One was an attack from a known threat computer when I did a search on the IP in Norton I came up with a thread from one of your guys and followed through the responses.
I ran Malware Bytes resolved 18 threats
I downloaded OTL & Scan.txt
I have attached the 2 log files and the Malware Bytes logs below.
Am I in the clear now?
OTL Log:
OTL logfile created on: 4/12/2011 10:23:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sean\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.94 Gb Total Space | 29.06 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 0.60 Gb Free Space | 5.36% Space Free | Partition Type: NTFS
Drive E: | 7.77 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: CHRIS_ROOM | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/12 21:06:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Downloads\OTL.exe
PRC - [2011/03/24 15:29:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/24 08:30:12 | 001,115,536 | ---- | M] (Discordia, LTD) -- C:\Program Files\Windows ilivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/11/13 17:28:29 | 000,335,872 | ---- | M] (Zamiinc) -- C:\Program Files\Gameforge4D\GatesofAndaron\PrePatch.exe
PRC - [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2010/07/23 02:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Online\Engine\2.1.0.23\ccsvchst.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/03 18:23:30 | 000,413,696 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\PictureMover\Bin\PictureMover.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/03/01 15:52:04 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe
PRC - [2006/11/02 08:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/08/14 13:12:48 | 000,126,976 | ---- | M] (Saitek) -- C:\Program Files\Saitek\Software\SaiMfd.exe
PRC - [2006/08/09 15:23:26 | 000,184,320 | ---- | M] (Saitek) -- C:\Program Files\Saitek\Software\ProfilerU.exe
========== Modules (SafeList) ==========
MOD - [2011/04/12 21:06:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Downloads\OTL.exe
MOD - [2011/04/07 06:15:25 | 000,053,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL
MOD - [2011/04/07 06:15:12 | 003,780,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll
MOD - [2011/02/03 19:53:04 | 000,043,232 | ---- | M] (Autodesk, Inc.) -- C:\Windows\System32\AcSignIcon.dll
MOD - [2011/01/14 03:30:20 | 000,515,808 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Inventor Fusion 2012\AcSignCore16.dll
MOD - [2010/12/04 02:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2010/11/13 15:49:45 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/11/13 15:49:45 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/04 15:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009/09/30 21:02:04 | 000,334,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2009/06/10 07:41:46 | 002,386,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
MOD - [2009/04/11 02:28:19 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
MOD - [2009/04/11 02:28:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2009/04/11 02:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2008/01/20 22:25:15 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
MOD - [2008/01/20 22:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/20 22:24:54 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2006/11/02 05:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/04/07 06:27:21 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/30 16:45:53 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/08/15 12:19:00 | 003,700,176 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/07/23 02:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Online\Engine\2.1.0.23\ccSvcHst.exe -- (NOF)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/01 15:52:04 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)
========== Driver Services (SafeList) ==========
DRV - [2011/03/31 17:34:28 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110411.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 17:34:27 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110411.038\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110411.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/02/25 17:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/01/03 19:31:24 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/01/03 19:31:24 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/26 18:25:00 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/01 01:23:59 | 000,330,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/11/23 00:59:15 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/11/23 00:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/23 00:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 22:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 21:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/20 22:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/07/12 21:20:31 | 000,181,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NSM\0201000.034\SymRdr.SYS -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
DRV - [2009/01/18 23:01:37 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Chris\AppData\Local\Temp\pnicml.sys -- (pnicml)
DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/06 15:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/06/06 15:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 10:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/22 05:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/02/12 11:27:34 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2008/02/12 11:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 11:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/01/23 15:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 15:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/01/23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/08/14 06:52:49 | 000,035,328 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2006/08/14 06:52:44 | 000,013,824 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2006/08/08 13:25:06 | 000,182,528 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0461.sys -- (SaiH0461)
DRV - [2005/01/01 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2001/05/07 06:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKU\.DEFAULT\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKU\S-1-5-18\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.1.0.01
FF - prefs.js..extensions.enabledItems: {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}:2.1.0.52
FF - prefs.js..extensions.enabledItems: {B2B6B7D4-A5A7-4C91-95B0-1279094F69F6}:1.9.1
FF - prefs.js..keyword.URL: "http://www.searchqu....ystemid=406&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/07 07:09:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 18:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.1.0.37\coFFFw\ [2011/03/31 17:14:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B2B6B7D4-A5A7-4C91-95B0-1279094F69F6}: C:\Users\Chris\AppData\Local\{B2B6B7D4-A5A7-4C91-95B0-1279094F69F6} [2011/04/09 18:15:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/30 23:46:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 13:40:45 | 000,000,000 | ---D | M]
[2010/11/28 20:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions
[2011/04/12 21:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fziz36im.default\extensions
[2010/12/26 15:32:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fziz36im.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/09 18:05:05 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fziz36im.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2010/12/26 16:53:47 | 000,002,470 | ---- | M] () -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fziz36im.default\searchplugins\safesearch.xml
[2011/04/12 21:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/26 18:33:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/09 18:05:16 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011/01/06 18:41:20 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/07 07:09:21 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011/03/31 17:14:23 | 000,000,000 | ---D | M] (Norton Safety Minder) -- C:\PROGRAMDATA\NORTON\{78CA3BF0-9C3B-40E1-B46D-38C877EF059A}\NSM_2.1.0.37\COFFFW
[2011/04/09 18:15:59 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CHRIS\APPDATA\LOCAL\{B2B6B7D4-A5A7-4C91-95B0-1279094F69F6}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/27 17:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 18:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2011/03/23 08:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
Hosts file not found
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows ilivid Toolbar\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows ilivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Norton Safety Minder) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.52\coieplg.dll (Symantec Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows ilivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..\Toolbar\WebBrowser: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - File not found
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\GatesofAndaron\PrePatch.exe (Zamiinc)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows ilivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003..\Run: [DW6] File not found
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2183551051-3869028452-3555188213-1003\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantac...ad/iaplayer.cab (InstantAction Game Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3712~1\Datamngr\datamngr.dll) - C:\Program Files\Windows ilivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3712~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows ilivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/07 06:02:11 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/08/04 14:31:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{560ac92d-6ad0-11dd-b42e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{560ac92d-6ad0-11dd-b42e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\dvdcheck.exe
O33 - MountPoints2\{81f229ff-b0f8-11dd-a907-001e904d6d90}\Shell - "" = AutoRun
O33 - MountPoints2\{81f229ff-b0f8-11dd-a907-001e904d6d90}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {42AAE930-0606-E49C-026B-3C0D629FA897} - Macromedia Shockwave Director 8.0
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {6008AC6D-6E68-91A2-A843-D25C160A28A6} - DirectX
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D654302A-C5B3-8764-7F72-EAB2E553D617} - Internet Explorer
ActiveX: {DC263C6C-C073-BE41-181C-F12EACE8C54B} - NetShow
ActiveX: {DC5A79B7-A29E-4531-88A5-0CA8D2409CA8} - NetShow
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
========== Files/Folders - Created Within 30 Days ==========
[2011/04/12 20:44:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/04/12 20:43:03 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/04/09 18:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\ilivid
[2011/04/09 18:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows ilivid Toolbar
[2011/04/07 17:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/04/07 06:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/04/07 06:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011/04/07 06:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/04/07 06:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/04/06 23:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2011/04/06 23:31:27 | 000,000,000 | ---D | C] -- C:\Autodesk
[2011/03/26 21:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gunz
[2011/03/26 13:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame
[2011/03/26 09:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\USArmy
[2011/03/25 22:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient
[2011/03/25 16:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/03/25 16:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/03/25 16:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/03/25 13:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/03/18 18:36:07 | 000,019,805 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\usbio.sys
[2007/03/01 15:52:06 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbcih.exe
[2007/03/01 15:52:04 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbccoms.exe
[2007/03/01 15:52:04 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbccfg.exe
[2007/02/02 06:06:34 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2007/02/02 05:55:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2006/12/20 17:08:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2006/12/20 17:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2006/12/20 17:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2006/12/20 16:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2006/12/20 16:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2006/12/20 16:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2006/12/20 16:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2006/12/20 16:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2006/12/20 16:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2006/12/20 16:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2006/12/20 16:42:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll
========== Files - Modified Within 30 Days ==========
[2011/04/12 22:24:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{017DDA5B-28AD-426E-A615-81778D4C0360}.job
[2011/04/12 22:23:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{034F74DD-C297-4D6D-9202-2BDCDA60C932}.job
[2011/04/12 22:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/12 22:18:41 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/04/12 22:07:54 | 000,229,428 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/04/12 22:07:26 | 000,002,487 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/12 21:40:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/12 21:39:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/12 21:39:50 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/12 21:39:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/12 21:39:08 | 3152,519,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 21:07:12 | 000,000,789 | ---- | M] () -- C:\Users\Sean\Desktop\OTL - Shortcut.lnk
[2011/04/12 20:54:35 | 000,000,944 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/12 16:55:29 | 281,215,934 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/08 17:51:03 | 000,635,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/08 17:51:02 | 000,116,212 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/07 17:23:06 | 000,487,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/07 06:33:38 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
[2011/04/07 06:28:31 | 000,000,147 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/07 06:25:59 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
[2011/04/04 20:00:00 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2011/03/31 20:22:28 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2011/03/31 17:14:06 | 000,002,584 | ---- | M] () -- C:\Users\Public\Desktop\Norton Online Family.lnk
[2011/03/26 23:06:04 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\Soldier Front.lnk
[2011/03/26 21:33:38 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Gunz.lnk
[2011/03/26 21:25:54 | 000,000,779 | ---- | M] () -- C:\Users\Sean\Desktop\Gunz.lnk
[2011/03/26 15:23:27 | 000,000,171 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url
[2011/03/26 15:23:25 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2011/03/26 12:28:29 | 000,137,544 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/03/26 12:28:20 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/03/26 09:18:23 | 003,360,624 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2011/03/25 16:41:59 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/03/24 22:00:58 | 000,000,799 | ---- | M] () -- C:\Users\Sean\Desktop\Project Blackout.lnk
[2011/03/15 18:00:27 | 000,002,848 | ---- | M] () -- C:\{819D7F97-4E3B-4C45-A5C7-D544D09D79BF}
========== Files Created - No Company Name ==========
[2011/04/12 22:07:26 | 000,002,487 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/12 21:07:12 | 000,000,789 | ---- | C] () -- C:\Users\Sean\Desktop\OTL - Shortcut.lnk
[2011/04/12 20:54:35 | 000,000,944 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/12 17:00:28 | 3152,519,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/07 06:33:38 | 000,001,982 | ---- | C] () -- C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
[2011/04/07 06:28:31 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/07 06:25:59 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk
[2011/03/31 20:22:28 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2011/03/26 23:06:04 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\Soldier Front.lnk
[2011/03/26 21:33:38 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Gunz.lnk
[2011/03/26 21:25:54 | 000,000,779 | ---- | C] () -- C:\Users\Sean\Desktop\Gunz.lnk
[2011/03/26 15:23:27 | 000,000,171 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url
[2011/03/26 15:23:25 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2011/03/25 21:45:26 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/03/25 21:44:02 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/03/25 19:51:03 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/03/25 19:50:56 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/03/25 19:50:55 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/03/25 16:41:58 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/03/15 18:00:26 | 000,002,848 | ---- | C] () -- C:\{819D7F97-4E3B-4C45-A5C7-D544D09D79BF}
[2011/02/25 21:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/11/28 20:06:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/13 17:42:03 | 000,229,428 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/11/13 16:02:36 | 000,155,648 | ---- | C] () -- C:\Windows\System32\nY.exe
[2010/11/13 15:59:13 | 001,126,400 | ---- | C] () -- C:\Windows\System32\SaiC0461.Dll
[2010/11/13 15:59:13 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0461_10.dll
[2010/11/13 15:59:13 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0461_0C.dll
[2010/11/13 15:59:13 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0461_0A.dll
[2010/11/13 15:59:13 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0461_07.dll
[2010/11/13 15:59:13 | 000,006,656 | ---- | C] () -- C:\Windows\System32\SaiC0461_09.dll
[2010/11/13 15:59:13 | 000,006,656 | ---- | C] () -- C:\Windows\System32\SaiC0461_0402.dll
[2010/05/30 18:23:38 | 000,000,000 | ---- | C] () -- C:\Program Files\Global.sw
[2010/05/30 18:11:05 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2009/12/02 21:13:24 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/11/30 20:58:11 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/09/11 16:35:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 16:35:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/08 15:17:20 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2009/05/20 21:35:02 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/10/29 18:56:20 | 000,000,291 | ---- | C] () -- C:\Windows\dellstat.ini
[2008/10/13 21:14:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/13 20:17:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/04 14:32:07 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/04 14:13:55 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/08/04 14:13:55 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/02/02 06:06:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2007/02/02 05:55:10 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2007/01/22 08:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2007/01/16 13:25:48 | 000,022,723 | ---- | C] () -- C:\Windows\System32\clpa1l3.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,487,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,635,762 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,116,212 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/05 13:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll
[2000/01/28 00:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
========== LOP Check ==========
[2011/04/07 17:32:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Autodesk
[2010/01/17 18:47:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Babylon
[2009/09/01 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Blackberry Desktop
[2010/07/20 14:06:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FOG Downloader
[2010/01/17 19:10:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GarageGames
[2010/12/14 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/03/30 20:08:43 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData\Roaming\ijjigame
[2010/05/29 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InstantAction
[2008/10/14 16:12:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PictureMover
[2010/12/27 22:14:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Research In Motion
[2010/08/22 15:58:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2011/01/02 19:12:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Tific
[2009/10/10 16:12:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WeatherBug
[2008/10/23 20:20:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WildTangent
[2008/10/13 19:57:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PictureMover
[2009/12/02 21:13:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion
[2009/07/03 14:55:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Search Settings
[2009/05/07 17:55:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2009/05/27 22:00:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2008/12/29 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2009/12/18 18:36:55 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\PictureMover
[2010/12/27 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Research In Motion
[2011/04/12 21:33:35 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/12 22:24:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{017DDA5B-28AD-426E-A615-81778D4C0360}.job
[2011/04/12 22:23:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{034F74DD-C297-4D6D-9202-2BDCDA60C932}.job
========== Purity Check ==========
< End of report >
Extras Log:
OTL Extras logfile created on: 4/12/2011 10:23:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sean\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.94 Gb Total Space | 29.06 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 0.60 Gb Free Space | 5.36% Space Free | Partition Type: NTFS
Drive E: | 7.77 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: CHRIS_ROOM | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E29CD-ADD7-498D-B6CD-96D5FA7B5D39}" = rport=138 | protocol=17 | dir=out | app=system |
"{031B6F18-E5F4-4959-96D1-B85476D5C2A8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0D2213DF-0ADE-4197-AAFD-AB4A14857781}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0E1B71E8-27E9-401C-B7BD-AC720DE5FF7F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1435702C-956D-4D14-98B5-9A2C572B104E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1A2BABE6-D586-4BA5-AEC2-FEF4CF8B1819}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{247C6660-CA3C-4349-8057-91C941CA2340}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2CB152D5-A694-444F-BA5F-D0E352F2B59E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2CC7D0C9-2ED1-49FD-8B7B-5CFE29C39C79}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{2FFAD96C-7554-4BE0-9CA8-44877F7806E1}" = lport=139 | protocol=6 | dir=in | app=system |
"{303E4F57-D0E1-43E4-8CEE-06E02A394C9C}" = lport=12640 | protocol=17 | dir=in | name=bitcomet 12640 udp |
"{3987406F-170E-4D57-9C91-4A5D228B44CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C6DB952-0DF4-4E16-BE10-1E48884274CF}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface |
"{4EAEE0B2-35EF-45EE-B5E1-95B03E33975B}" = lport=7285 | protocol=17 | dir=in | name=bitcomet 7285 udp |
"{542E4771-9D73-431D-8759-2A5409B7BD38}" = lport=7285 | protocol=6 | dir=in | name=bitcomet 7285 tcp |
"{550EEE17-8054-4001-947B-FCE55FE23914}" = lport=49212 | protocol=6 | dir=in | name=akamai netsession interface |
"{57E9F4AB-CB47-46F0-96F3-A5EE16B7F694}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{6BCCFFAA-1086-4C01-A65D-DB108DF73CF8}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{7499F98F-4FA7-4259-85EA-85DCA459AD0A}" = lport=138 | protocol=17 | dir=in | app=system |
"{7D46DDD6-3C82-4526-9704-56BDEE956B88}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7E54BAA2-9E90-4724-B3F7-349FE35B54B8}" = rport=139 | protocol=6 | dir=out | app=system |
"{915919A1-73B0-4349-AE61-E4A214AAEF0B}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{AE2D4CB7-3FCF-45BC-A7A9-31A16D76DD48}" = lport=445 | protocol=6 | dir=in | app=system |
"{C879FF92-A1CB-41F6-98E3-2CAC8F2DEA47}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E23A4D07-8D51-42F0-AC68-BF3E5CF38854}" = lport=12640 | protocol=6 | dir=in | name=bitcomet 12640 tcp |
"{F4A01757-EDCB-426A-BCCA-C46B9A436323}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE8FF692-CB57-42E3-850D-098E7701483B}" = lport=137 | protocol=17 | dir=in | app=system |
"{FEED672D-1229-490D-BC41-8177F80B7F87}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043304D4-824E-4D53-8E11-B7DCA1BABDFF}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{1882B15E-A056-4475-AB8B-CFAE89803FFB}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{2246D307-42CA-4A29-9106-8A3441E9025B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{25000C62-A292-48F6-919B-5087CEAA746C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2965592E-93D8-4CF0-B5CD-2217274E65C3}" = protocol=58 | dir=out | [email protected],-28546 |
"{2A50768C-47C1-409F-B29C-822AD2440ABB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C2BCBA8-D449-4334-BC33-5EF4EB058D89}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2D6E0F45-7A46-4E87-9E82-C03CE749AF49}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{34D659CA-F78B-4875-8270-B33BDD54231A}" = protocol=58 | dir=in | [email protected],-28545 |
"{366C48ED-5EA8-4BE9-8E77-9CE731AEB3ED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{371F6BF5-A15E-44D7-A9FE-C65C0B3CE66A}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{45CE7B48-D965-458F-AAED-AC2C38DB5AD4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{484AE410-BFB7-44CD-B696-877D7949956B}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{48C0EC0B-CFEE-4BBF-A3A2-4D88D8726153}" = protocol=17 | dir=in | app=c:\ijji\english\genesisad\gameconsole.bin |
"{4AE69F16-0746-46CC-A6C3-123DB8D2BA5B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{53549B6A-F30F-4D00-A127-3D3ABEC490BE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5590CF04-049B-4D6E-8316-3F00D5737127}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{5972419D-D352-4238-9186-9D95C13C918F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{60828FA4-6396-4353-84C0-6AD4D717C478}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{685F21AF-DB04-42E1-A984-B4882F4263CE}" = protocol=6 | dir=in | app=c:\ijji\english\genesisad\gameconsole.bin |
"{7509143B-1AFF-4465-B713-2E33C2AAEA32}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{752F41CD-20A3-4272-BAD6-FC774BB5A4F7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{757591EF-A472-4929-8711-C881703FE44F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{772A50D2-CB6D-4BF3-A365-A3ECDFDD1E92}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7D52D6CE-EC5F-4307-BB69-19CCC70E3633}" = protocol=1 | dir=in | [email protected],-28543 |
"{981495F7-8740-441B-A919-C31435F72A96}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{9EF3C111-F5A9-49B4-AC15-D112AEAD00E5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A7162A36-1213-461A-8C8B-1449DC89A99D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A846F8A1-DAB4-4DA5-BD7C-4210EBED2FA9}" = dir=in | app=c:\program files\norton internet security\engine\18.1.0.37\ccsvchst.exe |
"{AA477090-DB95-41AD-AAAA-200A2EDDD8F2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B1E7BE81-6D77-49E7-BB4D-224D88F75D72}" = protocol=6 | dir=in | app=c:\ijji\english\genesisad\anotherday.exe |
"{B217DCE0-D0E7-46E4-A83D-A513B9C02B27}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B80CF934-B223-42CF-B58B-9A8BDE8473BF}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{C0C703FE-D6D4-45F3-9085-BEF2F9E92DA5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C0D08D22-8D8B-43B5-AC3A-628769EA0504}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C3009229-24F5-4944-BE46-7415C0BECE3E}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{C8B3BF95-B471-448F-B44F-DBA036E70242}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D1736985-6CDF-4CD1-BAC3-B8E7B48EB068}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{E0A9F0AE-1144-4744-A932-9E144A53B6F7}" = protocol=17 | dir=in | app=c:\ijji\english\genesisad\anotherday.exe |
"{E2D84832-EF83-480E-BBFD-4018A8E7D579}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{FB43B4CA-A7A0-4760-8591-596820FEACE4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FE945515-D209-4C13-BC7C-33C0D329EEDF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF961C95-614F-416C-8C33-06F4BDE55FAE}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{2288355D-C8F8-4C20-AB12-C61EC2B47132}C:\users\chris\downloads\minions of mirth\bin\minionsofmirth.exe" = protocol=6 | dir=in | app=c:\users\chris\downloads\minions of mirth\bin\minionsofmirth.exe |
"TCP Query User{2317D4CC-CCE4-4721-9287-835E3881F119}C:\aeriagames\wolfteam\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin |
"TCP Query User{525191DE-B386-4CC9-833B-65EB5C2E12AB}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"TCP Query User{5BA06EA0-A69F-4530-B056-9EB2CBFD377C}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{5DC7DC21-23EC-44D0-B050-B73C38E78A02}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{6DC5D24B-FEF3-4740-9CF1-81F1CB0B2AD6}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{6EF5A5DE-68F9-400C-82D0-B70EDC5EC99D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{980CF9AE-03CE-4655-83E5-ABA45132F226}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"TCP Query User{98FC27F4-5389-4415-9ADC-A755A5552719}C:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bl9ch9le\fogdownloader-rom_3_0_1_2153[1].exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bl9ch9le\fogdownloader-rom_3_0_1_2153[1].exe |
"TCP Query User{B68214BA-C72A-4119-9C87-101732D4A717}C:\program files\3d groove\sky racer\skyracer.exe" = protocol=6 | dir=in | app=c:\program files\3d groove\sky racer\skyracer.exe |
"TCP Query User{B798258E-5935-4608-AE83-815DFEC307B0}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"TCP Query User{DFA061ED-0D9B-430E-A440-451F450995B6}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{02775328-5B00-4F7D-8518-E805DD87D950}C:\program files\3d groove\sky racer\skyracer.exe" = protocol=17 | dir=in | app=c:\program files\3d groove\sky racer\skyracer.exe |
"UDP Query User{10705DF6-A1A8-42F9-8D83-C78B5A433928}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{16789032-15FC-4EBC-BD33-37F0DD7DB2FC}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{267C32A5-1893-46DD-8D27-FEE718FEB364}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{49742132-4BFF-40EF-8A41-2EEE3D424BFF}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{4EB8B947-0969-4429-8F62-E5B144518C7D}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"UDP Query User{53253BAA-DA17-4563-A070-D18A77EAB2CB}C:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bl9ch9le\fogdownloader-rom_3_0_1_2153[1].exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bl9ch9le\fogdownloader-rom_3_0_1_2153[1].exe |
"UDP Query User{8F2F5C23-CC3A-4B63-9783-18F79AFDE808}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{B5A532C3-C7E9-4CA1-9AA0-E00BB7C762F3}C:\aeriagames\wolfteam\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin |
"UDP Query User{D51B5A99-9885-4917-829F-C23E54184A89}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{D5A524DF-E7D2-4D67-AC76-0F336E404D0F}C:\users\chris\downloads\minions of mirth\bin\minionsofmirth.exe" = protocol=17 | dir=in | app=c:\users\chris\downloads\minions of mirth\bin\minionsofmirth.exe |
"UDP Query User{E748A7ED-9C69-4C11-BC4A-C3D11C046884}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04634A14-619B-4F53-88B3-2A48FB3A99C6}" = TwelveSky2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2243C6DC-39EA-4D5E-B743-3AE510A91B3A}" = WeatherBug
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22BF49DF-4216-419D-B4BF-7D3E112DE1E3}" = Operation Overkill
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 23
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}" = SeaWorld Adventure Park Tycoon
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-A001-0409-0002-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1002-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EB3F5E2-1533-42D2-97C2-E0BA06CA6939}" = GenesisAD
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{790B839A-69FB-4B98-8B00-F2B0066AAC49}" = Metal
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{967FB80D-56BD-42EF-A942-9E8C78F984A4}" = Saitek SST Programming Software
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2FA012E-27C7-4308-9457-5FCFB84B0436}" = PictureMover
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFD583FA-7760-426C-AD98-8529AFA78575}" = Platypus
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D490989C-CC6B-11D4-B3F0-00A0CC3FD0A8}" = 3D Dragon Castle
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC0B2A03-9FBF-4B21-AD3B-14C49C2232C7}" = GenesisAD_Setup
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Akamai" = Akamai NetSession Interface
"Alien Battlecraft Arena_is1" = Alien Battlecraft Arena v1.3
"American Conquest" = American Conquest
"Ask Toolbar_is1" = Ask Toolbar
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"BitComet" = BitComet 1.07
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"BrickShooter" = BrickShooter
"Castles 1.5" = Castles 1.5
"Chicken Invaders" = Chicken Invaders
"Clu Clu Land_is1" = Clu Clu Land v1.0
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"EZ Recipes" = EZ Recipes
"Free Realms Installer" = Free Realms Installer
"gatesofandaron_is1" = Gates of Andaron 3.3
"GoldWave v5.52" = GoldWave v5.52
"Gunz" = ijji - Gunz
"Happyland Adventures - Xmas Edition" = Happyland Adventures - Xmas Edition
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Icy Tower 1.1" = Icy Tower 1.1
"iLivid Download Manager" = iLivid Download Manager
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LastChaos" = LastChaos
"Lawn Mower" = Lawn Mower
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MS Access 97 SP2" = MS Access 97 SP2
"My.Freeze.com Toolbar" = My.Freeze.com Toolbar
"NIS" = Norton Internet Security
"NOF" = Norton Online
"NSM" = Norton Safety Minder
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PGP_is1" = PGP:Pinball Golf Pool v 1.1
"Project Blackout" = Project Blackout
"PunkBusterSvc" = PunkBuster Services
"Searchqu 406 MediaBar" = Windows ilivid Toolbar
"Shockwave" = Shockwave
"Sky Racer" = Sky Racer
"SpaceBattle2001_is1" = SpaceBattle2001 v1.0
"Steam App 13140" = America's Army 3
"Tank" = Tank
"The History Channel Civil War" = The History Channel Civil War
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Screensaver" = The Weather Channel Screensaver
"TinyCars_is1" = TinyCars 1.0
"Trash Killer 2_is1" = Trash Killer 2
"Water in Fire_is1" = Water in Fire 1.8
"When Clones Attack!" = When Clones Attack!
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WolfTeam" = WolfTeam
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2183551051-3869028452-3555188213-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GodsWar Online_is1" = GodsWar Online
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"SOE-Clone Wars" = Clone Wars
"World of Warcraft Trial" = World of Warcraft Trial
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/6/2010 5:25:56 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =
Error - 12/7/2010 6:14:54 PM | Computer Name = Chris_Room | Source = Application Error | ID = 1000
Description = Faulting application AppleSyncNotifier.exe, version 1.5.0.0, time
stamp 0x4a5d2cf8, faulting module CoreFoundation.dll, version 6.0.6002.18005, time
stamp 0x49e03821, exception code 0xc0000135, fault offset 0x00009eed, process id
0xc20, application start time 0x01cb965c146fa41a.
Error - 12/7/2010 6:15:36 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =
Error - 12/8/2010 5:44:58 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =
Error - 12/8/2010 11:15:06 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =
Error - 12/9/2010 6:59:52 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =
Error - 12/9/2010 7:21:39 PM | Computer Name = Chris_Room | Source = Application Error | ID = 1000
Description = Faulting application AppleSyncNotifier.exe, version 1.5.0.0, time
stamp 0x4a5d2cf8, faulting module CoreFoundation.dll, version 6.0.6002.18005, time
stamp 0x49e03821, exception code 0xc0000135, fault offset 0x00009eed, process id
0xa10, application start time 0x01cb97f7cfde159d.
Error - 12/9/2010 9:03:09 PM | Computer Name = Chris_Room | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12/10/2010 5:49:18 PM | Computer Name = Chris_Room | Source = WinMgmt | ID = 10
Description =
Error - 12/10/2010 5:50:01 PM | Computer Name = Chris_Room | Source = Application Error | ID = 1000
Description = Faulting application AppleSyncNotifier.exe, version 1.5.0.0, time
stamp 0x4a5d2cf8, faulting module CoreFoundation.dll, version 6.0.6002.18005, time
stamp 0x49e03821, exception code 0xc0000135, fault offset 0x00009eed, process id
0xc08, application start time 0x01cb98b42a5a2e6b.
[ Media Center Events ]
Error - 2/23/2009 8:37:28 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 3/1/2009 2:32:32 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/16/2009 9:33:06 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 10/11/2009 10:44:23 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 9/17/2010 8:14:08 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 11/1/2010 8:10:38 PM | Computer Name = Chris_Room | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 11/21/2010 3:03:10 PM | Computer Name = Chris_Room | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 12/27/2010 2:47:25 PM | Computer Name = Chris_Room | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ System Events ]
Error - 4/12/2011 4:55:57 PM | Computer Name = Chris_Room | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:53:42 PM on 4/12/2011 was unexpected.
Error - 4/12/2011 4:57:10 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7001
Description =
Error - 4/12/2011 4:57:10 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7026
Description =
Error - 4/12/2011 5:01:58 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7000
Description =
Error - 4/12/2011 5:58:10 PM | Computer Name = Chris_Room | Source = DCOM | ID = 10010
Description =
Error - 4/12/2011 8:20:06 PM | Computer Name = Chris_Room | Source = DCOM | ID = 10010
Description =
Error - 4/12/2011 8:46:11 PM | Computer Name = Chris_Room | Source = DCOM | ID = 10010
Description =
Error - 4/12/2011 8:53:52 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7000
Description =
Error - 4/12/2011 9:13:07 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7000
Description =
Error - 4/12/2011 9:13:31 PM | Computer Name = Chris_Room | Source = Service Control Manager | ID = 7034
Description =
< End of report >
Malwarebytes Logs:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6347
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
4/12/2011 9:36:09 PM
mbam-log-2011-04-12 (21-36-09).txt
Scan type: Quick scan
Objects scanned: 211822
Time elapsed: 16 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pzocetovapuzegi (Trojan.Agent.U) -> Value: Pzocetovapuzegi -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\programdata\96172429 (Rogue.Multiple) -> Delete on reboot.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper (Adware.SmartShopper) -> Delete on reboot.
Files Infected:
c:\$Recycle.Bin\s-1-5-21-2183551051-3869028452-3555188213-1001\$R7LB4AS.exe (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-2183551051-3869028452-3555188213-1001\$R7S89VL.exe (Spyware.Onlinegames) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-2183551051-3869028452-3555188213-1001\$R9W8O91.exe (Spyware.Onlinegames) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\wscnoreaxm.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\rk0mktqr.exe.part (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Windows\Temp\2DC6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Chris\local settings\application data\wanvit.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\microsoft\Windows\start menu\Programs\security tool.lnk (Rogue.SecurityTool) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - comapre product prices.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - compare travel rate.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper help.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\uninstall smartshopper.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
2nd Malwarebytes Log after reboot:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6347
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
4/12/2011 10:00:19 PM
mbam-log-2011-04-12 (22-00-19).txt
Scan type: Quick scan
Objects scanned: 212535
Time elapsed: 13 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)