Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

18 threats found Malwarebytes: Rogue Security Tool, Rootkit.TDSS, PUP.


  • Please log in to reply

#1
s_o_s

s_o_s

    New Member

  • Member
  • Pip
  • 3 posts
When I searched back through NAV I found several problems.
One was an attack from a known threat computer when I did a search on the IP in Norton I came up with a thread from one of your guys and followed through the responses.
I ran Malware Bytes resolved 18 threats
I downloaded OTL & Scan.txt
I have attached the 2 log files and the Malware Bytes logs below.

Am I in the clear now?

OTL Log:

OTL logfile created on: 4/12/2011 10:23:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sean\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.94 Gb Total Space | 29.06 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 0.60 Gb Free Space | 5.36% Space Free | Partition Type: NTFS
Drive E: | 7.77 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CHRIS_ROOM | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/12 21:06:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Downloads\OTL.exe
PRC - [2011/03/24 15:29:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/24 08:30:12 | 001,115,536 | ---- | M] (Discordia, LTD) -- C:\Program Files\Windows ilivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/11/13 17:28:29 | 000,335,872 | ---- | M] (Zamiinc) -- C:\Program Files\Gameforge4D\GatesofAndaron\PrePatch.exe
PRC - [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2010/07/23 02:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Online\Engine\2.1.0.23\ccsvchst.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/03 18:23:30 | 000,413,696 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\PictureMover\Bin\PictureMover.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/03/01 15:52:04 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe
PRC - [2006/11/02 08:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/08/14 13:12:48 | 000,126,976 | ---- | M] (Saitek) -- C:\Program Files\Saitek\Software\SaiMfd.exe
PRC - [2006/08/09 15:23:26 | 000,184,320 | ---- | M] (Saitek) -- C:\Program Files\Saitek\Software\ProfilerU.exe


========== Modules (SafeList) ==========

MOD - [2011/04/12 21:06:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Downloads\OTL.exe
MOD - [2011/04/07 06:15:25 | 000,053,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL
MOD - [2011/04/07 06:15:12 | 003,780,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll
MOD - [2011/02/03 19:53:04 | 000,043,232 | ---- | M] (Autodesk, Inc.) -- C:\Windows\System32\AcSignIcon.dll
MOD - [2011/01/14 03:30:20 | 000,515,808 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Inventor Fusion 2012\AcSignCore16.dll
MOD - [2010/12/04 02:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2010/11/13 15:49:45 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/11/13 15:49:45 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/04 15:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009/09/30 21:02:04 | 000,334,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2009/06/10 07:41:46 | 002,386,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
MOD - [2009/04/11 02:28:19 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
MOD - [2009/04/11 02:28:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2009/04/11 02:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2008/01/20 22:25:15 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
MOD - [2008/01/20 22:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/20 22:24:54 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2006/11/02 05:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/04/07 06:27:21 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/30 16:45:53 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/08/15 12:19:00 | 003,700,176 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/07/23 02:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Online\Engine\2.1.0.23\ccSvcHst.exe -- (NOF)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/01 15:52:04 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)


========== Driver Services (SafeList) ==========

DRV - [2011/03/31 17:34:28 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110411.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 17:34:27 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110411.038\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110411.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/02/25 17:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/01/03 19:31:24 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/01/03 19:31:24 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/26 18:25:00 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/01 01:23:59 | 000,330,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/11/23 00:59:15 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/11/23 00:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/23 00:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 22:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 21:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/20 22:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/07/12 21:20:31 | 000,181,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NSM\0201000.034\SymRdr.SYS -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
DRV - [2009/01/18 23:01:37 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Chris\AppData\Local\Temp\pnicml.sys -- (pnicml)
DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/06 15:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/06/06 15:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 10:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/22 05:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/02/12 11:27:34 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2008/02/12 11:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 11:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/01/23 15:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 15:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/01/23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/08/14 06:52:49 | 000,035,328 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2006/08/14 06:52:44 | 000,013,824 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2006/08/08 13:25:06 | 000,182,528 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0461.sys -- (SaiH0461)
DRV - [2005/01/01 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2001/05/07 06:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKU\.DEFAULT\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKU\S-1-5-18\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.1.0.01
FF - prefs.js..extensions.enabledItems: {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}:2.1.0.52
FF - prefs.js..extensions.enabledItems: {B2B6B7D4-A5A7-4C91-95B0-1279094F69F6}:1.9.1
FF - prefs.js..keyword.URL: "http://www.searchqu....ystemid=406&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/07 07:09:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 18:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.1.0.37\coFFFw\ [2011/03/31 17:14:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B2B6B7D4-A5A7-4C91-95B0-1279094F69F6}: C:\Users\Chris\AppData\Local\{B2B6B7D4-A5A7-4C91-95B0-1279094F69F6} [2011/04/09 18:15:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/30 23:46:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 13:40:45 | 000,000,000 | ---D | M]

[2010/11/28 20:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions
[2011/04/12 21:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fziz36im.default\extensions
[2010/12/26 15:32:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fziz36im.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/09 18:05:05 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fziz36im.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2010/12/26 16:53:47 | 000,002,470 | ---- | M] () -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fziz36im.default\searchplugins\safesearch.xml
[2011/04/12 21:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/26 18:33:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/09 18:05:16 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011/01/06 18:41:20 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/07 07:09:21 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011/03/31 17:14:23 | 000,000,000 | ---D | M] (Norton Safety Minder) -- C:\PROGRAMDATA\NORTON\{78CA3BF0-9C3B-40E1-B46D-38C877EF059A}\NSM_2.1.0.37\COFFFW
[2011/04/09 18:15:59 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CHRIS\APPDATA\LOCAL\{B2B6B7D4-A5A7-4C91-95B0-1279094F69F6}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/27 17:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 18:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2011/03/23 08:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

Hosts file not found
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows ilivid Toolbar\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows ilivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Norton Safety Minder) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.52\coieplg.dll (Symantec Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows ilivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\Toolbar\WebBrowser: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - File not found
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\GatesofAndaron\PrePatch.exe (Zamiinc)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows ilivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003..\Run: [DW6] File not found
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantac...ad/iaplayer.cab (InstantAction Game Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3712~1\Datamngr\datamngr.dll) - C:\Program Files\Windows ilivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3712~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows ilivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/07 06:02:11 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/08/04 14:31:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{560ac92d-6ad0-11dd-b42e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{560ac92d-6ad0-11dd-b42e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\dvdcheck.exe
O33 - MountPoints2\{81f229ff-b0f8-11dd-a907-001e904d6d90}\Shell - "" = AutoRun
O33 - MountPoints2\{81f229ff-b0f8-11dd-a907-001e904d6d90}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {42AAE930-0606-E49C-026B-3C0D629FA897} - Macromedia Shockwave Director 8.0
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {6008AC6D-6E68-91A2-A843-D25C160A28A6} - DirectX
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D654302A-C5B3-8764-7F72-EAB2E553D617} - Internet Explorer
ActiveX: {DC263C6C-C073-BE41-181C-F12EACE8C54B} - NetShow
ActiveX: {DC5A79B7-A29E-4531-88A5-0CA8D2409CA8} - NetShow
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2011/04/12 20:44:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/04/12 20:43:03 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/04/09 18:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\ilivid
[2011/04/09 18:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows ilivid Toolbar
[2011/04/07 17:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/04/07 06:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/04/07 06:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011/04/07 06:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/04/07 06:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/04/06 23:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2011/04/06 23:31:27 | 000,000,000 | ---D | C] -- C:\Autodesk
[2011/03/26 21:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gunz
[2011/03/26 13:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame
[2011/03/26 09:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\USArmy
[2011/03/25 22:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient
[2011/03/25 16:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/03/25 16:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/03/25 16:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/03/25 13:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/03/18 18:36:07 | 000,019,805 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\usbio.sys
[2007/03/01 15:52:06 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbcih.exe
[2007/03/01 15:52:04 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbccoms.exe
[2007/03/01 15:52:04 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbccfg.exe
[2007/02/02 06:06:34 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2007/02/02 05:55:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2006/12/20 17:08:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2006/12/20 17:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2006/12/20 17:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2006/12/20 16:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2006/12/20 16:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2006/12/20 16:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2006/12/20 16:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2006/12/20 16:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2006/12/20 16:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2006/12/20 16:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2006/12/20 16:42:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/04/12 22:24:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{017DDA5B-28AD-426E-A615-81778D4C0360}.job
[2011/04/12 22:23:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{034F74DD-C297-4D6D-9202-2BDCDA60C932}.job
[2011/04/12 22:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/12 22:18:41 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/04/12 22:07:54 | 000,229,428 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/04/12 22:07:26 | 000,002,487 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/12 21:40:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/12 21:39:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/12 21:39:50 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/12 21:39:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/12 21:39:08 | 3152,519,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 21:07:12 | 000,000,789 | ---- | M] () -- C:\Users\Sean\Desktop\OTL - Shortcut.lnk
[2011/04/12 20:54:35 | 000,000,944 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/12 16:55:29 | 281,215,934 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/08 17:51:03 | 000,635,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/08 17:51:02 | 000,116,212 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/07 17:23:06 | 000,487,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/07 06:33:38 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
[2011/04/07 06:28:31 | 000,000,147 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/07 06:25:59 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
[2011/04/04 20:00:00 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2011/03/31 20:22:28 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2011/03/31 17:14:06 | 000,002,584 | ---- | M] () -- C:\Users\Public\Desktop\Norton Online Family.lnk
[2011/03/26 23:06:04 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\Soldier Front.lnk
[2011/03/26 21:33:38 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Gunz.lnk
[2011/03/26 21:25:54 | 000,000,779 | ---- | M] () -- C:\Users\Sean\Desktop\Gunz.lnk
[2011/03/26 15:23:27 | 000,000,171 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url
[2011/03/26 15:23:25 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2011/03/26 12:28:29 | 000,137,544 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/03/26 12:28:20 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/03/26 09:18:23 | 003,360,624 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2011/03/25 16:41:59 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/03/24 22:00:58 | 000,000,799 | ---- | M] () -- C:\Users\Sean\Desktop\Project Blackout.lnk
[2011/03/15 18:00:27 | 000,002,848 | ---- | M] () -- C:\{819D7F97-4E3B-4C45-A5C7-D544D09D79BF}

========== Files Created - No Company Name ==========

[2011/04/12 22:07:26 | 000,002,487 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/12 21:07:12 | 000,000,789 | ---- | C] () -- C:\Users\Sean\Desktop\OTL - Shortcut.lnk
[2011/04/12 20:54:35 | 000,000,944 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/12 17:00:28 | 3152,519,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/07 06:33:38 | 000,001,982 | ---- | C] () -- C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
[2011/04/07 06:28:31 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/07 06:25:59 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
[2011/03/31 20:22:28 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2011/03/26 23:06:04 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\Soldier Front.lnk
[2011/03/26 21:33:38 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Gunz.lnk
[2011/03/26 21:25:54 | 000,000,779 | ---- | C] () -- C:\Users\Sean\Desktop\Gunz.lnk
[2011/03/26 15:23:27 | 000,000,171 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url
[2011/03/26 15:23:25 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2011/03/25 21:45:26 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/03/25 21:44:02 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/03/25 19:51:03 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/03/25 19:50:56 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/03/25 19:50:55 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/03/25 16:41:58 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/03/15 18:00:26 | 000,002,848 | ---- | C] () -- C:\{819D7F97-4E3B-4C45-A5C7-D544D09D79BF}
[2011/02/25 21:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/11/28 20:06:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/13 17:42:03 | 000,229,428 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/11/13 16:02:36 | 000,155,648 | ---- | C] () -- C:\Windows\System32\nY.exe
[2010/11/13 15:59:13 | 001,126,400 | ---- | C] () -- C:\Windows\System32\SaiC0461.Dll
[2010/11/13 15:59:13 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0461_10.dll
[2010/11/13 15:59:13 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0461_0C.dll
[2010/11/13 15:59:13 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0461_0A.dll
[2010/11/13 15:59:13 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0461_07.dll
[2010/11/13 15:59:13 | 000,006,656 | ---- | C] () -- C:\Windows\System32\SaiC0461_09.dll
[2010/11/13 15:59:13 | 000,006,656 | ---- | C] () -- C:\Windows\System32\SaiC0461_0402.dll
[2010/05/30 18:23:38 | 000,000,000 | ---- | C] () -- C:\Program Files\Global.sw
[2010/05/30 18:11:05 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2009/12/02 21:13:24 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/11/30 20:58:11 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/09/11 16:35:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 16:35:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/08 15:17:20 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2009/05/20 21:35:02 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/10/29 18:56:20 | 000,000,291 | ---- | C] () -- C:\Windows\dellstat.ini
[2008/10/13 21:14:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/13 20:17:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/04 14:32:07 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/04 14:13:55 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/08/04 14:13:55 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/02/02 06:06:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2007/02/02 05:55:10 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2007/01/22 08:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2007/01/16 13:25:48 | 000,022,723 | ---- | C] () -- C:\Windows\System32\clpa1l3.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,487,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,635,762 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,116,212 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/05 13:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll
[2000/01/28 00:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/04/07 17:32:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Autodesk
[2010/01/17 18:47:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Babylon
[2009/09/01 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Blackberry Desktop
[2010/07/20 14:06:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FOG Downloader
[2010/01/17 19:10:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GarageGames
[2010/12/14 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/03/30 20:08:43 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\ijjigame
[2010/05/29 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InstantAction
[2008/10/14 16:12:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PictureMover
[2010/12/27 22:14:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Research In Motion
[2010/08/22 15:58:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2011/01/02 19:12:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Tific
[2009/10/10 16:12:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WeatherBug
[2008/10/23 20:20:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WildTangent
[2008/10/13 19:57:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PictureMover
[2009/12/02 21:13:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion
[2009/07/03 14:55:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Search Settings
[2009/05/07 17:55:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2009/05/27 22:00:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2008/12/29 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2009/12/18 18:36:55 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\PictureMover
[2010/12/27 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Research In Motion
[2011/04/12 21:33:35 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/12 22:24:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{017DDA5B-28AD-426E-A615-81778D4C0360}.job
[2011/04/12 22:23:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{034F74DD-C297-4D6D-9202-2BDCDA60C932}.job

========== Purity Check ==========



< End of report >






Extras Log:

OTL Extras logfile created on: 4/12/2011 10:23:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sean\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.94 Gb Total Space | 29.06 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 0.60 Gb Free Space | 5.36% Space Free | Partition Type: NTFS
Drive E: | 7.77 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CHRIS_ROOM | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E29CD-ADD7-498D-B6CD-96D5FA7B5D39}" = rport=138 | protocol=17 | dir=out | app=system |
"{031B6F18-E5F4-4959-96D1-B85476D5C2A8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0D2213DF-0ADE-4197-AAFD-AB4A14857781}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0E1B71E8-27E9-401C-B7BD-AC720DE5FF7F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1435702C-956D-4D14-98B5-9A2C572B104E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1A2BABE6-D586-4BA5-AEC2-FEF4CF8B1819}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{247C6660-CA3C-4349-8057-91C941CA2340}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2CB152D5-A694-444F-BA5F-D0E352F2B59E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2CC7D0C9-2ED1-49FD-8B7B-5CFE29C39C79}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{2FFAD96C-7554-4BE0-9CA8-44877F7806E1}" = lport=139 | protocol=6 | dir=in | app=system |
"{303E4F57-D0E1-43E4-8CEE-06E02A394C9C}" = lport=12640 | protocol=17 | dir=in | name=bitcomet 12640 udp |
"{3987406F-170E-4D57-9C91-4A5D228B44CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C6DB952-0DF4-4E16-BE10-1E48884274CF}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface |
"{4EAEE0B2-35EF-45EE-B5E1-95B03E33975B}" = lport=7285 | protocol=17 | dir=in | name=bitcomet 7285 udp |
"{542E4771-9D73-431D-8759-2A5409B7BD38}" = lport=7285 | protocol=6 | dir=in | name=bitcomet 7285 tcp |
"{550EEE17-8054-4001-947B-FCE55FE23914}" = lport=49212 | protocol=6 | dir=in | name=akamai netsession interface |
"{57E9F4AB-CB47-46F0-96F3-A5EE16B7F694}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{6BCCFFAA-1086-4C01-A65D-DB108DF73CF8}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{7499F98F-4FA7-4259-85EA-85DCA459AD0A}" = lport=138 | protocol=17 | dir=in | app=system |
"{7D46DDD6-3C82-4526-9704-56BDEE956B88}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7E54BAA2-9E90-4724-B3F7-349FE35B54B8}" = rport=139 | protocol=6 | dir=out | app=system |
"{915919A1-73B0-4349-AE61-E4A214AAEF0B}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{AE2D4CB7-3FCF-45BC-A7A9-31A16D76DD48}" = lport=445 | protocol=6 | dir=in | app=system |
"{C879FF92-A1CB-41F6-98E3-2CAC8F2DEA47}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E23A4D07-8D51-42F0-AC68-BF3E5CF38854}" = lport=12640 | protocol=6 | dir=in | name=bitcomet 12640 tcp |
"{F4A01757-EDCB-426A-BCCA-C46B9A436323}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE8FF692-CB57-42E3-850D-098E7701483B}" = lport=137 | protocol=17 | dir=in | app=system |
"{FEED672D-1229-490D-BC41-8177F80B7F87}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043304D4-824E-4D53-8E11-B7DCA1BABDFF}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{1882B15E-A056-4475-AB8B-CFAE89803FFB}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{2246D307-42CA-4A29-9106-8A3441E9025B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{25000C62-A292-48F6-919B-5087CEAA746C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2965592E-93D8-4CF0-B5CD-2217274E65C3}" = protocol=58 | dir=out | [email protected],-28546 |
"{2A50768C-47C1-409F-B29C-822AD2440ABB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C2BCBA8-D449-4334-BC33-5EF4EB058D89}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2D6E0F45-7A46-4E87-9E82-C03CE749AF49}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{34D659CA-F78B-4875-8270-B33BDD54231A}" = protocol=58 | dir=in | [email protected],-28545 |
"{366C48ED-5EA8-4BE9-8E77-9CE731AEB3ED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{371F6BF5-A15E-44D7-A9FE-C65C0B3CE66A}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{45CE7B48-D965-458F-AAED-AC2C38DB5AD4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{484AE410-BFB7-44CD-B696-877D7949956B}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{48C0EC0B-CFEE-4BBF-A3A2-4D88D8726153}" = protocol=17 | dir=in | app=c:\ijji\english\genesisad\gameconsole.bin |
"{4AE69F16-0746-46CC-A6C3-123DB8D2BA5B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{53549B6A-F30F-4D00-A127-3D3ABEC490BE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5590CF04-049B-4D6E-8316-3F00D5737127}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{5972419D-D352-4238-9186-9D95C13C918F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{60828FA4-6396-4353-84C0-6AD4D717C478}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{685F21AF-DB04-42E1-A984-B4882F4263CE}" = protocol=6 | dir=in | app=c:\ijji\english\genesisad\gameconsole.bin |
"{7509143B-1AFF-4465-B713-2E33C2AAEA32}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{752F41CD-20A3-4272-BAD6-FC774BB5A4F7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{757591EF-A472-4929-8711-C881703FE44F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{772A50D2-CB6D-4BF3-A365-A3ECDFDD1E92}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7D52D6CE-EC5F-4307-BB69-19CCC70E3633}" = protocol=1 | dir=in | [email protected],-28543 |
"{981495F7-8740-441B-A919-C31435F72A96}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{9EF3C111-F5A9-49B4-AC15-D112AEAD00E5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A7162A36-1213-461A-8C8B-1449DC89A99D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A846F8A1-DAB4-4DA5-BD7C-4210EBED2FA9}" = dir=in | app=c:\program files\norton internet security\engine\18.1.0.37\ccsvchst.exe |
"{AA477090-DB95-41AD-AAAA-200A2EDDD8F2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B1E7BE81-6D77-49E7-BB4D-224D88F75D72}" = protocol=6 | dir=in | app=c:\ijji\english\genesisad\anotherday.exe |
"{B217DCE0-D0E7-46E4-A83D-A513B9C02B27}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B80CF934-B223-42CF-B58B-9A8BDE8473BF}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{C0C703FE-D6D4-45F3-9085-BEF2F9E92DA5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C0D08D22-8D8B-43B5-AC3A-628769EA0504}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C3009229-24F5-4944-BE46-7415C0BECE3E}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{C8B3BF95-B471-448F-B44F-DBA036E70242}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D1736985-6CDF-4CD1-BAC3-B8E7B48EB068}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{E0A9F0AE-1144-4744-A932-9E144A53B6F7}" = protocol=17 | dir=in | app=c:\ijji\english\genesisad\anotherday.exe |
"{E2D84832-EF83-480E-BBFD-4018A8E7D579}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{FB43B4CA-A7A0-4760-8591-596820FEACE4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FE945515-D209-4C13-BC7C-33C0D329EEDF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF961C95-614F-416C-8C33-06F4BDE55FAE}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{2288355D-C8F8-4C20-AB12-C61EC2B47132}C:\users\chris\downloads\minions of mirth\bin\minionsofmirth.exe" = protocol=6 | dir=in | app=c:\users\chris\downloads\minions of mirth\bin\minionsofmirth.exe |
"TCP Query User{2317D4CC-CCE4-4721-9287-835E3881F119}C:\aeriagames\wolfteam\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin |
"TCP Query User{525191DE-B386-4CC9-833B-65EB5C2E12AB}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"TCP Query User{5BA06EA0-A69F-4530-B056-9EB2CBFD377C}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{5DC7DC21-23EC-44D0-B050-B73C38E78A02}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{6DC5D24B-FEF3-4740-9CF1-81F1CB0B2AD6}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{6EF5A5DE-68F9-400C-82D0-B70EDC5EC99D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{980CF9AE-03CE-4655-83E5-ABA45132F226}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"TCP Query User{98FC27F4-5389-4415-9ADC-A755A5552719}C:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bl9ch9le\fogdownloader-rom_3_0_1_2153[1].exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bl9ch9le\fogdownloader-rom_3_0_1_2153[1].exe |
"TCP Query User{B68214BA-C72A-4119-9C87-101732D4A717}C:\program files\3d groove\sky racer\skyracer.exe" = protocol=6 | dir=in | app=c:\program files\3d groove\sky racer\skyracer.exe |
"TCP Query User{B798258E-5935-4608-AE83-815DFEC307B0}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"TCP Query User{DFA061ED-0D9B-430E-A440-451F450995B6}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{02775328-5B00-4F7D-8518-E805DD87D950}C:\program files\3d groove\sky racer\skyracer.exe" = protocol=17 | dir=in | app=c:\program files\3d groove\sky racer\skyracer.exe |
"UDP Query User{10705DF6-A1A8-42F9-8D83-C78B5A433928}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{16789032-15FC-4EBC-BD33-37F0DD7DB2FC}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{267C32A5-1893-46DD-8D27-FEE718FEB364}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{49742132-4BFF-40EF-8A41-2EEE3D424BFF}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{4EB8B947-0969-4429-8F62-E5B144518C7D}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"UDP Query User{53253BAA-DA17-4563-A070-D18A77EAB2CB}C:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bl9ch9le\fogdownloader-rom_3_0_1_2153[1].exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bl9ch9le\fogdownloader-rom_3_0_1_2153[1].exe |
"UDP Query User{8F2F5C23-CC3A-4B63-9783-18F79AFDE808}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{B5A532C3-C7E9-4CA1-9AA0-E00BB7C762F3}C:\aeriagames\wolfteam\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin |
"UDP Query User{D51B5A99-9885-4917-829F-C23E54184A89}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{D5A524DF-E7D2-4D67-AC76-0F336E404D0F}C:\users\chris\downloads\minions of mirth\bin\minionsofmirth.exe" = protocol=17 | dir=in | app=c:\users\chris\downloads\minions of mirth\bin\minionsofmirth.exe |
"UDP Query User{E748A7ED-9C69-4C11-BC4A-C3D11C046884}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04634A14-619B-4F53-88B3-2A48FB3A99C6}" = TwelveSky2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2243C6DC-39EA-4D5E-B743-3AE510A91B3A}" = WeatherBug
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22BF49DF-4216-419D-B4BF-7D3E112DE1E3}" = Operation Overkill
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 23
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}" = SeaWorld Adventure Park Tycoon
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-A001-0409-0002-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1002-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EB3F5E2-1533-42D2-97C2-E0BA06CA6939}" = GenesisAD
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{790B839A-69FB-4B98-8B00-F2B0066AAC49}" = Metal
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{967FB80D-56BD-42EF-A942-9E8C78F984A4}" = Saitek SST Programming Software
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2FA012E-27C7-4308-9457-5FCFB84B0436}" = PictureMover
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFD583FA-7760-426C-AD98-8529AFA78575}" = Platypus
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D490989C-CC6B-11D4-B3F0-00A0CC3FD0A8}" = 3D Dragon Castle
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC0B2A03-9FBF-4B21-AD3B-14C49C2232C7}" = GenesisAD_Setup
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run™
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Akamai" = Akamai NetSession Interface
"Alien Battlecraft Arena_is1" = Alien Battlecraft Arena v1.3
"American Conquest" = American Conquest
"Ask Toolbar_is1" = Ask Toolbar
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"BitComet" = BitComet 1.07
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"BrickShooter" = BrickShooter
"Castles 1.5" = Castles 1.5
"Chicken Invaders" = Chicken Invaders
"Clu Clu Land_is1" = Clu Clu Land v1.0
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"EZ Recipes" = EZ Recipes
"Free Realms Installer" = Free Realms Installer
"gatesofandaron_is1" = Gates of Andaron 3.3
"GoldWave v5.52" = GoldWave v5.52
"Gunz" = ijji - Gunz
"Happyland Adventures - Xmas Edition" = Happyland Adventures - Xmas Edition
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Icy Tower 1.1" = Icy Tower 1.1
"iLivid Download Manager" = iLivid Download Manager
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LastChaos" = LastChaos
"Lawn Mower" = Lawn Mower
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MS Access 97 SP2" = MS Access 97 SP2
"My.Freeze.com Toolbar" = My.Freeze.com Toolbar
"NIS" = Norton Internet Security
"NOF" = Norton Online
"NSM" = Norton Safety Minder
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PGP_is1" = PGP:Pinball Golf Pool v 1.1
"Project Blackout" = Project Blackout
"PunkBusterSvc" = PunkBuster Services
"Searchqu 406 MediaBar" = Windows ilivid Toolbar
"Shockwave" = Shockwave
"Sky Racer" = Sky Racer
"SpaceBattle2001_is1" = SpaceBattle2001 v1.0
"Steam App 13140" = America's Army 3
"Tank" = Tank
"The History Channel Civil War" = The History Channel Civil War
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Screensaver" = The Weather Channel Screensaver
"TinyCars_is1" = TinyCars 1.0
"Trash Killer 2_is1" = Trash Killer 2
"Water in Fire_is1" = Water in Fire 1.8
"When Clones Attack!" = When Clones Attack!
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WolfTeam" = WolfTeam
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GodsWar Online_is1" = GodsWar Online
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"SOE-Clone Wars" = Clone Wars
"World of Warcraft Trial" = World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2010 5:25:56 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =

Error - 12/7/2010 6:14:54 PM | Computer Name = Chris_Room | Source = Application Error | ID = 1000
Description = Faulting application AppleSyncNotifier.exe, version 1.5.0.0, time
stamp 0x4a5d2cf8, faulting module CoreFoundation.dll, version 6.0.6002.18005, time
stamp 0x49e03821, exception code 0xc0000135, fault offset 0x00009eed, process id
0xc20, application start time 0x01cb965c146fa41a.

Error - 12/7/2010 6:15:36 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2010 5:44:58 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =

Error - 12/8/2010 11:15:06 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =

Error - 12/9/2010 6:59:52 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =

Error - 12/9/2010 7:21:39 PM | Computer Name = Chris_Room | Source = Application Error | ID = 1000
Description = Faulting application AppleSyncNotifier.exe, version 1.5.0.0, time
stamp 0x4a5d2cf8, faulting module CoreFoundation.dll, version 6.0.6002.18005, time
stamp 0x49e03821, exception code 0xc0000135, fault offset 0x00009eed, process id
0xa10, application start time 0x01cb97f7cfde159d.

Error - 12/9/2010 9:03:09 PM | Computer Name = Chris_Room | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/10/2010 5:49:18 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =

Error - 12/10/2010 5:50:01 PM | Computer Name = Chris_Room | Source = Application Error | ID = 1000
Description = Faulting application AppleSyncNotifier.exe, version 1.5.0.0, time
stamp 0x4a5d2cf8, faulting module CoreFoundation.dll, version 6.0.6002.18005, time
stamp 0x49e03821, exception code 0xc0000135, fault offset 0x00009eed, process id
0xc08, application start time 0x01cb98b42a5a2e6b.

[ Media Center Events ]
Error - 2/23/2009 8:37:28 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/1/2009 2:32:32 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/16/2009 9:33:06 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:44:23 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/17/2010 8:14:08 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2010 8:10:38 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/21/2010 3:03:10 PM | Computer Name = Chris_Room | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 12/27/2010 2:47:25 PM | Computer Name = Chris_Room | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 4/12/2011 4:55:57 PM | Computer Name = Chris_Room | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:53:42 PM on 4/12/2011 was unexpected.

Error - 4/12/2011 4:57:10 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7001
Description =

Error - 4/12/2011 4:57:10 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7026
Description =

Error - 4/12/2011 5:01:58 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7000
Description =

Error - 4/12/2011 5:58:10 PM | Computer Name = Chris_Room | Source = DCOM | ID = 10010
Description =

Error - 4/12/2011 8:20:06 PM | Computer Name = Chris_Room | Source = DCOM | ID = 10010
Description =

Error - 4/12/2011 8:46:11 PM | Computer Name = Chris_Room | Source = DCOM | ID = 10010
Description =

Error - 4/12/2011 8:53:52 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7000
Description =

Error - 4/12/2011 9:13:07 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7000
Description =

Error - 4/12/2011 9:13:31 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7034
Description =


< End of report >


Malwarebytes Logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6347

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

4/12/2011 9:36:09 PM
mbam-log-2011-04-12 (21-36-09).txt

Scan type: Quick scan
Objects scanned: 211822
Time elapsed: 16 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pzocetovapuzegi (Trojan.Agent.U) -> Value: Pzocetovapuzegi -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\96172429 (Rogue.Multiple) -> Delete on reboot.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper (Adware.SmartShopper) -> Delete on reboot.

Files Infected:
c:\$Recycle.Bin\s-1-5-21-2183551051-3869028452-3555188213-1001\$R7LB4AS.exe (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-2183551051-3869028452-3555188213-1001\$R7S89VL.exe (Spyware.Onlinegames) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-2183551051-3869028452-3555188213-1001\$R9W8O91.exe (Spyware.Onlinegames) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\wscnoreaxm.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\rk0mktqr.exe.part (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Windows\Temp\2DC6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Chris\local settings\application data\wanvit.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\microsoft\Windows\start menu\Programs\security tool.lnk (Rogue.SecurityTool) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - comapre product prices.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - compare travel rate.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper help.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\uninstall smartshopper.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.





2nd Malwarebytes Log after reboot:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6347

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

4/12/2011 10:00:19 PM
mbam-log-2011-04-12 (22-00-19).txt

Scan type: Quick scan
Objects scanned: 212535
Time elapsed: 13 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP