131.0000.

Error - 2010-10-11 3:32:29 AM | Computer Name = LTuname | Source = McLogEvent | ID = 259
Description = The file c:\Documents and Settings\uname\My Documents\My Pictures\antimalware\rkill.pif
contains the Generic.gk!tra Trojan. No cleaner available, file deleted successfully.
Detected using Scan engine version 5400.1158 DAT version 6131.0000.

Error - 2010-10-11 10:48:50 AM | Computer Name = LTuname | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ OSession Events ]
Error - 2009-12-23 4:21:35 PM | Computer Name = LTuname | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 997
seconds with 600 seconds of active time. This session ended with a crash.

Error - 2010-01-13 5:58:32 PM | Computer Name = LTuname | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5457
seconds with 2400 seconds of active time. This session ended with a crash.

Error - 2010-02-04 6:36:43 PM | Computer Name = LTuname | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4695
seconds with 960 seconds of active time. This session ended with a crash.

Error - 2010-04-12 11:30:26 PM | Computer Name = LTuname | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2224
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 2010-05-03 11:13:59 AM | Computer Name = LTuname | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2811
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 2010-05-06 9:15:04 AM | Computer Name = LTuname | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 758
seconds with 420 seconds of active time. This session ended with a crash.

Error - 2010-06-14 12:18:39 PM | Computer Name = LTuname | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13461
seconds with 600 seconds of active time. This session ended with a crash.

Error - 2010-06-21 4:43:23 PM | Computer Name = LTuname | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 563
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2010-10-10 7:21:59 PM | Computer Name = LTuname | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain DOANE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 2010-10-10 7:23:20 PM | Computer Name = LTuname | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 2010-10-10 7:24:11 PM | Computer Name = LTuname | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 8a2d7da0, parameter3
8a2d7f14, parameter4 805d2954.

Error - 2010-10-10 7:24:36 PM | Computer Name = LTuname | Source = Service Control Manager | ID = 7022
Description = The SQL Server Reporting Services (LTuname) service hung on starting.

Error - 2010-10-11 2:49:06 AM | Computer Name = LTuname | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain DOANE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 2010-10-11 2:50:23 AM | Computer Name = LTuname | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 2010-10-11 2:51:31 AM | Computer Name = LTuname | Source = Service Control Manager | ID = 7022
Description = The SQL Server Reporting Services (LTuname) service hung on starting.

Error - 2010-10-11 4:18:56 AM | Computer Name = LTuname | Source = Service Control Manager | ID = 7034
Description = The SQL Server (MSSQLSERVER) service terminated unexpectedly. It
has done this 1 time(s).

Error - 2010-10-11 4:19:00 AM | Computer Name = LTuname | Source = Service Control Manager | ID = 7031
Description = The SQL Server Reporting Services (LTuname) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 2010-10-11 7:36:14 AM | Computer Name = LTuname | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain DOANE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >

Edited by GrinningCrow, 11 October 2010 - 01:05 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,190 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:


et Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. What do you see in the top 5 and what percentage does each use. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


RootRepeal[/b]
[*]Extract RootRepeal.exe from the archive.
[*]Open Posted Image on your desktop.
[*]Before you run the scan go into Settings, Options, General and move the slider to Middle Level then close the Settings box!
[*]Click the Posted Image button.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]

bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).


Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP