Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus new icon in task bar acting strange


  • This topic is locked This topic is locked

#1
Czuma

Czuma

    New Member

  • Member
  • Pip
  • 6 posts
Hi I believe my win 7 pc has been infected some how. I am unable to run windows updates. A few days ago my antivirus gave me a pop up saying that dwm.exe needed to make a change and to allow or deny it. my mistake to allow it. thought dwm.exe was something with the windowns desktop environment. guess even techies can get fooled. now i notice a new icon in my systray its a white flag with a red x when i hover over it it says solve pc issues i important message 8 total messages i dont want to click on it because it feels like malware.

here is my OTS report

OTS logfile created on: 7/23/2011 10:12:32 AM - Run 1
OTS by OldTimer - Version 3.1.44.0 Folder = C:\Users\Scott\Desktop\Anti Malware tools
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 60.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.50 Gb Total Space | 338.96 Gb Free Space | 74.09% Space Free | Partition Type: NTFS
Drive D: | 2.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 74.53 Gb Total Space | 31.58 Gb Free Space | 42.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCOTT-ALIEN
Current User Name: Scott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
otl.exe -> C:\Users\Scott\Desktop\Anti Malware tools\OTL.exe -> [2011/07/23 10:12:28 | 000,645,120 | ---- | M] (OldTimer Tools)
csrss.exe -> C:\Users\Scott\AppData\Local\Temp\csrss.exe -> [2011/07/21 22:56:40 | 000,187,904 | ---- | M] ()
dwm.exe -> C:\Users\Scott\AppData\Roaming\dwm.exe -> [2011/07/20 18:10:40 | 000,180,736 | ---- | M] ()
conhost.exe -> C:\Users\Scott\AppData\Roaming\Microsoft\conhost.exe -> [2011/07/20 18:09:57 | 000,169,472 | ---- | M] ()
servetome.exe -> C:\Program Files (x86)\ServeToMe\Contents\Windows\ServeToMe.exe -> [2011/03/18 23:15:20 | 000,850,648 | ---- | M] ()
mcmscsvc.exe -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.)
memeodashboard.exe -> C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe -> [2010/04/30 09:47:00 | 000,069,896 | ---- | M] (Memeo)
seagatedashboardservice.exe -> C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -> [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo)
instantbackup.exe -> C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe -> [2010/04/22 19:33:00 | 000,323,808 | ---- | M] ()
toaster.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe -> [2010/03/25 17:08:06 | 001,573,376 | ---- | M] (SoftThinks - Dell)
sftservice.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -> [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks)
mcsysmon.exe -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.)
mcagent.exe -> C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
alienfxhook32mngr.exe -> C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe -> [2009/10/05 15:36:04 | 000,013,624 | ---- | M] (Alienware)
alienwarealienfxcontroller.exe -> C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe -> [2009/10/05 15:35:52 | 000,058,696 | ---- | M] (Alienware Corporation)
ctaudsvc.exe -> C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -> [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd)
xenotray.exe -> C:\Program Files (x86)\Bigfoot Networks\Xeno Suite\XenoTray.exe -> [2009/08/05 13:29:08 | 000,696,320 | ---- | M] (Bigfoot Networks, Inc.)
gamedetectservice.exe -> C:\Program Files (x86)\Bigfoot Networks\Xeno Suite\GameDetectService.exe -> [2009/08/05 13:26:40 | 000,212,480 | ---- | M] ()
perftuneservice.exe -> C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -> [2009/07/27 15:19:12 | 000,030,944 | ---- | M] (Intel Corporation)
mcproxy.exe -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
iaantmon.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
nbservice.exe -> C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -> [2009/05/15 08:35:52 | 000,935,208 | ---- | M] (Nero AG)
brs.exe -> C:\Program Files (x86)\CyberLink\Shared Files\brs.exe -> [2009/04/29 02:50:26 | 000,075,048 | ---- | M] (cyberlink)
pdvd8serv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe -> [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.)
ewidoguard.exe -> C:\Program Files (x86)\ewido\security suite\ewidoguard.exe -> [2005/07/19 12:37:52 | 000,163,904 | ---- | M] (ewido networks)
spybotsd.exe -> E:\Utilities\Antispyware\SPYBOT\SPYBOT_SD_1.4_WITHOUT_INSTALLING\SpybotSD.exe -> [2005/05/31 01:04:00 | 004,393,096 | ---- | M] (Safer Networking Limited)
ewidoctrl.exe -> C:\Program Files (x86)\ewido\security suite\ewidoctrl.exe -> [2004/11/11 18:53:03 | 000,016,448 | ---- | M] (ewido networks)

[Modules - Safe List]
otl.exe -> C:\Users\Scott\Desktop\Anti Malware tools\OTL.exe -> [2011/07/23 10:12:28 | 000,645,120 | ---- | M] (OldTimer Tools)
sahook.dll -> c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll -> [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.)
alienfxhook.dll -> C:\Program Files\Alienware\Command Center\AlienFXHook.dll -> [2009/10/05 15:36:42 | 000,015,656 | ---- | M] (Alienware Corp.)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)
msvcr90.dll -> C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll -> [2009/06/10 16:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
64bit-(McShield) [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/11/04 17:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.)
64bit-(McODS) [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/10/28 12:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.)
64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009/08/27 02:56:26 | 000,202,752 | ---- | M] (AMD)
64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(AERTFilters) [Auto | Running] -> C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -> [2009/06/03 18:56:06 | 000,092,160 | ---- | M] (Andrea Electronics Corporation)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -> [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.)
(Creative Audio Engine Licensing Service) Creative Audio Engine Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -> [2010/07/24 15:03:33 | 000,079,360 | ---- | M] (Creative Labs)
(Creative ALchemy AL6 Licensing Service) Creative ALchemy AL6 Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -> [2010/07/24 15:03:21 | 000,079,360 | ---- | M] (Creative Labs)
(mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.)
(SeagateDashboardService) Seagate Dashboard Service [Auto | Running] -> C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -> [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo)
(MemeoBackgroundService) MemeoBackgroundService [Auto | Running] -> C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -> [2010/04/22 19:33:04 | 000,025,824 | ---- | M] (Memeo)
(SftService) SoftThinks Agent Service [Auto | Running] -> C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -> [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks)
(McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
(HPSLPSVC) HP Network Devices Support [Auto | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -> [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.)
(CTAudSvcService) Creative Audio Service [Auto | Running] -> C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -> [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd)
(GameDetect) GameDetect [Auto | Running] -> C:\Program Files (x86)\Bigfoot Networks\Xeno Suite\GameDetectService.exe -> [2009/08/05 13:26:40 | 000,212,480 | ---- | M] ()
(XTUService) Intel® Extreme Tuning Utility [Auto | Running] -> C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -> [2009/07/27 15:19:12 | 000,030,944 | ---- | M] (Intel Corporation)
(Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation)
(McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(IAANTMON) Intel® Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
(Nero BackItUp Scheduler 4.0) Nero BackItUp Scheduler 4.0 [Auto | Running] -> C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -> [2009/05/15 08:35:52 | 000,935,208 | ---- | M] (Nero AG)
(wampmysqld) wampmysqld [On_Demand | Stopped] -> c:\wamp\mysql\bin\mysqld-nt.exe -> [2007/07/06 14:14:02 | 005,730,304 | ---- | M] ()
(wampapache) wampapache [On_Demand | Stopped] -> c:\wamp\apache2\bin\httpd.exe -> [2007/01/10 01:17:24 | 000,020,539 | ---- | M] (Apache Software Foundation)
(ewido security suite guard) ewido security suite guard [Disabled | Stopped] -> C:\Program Files (x86)\ewido\security suite\ewidoguard.exe -> [2005/07/19 12:37:52 | 000,163,904 | ---- | M] (ewido networks)
(ewido security suite control) ewido security suite control [Auto | Running] -> C:\Program Files (x86)\ewido\security suite\ewidoctrl.exe -> [2004/11/11 18:53:03 | 000,016,448 | ---- | M] (ewido networks)

[Driver Services - Safe List]
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.)
64bit-(AWOPFilterDriver) AWOPFilterDriver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -> [2010/09/02 01:12:22 | 000,019,464 | ---- | M] ()
64bit-(MPFP) MPFP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\Mpfp.sys -> [2010/07/15 15:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.)
64bit-(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mfehidk.sys -> [2009/11/04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.)
64bit-(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfeavfk.sys -> [2009/11/04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.)
64bit-(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfesmfk.sys -> [2009/11/04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.)
64bit-(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mferkdk.sys -> [2009/11/04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.)
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2009/08/27 05:13:06 | 006,203,392 | ---- | M] (ATI Technologies Inc.)
64bit-(AtiHdmiService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtiHdmi.sys -> [2009/08/23 13:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.)
64bit-(WRfiltv) WRfiltv [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WRfiltv.sys -> [2009/07/31 11:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.)
64bit-(SI3132) SiI-3132 SATALink Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SI3132.sys -> [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc)
64bit-(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SiWinAcc.sys -> [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc)
64bit-(SiRemFil) SATALink External Device Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SiRemFil.sys -> [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(k57nd60a) Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\k57nd60a.sys -> [2009/07/06 14:08:10 | 000,317,480 | ---- | M] (Broadcom Corporation)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009/06/24 18:22:48 | 000,408,600 | ---- | M] (Intel Corporation)
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 15:38:56 | 000,000,308 | ---- | M] ()
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(Xeno7x64) Killer Xeno Gaming Adapter Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Xeno7x64.sys -> [2009/06/02 18:24:46 | 000,131,096 | ---- | M] (Bigfoot Networks, Inc.)
64bit-(Edge7x64) Killer Xeno NDIS-Edge Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Edge7x64.sys -> [2009/06/02 18:24:46 | 000,027,672 | ---- | M] (Bigfoot Networks, Inc.)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.)
64bit-(smbusp) Intel® SMBus 2.0 Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\intelsmb.sys -> [2009/05/13 16:31:02 | 000,063,616 | ---- | M] (Intel Corporation)
64bit-(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LMouFilt.Sys -> [2009/04/22 18:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.)
64bit-(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LHidFilt.Sys -> [2009/04/22 18:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.)
64bit-(WimFltr) WimFltr [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WimFltr.sys -> [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation)
(IOCBIOS) IOCBIOS [Kernel | Auto | Running] -> C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -> [2009/07/09 11:53:00 | 000,027,096 | ---- | M] (Intel Corporation)
({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) Power Control [2009/11/20 18:08:09] [Kernel | Auto | Running] -> c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -> [2009/04/16 00:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.)
(ewido security suite driver) ewido security suite driver [Kernel | System | Stopped] -> C:\Program Files (x86)\ewido\security suite\guard.sys -> [2004/11/22 09:15:15 | 000,003,072 | ---- | M] ()

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{7b13ec3e-999a-4b70-b9cb-2617b8323822}" [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{aac4043a-8832-4abe-9963-35377f30b8e6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://www.alienware.com/ ->
HKEY_CURRENT_USER\: Main\\"Default_Secondary_Page_URL" -> http://support.alienware.com [binary data] ->
HKEY_CURRENT_USER\: Main\\"Secondary Start Pages" -> [Binary data over 100 bytes] ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.alienware.com/ ->
64bit-HKEY_CURRENT_USER\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,309,096 | ---- | M] (McAfee, Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,251,928 | ---- | M] (McAfee, Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{aac4043a-8832-4abe-9963-35377f30b8e6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local;<local> ->
HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:61273 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Scott\AppData\Roaming\Mozilla\FireFox\Profiles\ustkuvl3.default\prefs.js ->
extensions.enabledItems -> [email protected]:1.5.4 ->
extensions.enabledItems -> [email protected]:4.51 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 ->
network.proxy.http -> "127.0.0.1" ->
network.proxy.http_port -> 61273 ->
network.proxy.type -> 1 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\HP\Digital Imaging\smart web printing\MozillaAddOn3 [C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/03/24 21:45:30 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files (x86)\McAfee\SiteAdvisor [C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR] -> [2011/05/25 17:23:54 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/12 00:10:09 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2011/05/12 00:10:09 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Scott\AppData\Roaming\Mozilla\Extensions -> [2010/01/20 15:19:01 | 000,000,000 | ---D | M]
-> C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ustkuvl3.default\extensions -> [2011/05/26 05:37:37 | 000,000,000 | ---D | M]
-> C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ustkuvl3.default\extensions\[email protected] -> [2010/05/06 19:51:07 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/01/20 15:18:47 | 000,000,000 | ---D | M]
HP Smart Web Printing -> C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 -> [2010/03/24 21:45:30 | 000,000,000 | ---D | M]
McAfee SiteAdvisor -> C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR -> [2011/05/25 17:23:54 | 000,000,000 | ---D | M]
Firebug -> C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\USTKUVL3.DEFAULT\EXTENSIONS\[email protected] -> [2010/05/06 19:51:07 | 000,000,000 | ---D | M]
< FireFox Components [Program Folders] > ->
< HOSTS File > ([2009/06/10 16:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/11/04 17:47:38 | 000,060,224 | ---- | M] (McAfee, Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2011/04/08 15:37:58 | 000,309,096 | ---- | M] (McAfee, Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 05:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7b13ec3e-999a-4b70-b9cb-2617b8323822} [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/11/04 17:53:42 | 000,062,784 | ---- | M] (McAfee, Inc.)
{aac4043a-8832-4abe-9963-35377f30b8e6} [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2011/04/08 15:37:58 | 000,251,928 | ---- | M] (McAfee, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 05:47:42 | 000,160,496 | ---- | M] (Yahoo! Inc)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,309,096 | ---- | M] (McAfee, Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,251,928 | ---- | M] (McAfee, Inc.)
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}" [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
"{aac4043a-8832-4abe-9963-35377f30b8e6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 05:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{7B13EC3E-999A-4B70-B9CB-2617B8323822}" [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{AAC4043A-8832-4ABE-9963-35377F30B8E6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"AlienFX Controller" -> C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe ["C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"] -> [2009/10/05 15:35:52 | 000,058,696 | ---- | M] (Alienware Corporation)
"IAAnotif" -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
"Kernel and Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2009/04/22 18:09:36 | 000,130,576 | ---- | M] (Logitech, Inc.)
"Launch Keyboard CI" -> c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe ["c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe" /SHOWHIDE] -> [2009/05/28 11:42:12 | 003,438,088 | ---- | M] (Alienware)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/06/03 18:56:08 | 007,833,120 | ---- | M] (Realtek Semiconductor)
"Skytel" -> [C:\Program Files\Realtek\Audio\HDA\Skytel.exe] -> File not found
"Thermal Controller" -> C:\Program Files\Alienware\Command Center\ThermalController.exe ["C:\Program Files\Alienware\Command Center\ThermalController.exe" /auto] -> [2009/10/05 15:34:12 | 000,166,200 | ---- | M] (Alienware Corp.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BDRegion" -> c:\Program Files (x86)\CyberLink\Shared Files\brs.exe [c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe] -> [2009/04/29 02:50:26 | 000,075,048 | ---- | M] (cyberlink)
"conhost" -> C:\Users\Scott\AppData\Roaming\Microsoft\conhost.exe [C:\Users\Scott\AppData\Roaming\Microsoft\conhost.exe] -> [2011/07/20 18:09:57 | 000,169,472 | ---- | M] ()
"mcagent_exe" -> C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe ["C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
"McENUI" -> C:\Program Files (x86)\McAfee\MHN\McENUI.exe [C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide] -> [2009/07/07 22:02:26 | 001,176,808 | ---- | M] (McAfee, Inc.)
"Memeo AutoSync" -> C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent] -> [2010/04/16 16:43:12 | 000,144,608 | ---- | M] (Memeo Inc.)
"Memeo Instant Backup" -> C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui] -> [2010/04/22 19:33:08 | 000,136,416 | ---- | M] (Memeo Inc.)
"Memeo Send" -> C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe [C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent] -> [2010/07/20 13:18:14 | 000,236,816 | ---- | M] ()
"PDVD8LanguageShortcut" -> c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ["c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"] -> [2009/04/16 00:54:44 | 000,050,472 | ---- | M] (CyberLink Corp.)
"RemoteControl8" -> c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ["c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"] -> [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.)
"Seagate Dashboard" -> C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui] -> [2010/04/30 09:47:02 | 000,079,112 | ---- | M] ()
"StartCCC" -> c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2009/08/26 23:18:10 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.)
< 64bit-RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"DSUpdateLauncher" -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"] -> [2009/09/17 14:14:00 | 000,018,160 | ---- | M] (Dell)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"" -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] -> [2011/03/21 20:29:26 | 000,560,128 | ---- | M] (Dell)
"STToasterLauncher" -> C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe [C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe] -> [2010/02/11 12:53:00 | 000,120,128 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Messenger (Yahoo!)" -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/06/20 04:03:56 | 004,351,216 | ---- | M] (Yahoo! Inc.)
< 64bit-WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
64bit-*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\Users\Scott\AppData\Local\Temp\csrss.exe -> C:\Users\Scott\AppData\Local\Temp\csrss.exe -> [2011/07/21 22:56:40 | 000,187,904 | ---- | M] ()
*MultiFile Done* -> ->
< WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\Users\Scott\AppData\Local\Temp\csrss.exe -> C:\Users\Scott\AppData\Local\Temp\csrss.exe -> [2011/07/21 22:56:40 | 000,187,904 | ---- | M] ()
*MultiFile Done* -> ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [0] -> File not found
\\"ConsentPromptBehaviorUser" -> [3] -> File not found
\\"EnableLUA" -> [0] -> File not found
\\"PromptOnSecureDesktop" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1093 domain(s) found. ->
bhc.edu .[*] -> Trusted sites ->
bhc-blackboard_bhc.edu [http] -> Trusted sites ->
myblackhawk_bhc.edu [*] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. ->
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29} [HKLM] -> http://ccfiles.creat...15112/CTPID.cab [Creative Software AutoUpdate Support Package] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{A27FB204-6BE9-41E7-A300-520520548425}\\DhcpNameServer -> 192.168.0.1 (Killer Xeno NDIS EDGE Interface) ->
{B8B51C96-3A70-48E6-ABD0-BC7931CAA9E5}\\DhcpNameServer -> 0.0.0.0 (Broadcom NetLink ™ Gigabit Ethernet) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 20:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}" [HKLM] -> C:\Program Files (x86)\ewido\security suite\shellhook.dll [ewido shell guard] -> [2004/09/30 07:21:56 | 000,039,488 | ---- | M] ()
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{071B04E4-944F-4415-823E-60D618CBB01C} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{151113F4-5DE8-4F21-B5EF-6A27827BE700} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{1E2D72EB-E090-4713-85A6-04435A8BF97A} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{260F2480-A942-4D15-A6AE-93C377F882AC} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system |
{301C970B-A4E5-4C96-AD67-CAB1A98A430F} -> lport=2799 | protocol=6 | dir=in | action=allow | name=altova license metering port (tcp) |
{4B7B051D-22D1-4498-9BFD-4A726F6B96BB} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{5887A8F1-2659-488E-BEF4-EAE397BBE101} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system |
{642603CD-696E-44C2-829B-5E76C9300A0C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{6D775462-D8E6-4E00-866F-562C840BF0E7} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system |
{88EB936C-092F-4C69-B156-86FD31CD2FE0} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system |
{8E337BDD-06E7-4574-B0FB-7994AC26144C} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system |
{9D882D52-9344-4CD3-9FBC-9C3C6FDE2FDC} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system |
{A9185B5D-D823-4CBB-8179-9935FDDB55EC} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{BB70B83B-9FF9-443C-82AF-1F73D2DB4CF5} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss |
{D321AAD2-9121-465C-95B7-DF826D40861A} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{E06F23C9-697C-47C7-8A8A-774BD06B3398} -> lport=2799 | protocol=17 | dir=in | action=allow | name=altova license metering port (udp) |
{E1BEC105-9743-444B-8265-7F5A5CC94271} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{E5799705-CC3D-42CA-AFBC-E2FA12D6CB6E} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system |
{FFE76941-3203-40D6-9CCE-301B5C9A83A2} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{0122D654-819B-4B6B-B064-2651BB459B36} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
{055541AA-09A6-4D55-AEC6-E6C656E184FA} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
{056A375C-4F94-46BE-810B-7A365B26BE00} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
{0F0D95DB-4BBC-41E8-8F65-D562F1A35971} -> dir=in | action=allow | name=hpqgpc01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
{11639C76-D698-4018-B6F6-3BE5811C1A78} -> dir=in | action=allow | name=hpqsudi.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
{135EA6E5-927F-450B-8105-DF9559D3E424} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 |
{16EBDDBB-289A-4EF5-8537-2753BBA14CA5} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{1837CEF6-48DE-403F-869D-B4A36F07ACFF} -> profile=public | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe |
{19FCEE21-BD63-48C8-A950-7EA7825DA183} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{248C770E-A5E6-436C-93D3-9AFC4120476E} -> dir=in | action=allow | name=hpqusgm.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
{29A74F12-FE43-42E0-8C2F-D7C94A03B8AD} -> dir=in | action=allow | name=hpiscnapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
{315C880A-445C-499B-A6AE-6CFE63019165} -> profile=private | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{346AF33A-CAF2-4126-932A-399D71892850} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{392670AC-B829-40FC-9826-E89EB0FFE9B0} -> profile=domain | dir=in | action=allow | name=mcafee network agent | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
{3AC88A92-96D8-47F0-8384-30D4807731F2} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{40F86E82-54A2-4AEF-9DB8-7CB91BAB928A} -> dir=in | action=allow | name=hpqcopy2.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
{49F8175A-ABA0-4EE5-AA1E-F6C8516073BF} -> profile=private | protocol=6 | dir=in | action=allow | name=vmcmoteserver | app=c:\program files (x86)\vmcmoteserver\server\vmcmoteserver.exe |
{4A8B1F34-F3F3-4E72-A1A9-5A68C7406273} -> profile=public | protocol=6 | dir=out | action=allow | name=windows media player x86 (tcp-out) | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{4C438A41-E634-4408-994A-FB2BB57A3EB5} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe |
{4E2B42B9-E800-4903-BA55-C22A09760F3B} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{50D03786-ABC5-4E1C-81BD-A1CCCFBDCE39} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{52AE588D-2B92-49F6-99C8-C48686BAFC57} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe |
{54D53793-AB74-4020-A1C3-96E3B74DE4C4} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{56289E5F-0352-44E2-B80B-0B49CF882E05} -> profile=public | protocol=17 | dir=out | action=allow | name=windows media player x86 (udp-out) | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{58856C85-665C-4B32-9F54-F508160AA481} -> profile=private | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
{5C35E40A-776A-4C31-9F96-61BC33E79121} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{60A1DC02-E22D-4AA0-A3E3-6660FA115AC4} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{61FBC0B3-B1C5-4201-AF15-82F072BC292A} -> dir=in | action=allow | name=hpfccopy.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
{643A6C07-ECA9-4B8E-A933-0BE50F740F7D} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
{69CBC21A-73AA-4313-A6FB-D1ABA3138BAF} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
{6BBBC53F-598D-446E-9618-ECF76D03B45E} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
{765F769C-9994-4C4F-944D-50288B4B4543} -> dir=in | action=allow | name=hpqpsapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
{78A583E8-6533-433F-AB10-11127D95CB22} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe |
{7D02CA3F-69C2-4EEF-88CF-F818B05822F1} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 |
{7E2FEAFB-0C96-49E3-8A77-F7A8C16EFFC1} -> dir=in | action=allow | name=hpqnrs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
{81B5A6F4-60C8-4107-9FE1-15BF534C2736} -> dir=in | action=allow | name=hposfx08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
{8681D88E-5C8A-408A-A6BE-55A084DBA41A} -> profile=private | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
{9617449E-1F18-4FC4-ACB3-EE40CBE3AA8E} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{96488AD5-A887-43AF-81B4-7F18B43B3644} -> dir=in | action=allow | name=hpzwiz01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
{9C1BE57C-D6D0-4492-828D-9CB2522122E4} -> dir=in | action=allow | name=hpqste08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
{9CE70AF8-CE8E-4C50-A274-449B4218E1E9} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 |
{9D3544D0-1B4D-437E-BCAD-4F2C995B1C62} -> dir=in | action=allow | name=cyberlink powerdvd 8.0 | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
{9D777A19-17DD-48D6-98C5-B7F521CE86B1} -> dir=in | action=allow | name=smartwebprintexe.exe | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
{9EEC82BB-D416-483E-AF46-84CA50F79545} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
{A155485D-7169-467F-82B7-C2AB52380ECE} -> dir=in | action=allow | name=hpqgplgtupl.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
{AD748F72-E4D0-4D99-A198-15E0884519D6} -> dir=in | action=allow | name=hposid01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
{B4246AB6-7488-4779-8B7E-7AF2D4A4A958} -> dir=in | action=allow | name=hpoews01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
{BEEDF1D8-FD61-48E1-B2B6-84F160A3047B} -> profile=private | protocol=17 | dir=in | action=allow | name=vmcmoteserver | app=c:\program files (x86)\vmcmoteserver\server\vmcmoteserver.exe |
{C223FD2C-FBF8-45ED-BB78-ADA3414620F3} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
{C591AC26-E1EC-4641-9E16-8759713A23A7} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{C975D7E8-93FF-4CB4-8DF3-C04DA91F3AE3} -> dir=in | action=allow | name=hpqfxt08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
{CC19CF33-1B1E-4C26-9630-792FFC920F4E} -> dir=in | action=allow | name=hpofxs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
{CD70C7F8-08C9-4086-9CC9-992235322E16} -> dir=in | action=allow | name=hpqkygrp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
{D40673DD-413B-4D92-921C-1FA907E7E2F8} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
{D43D2E75-E1B0-4AC0-B582-D9B153F8CD1B} -> dir=in | action=allow | name=hpqpse.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
{D6B3DCD3-6892-486F-A730-CBCE34B15C93} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 |
{DBEDE7CE-D5D5-4B19-BA0E-63DA968464C4} -> profile=public | protocol=17 | dir=in | action=allow | name=windows media player (udp-in) | app=%programfiles%\windows media player\wmplayer.exe |
{DFF7CE1A-7223-483F-B683-799C483819AC} -> dir=in | action=allow | name=hpwucli.exe | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
{E04EF51D-2980-4D28-9734-9BCC089BD710} -> profile=public | protocol=17 | dir=in | action=allow | name=windows media player x86 (udp-in) | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{E05E65AA-1A50-4DDE-A377-C1E854A56680} -> profile=public | protocol=17 | dir=out | action=allow | name=windows media player (udp-out) | app=%programfiles%\windows media player\wmplayer.exe |
{E69FCD62-209A-452B-AB61-E4B8AAFFA8BB} -> dir=in | action=allow | name=hpqphotocrm.exe | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
{EB0A870D-166C-47B5-B0DD-893B7D4AB61D} -> profile=public | protocol=6 | dir=out | action=allow | name=windows media player (tcp-out) | app=%programfiles%\windows media player\wmplayer.exe |
{EBEBFBE9-7AA6-4DED-8A4D-FFBB93198AA9} -> dir=in | action=allow | name=hpofxm08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
{EC99612D-F294-4BC5-B7A9-4D8D8EF44E70} -> profile=public | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe |
{ED4B233B-B6FF-45BC-8A7C-953A7170AA04} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{F1A94004-7C8F-4471-A0F9-99B420869485} -> dir=in | action=allow | name=hpqtra08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
{F4536311-4F85-4547-8A61-C941988C2E9B} -> profile=private | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{F4C908EE-8EC6-48E0-99CB-BD64A7294A96} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
{F688C2E2-E7D6-411D-B7CC-AA6B148691DD} -> dir=in | action=allow | name=hpqusgh.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
{FC588ADD-DDB9-46DF-9B85-F2E645A3DE24} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{FD98E274-4989-4E95-B705-A4099A33998B} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
TCP Query User{D91E7856-A5F6-48E7-9FB1-5044E8303BD0}C:\users\public\games\world of warcraft\launcher.exe -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=c:\users\public\games\world of warcraft\launcher.exe |
UDP Query User{5509DE69-CCBC-4ADE-830F-466C0FD1981C}C:\users\public\games\world of warcraft\launcher.exe -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=c:\users\public\games\world of warcraft\launcher.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2011/07/23 10:08:20 | 000,000,000 | ---D | C]
ewido -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ewido -> [2011/07/23 09:59:28 | 000,000,000 | ---D | C]
ewido -> C:\Program Files (x86)\ewido -> [2011/07/23 09:59:26 | 000,000,000 | ---D | C]
Lavasoft -> C:\Users\Scott\AppData\Roaming\Lavasoft -> [2011/07/23 09:58:45 | 000,000,000 | ---D | C]
CyberLink PowerDVD 8 -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 -> [2011/07/23 09:56:59 | 000,000,000 | R--D | C]
Anti Malware tools -> C:\Users\Scott\Desktop\Anti Malware tools -> [2011/07/23 09:44:06 | 000,000,000 | ---D | C]
Ventrilo -> C:\Users\Scott\AppData\Roaming\Ventrilo -> [2011/07/22 20:33:08 | 000,000,000 | ---D | C]
Ventrilo -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo -> [2011/07/22 20:32:38 | 000,000,000 | ---D | C]
Ventrilo -> C:\Program Files\Ventrilo -> [2011/07/22 20:32:36 | 000,000,000 | ---D | C]
Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2011/07/22 20:32:13 | 000,000,000 | ---D | C]
iTunes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes -> [2011/07/21 00:04:32 | 000,000,000 | ---D | C]
iPod -> C:\Program Files\iPod -> [2011/07/21 00:03:45 | 000,000,000 | ---D | C]
iTunes -> C:\Program Files\iTunes -> [2011/07/21 00:03:44 | 000,000,000 | ---D | C]
Bonjour -> C:\Program Files\Bonjour -> [2011/07/21 00:02:04 | 000,000,000 | ---D | C]
Bonjour -> C:\Program Files (x86)\Bonjour -> [2011/07/21 00:02:04 | 000,000,000 | ---D | C]
dns-sd.exe -> C:\Windows\SysNative\dns-sd.exe -> [2011/07/12 11:34:00 | 000,096,104 | ---- | C] (Apple Inc.)
dnssd.dll -> C:\Windows\SysNative\dnssd.dll -> [2011/07/12 11:34:00 | 000,085,864 | ---- | C] (Apple Inc.)
dns-sd.exe -> C:\Windows\SysWow64\dns-sd.exe -> [2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.)
dnssd.dll -> C:\Windows\SysWow64\dnssd.dll -> [2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.)
Updates -> C:\Windows\SysWow64\Updates -> [2011/07/08 19:03:07 | 000,000,000 | ---D | C]
Data -> C:\Windows\SysWow64\Data -> [2011/07/08 19:03:01 | 000,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/23 10:04:42 | 000,014,016 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/23 10:04:42 | 000,014,016 | -H-- | M] ()
ewido security suite.lnk -> C:\Users\Public\Desktop\ewido security suite.lnk -> [2011/07/23 09:59:28 | 000,001,092 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2011/07/23 09:56:37 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/07/23 09:56:33 | 529,780,735 | -HS- | M] ()
Config.MPF -> C:\Windows\SysNative\Config.MPF -> [2011/07/23 09:50:47 | 000,014,636 | ---- | M] ()
OTL.exe -> C:\OTL.exe -> [2011/07/23 09:44:23 | 000,085,543 | ---- | M] ()
B50C.5FC -> C:\Users\Scott\AppData\Roaming\B50C.5FC -> [2011/07/22 21:26:02 | 000,020,611 | ---- | M] ()
World of Warcraft.lnk -> C:\Users\Public\Desktop\World of Warcraft.lnk -> [2011/07/22 20:55:04 | 000,001,064 | ---- | M] ()
menu.new -> C:\ProgramData\menu.new -> [2011/07/22 20:44:12 | 000,000,166 | ---- | M] ()
menu.bfm -> C:\ProgramData\menu.bfm -> [2011/07/22 20:44:12 | 000,000,166 | ---- | M] ()
Ventrilo.lnk -> C:\Users\Scott\Desktop\Ventrilo.lnk -> [2011/07/22 20:32:38 | 000,000,919 | ---- | M] ()
{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> [2011/07/22 20:32:38 | 000,000,262 | ---- | M] ()
Apple Safari.lnk -> C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2011/07/21 00:06:12 | 000,002,515 | ---- | M] ()
Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2011/07/21 00:06:12 | 000,002,491 | ---- | M] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/07/21 00:04:32 | 000,001,745 | ---- | M] ()
dwm.exe -> C:\Users\Scott\AppData\Roaming\dwm.exe -> [2011/07/20 18:10:40 | 000,180,736 | ---- | M] ()
dns-sd.exe -> C:\Windows\SysNative\dns-sd.exe -> [2011/07/12 11:34:00 | 000,096,104 | ---- | M] (Apple Inc.)
dnssd.dll -> C:\Windows\SysNative\dnssd.dll -> [2011/07/12 11:34:00 | 000,085,864 | ---- | M] (Apple Inc.)
dns-sd.exe -> C:\Windows\SysWow64\dns-sd.exe -> [2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.)
dnssd.dll -> C:\Windows\SysWow64\dnssd.dll -> [2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.)
McQcTask.job -> C:\Windows\tasks\McQcTask.job -> [2011/07/01 01:00:31 | 000,000,318 | ---- | M] ()
260 C:\Users\Scott\AppData\Local\Temp\*.tmp files -> C:\Users\Scott\AppData\Local\Temp\*.tmp ->

[Files - No Company Name]
ewido security suite.lnk -> C:\Users\Public\Desktop\ewido security suite.lnk -> [2011/07/23 09:59:28 | 000,001,092 | ---- | C] ()
OTL.exe -> C:\OTL.exe -> [2011/07/23 09:53:10 | 000,085,543 | ---- | C] ()
menu.new -> C:\ProgramData\menu.new -> [2011/07/22 20:44:12 | 000,000,166 | ---- | C] ()
menu.bfm -> C:\ProgramData\menu.bfm -> [2011/07/22 20:44:12 | 000,000,166 | ---- | C] ()
Ventrilo.lnk -> C:\Users\Scott\Desktop\Ventrilo.lnk -> [2011/07/22 20:32:38 | 000,000,919 | ---- | C] ()
{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> [2011/07/22 20:32:34 | 000,000,262 | ---- | C] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/07/21 00:04:32 | 000,001,745 | ---- | C] ()
dwm.exe -> C:\Users\Scott\AppData\Roaming\dwm.exe -> [2011/07/05 21:04:27 | 000,180,736 | ---- | C] ()
B50C.5FC -> C:\Users\Scott\AppData\Roaming\B50C.5FC -> [2011/07/05 21:04:07 | 000,020,611 | ---- | C] ()
servetome-fonts.conf -> C:\Users\Scott\AppData\Roaming\servetome-fonts.conf -> [2011/05/07 01:45:32 | 000,005,259 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010/12/08 09:52:44 | 000,730,638 | ---- | C] ()
resmon.resmoncfg -> C:\Users\Scott\AppData\Local\resmon.resmoncfg -> [2010/09/19 22:49:51 | 000,000,017 | ---- | C] ()
WRcfg.ini -> C:\Windows\WRcfg.ini -> [2010/07/24 15:03:38 | 000,001,801 | ---- | C] ()
WRMCcfg.ini -> C:\Windows\WRMCcfg.ini -> [2010/07/24 15:03:38 | 000,000,388 | ---- | C] ()
hpomdl19.dat.temp -> C:\Windows\hpomdl19.dat.temp -> [2010/03/24 22:02:44 | 000,013,898 | ---- | C] ()
hpoins19.dat -> C:\Windows\hpoins19.dat -> [2010/03/24 21:42:20 | 000,221,430 | ---- | C] ()
hpomdl19.dat -> C:\Windows\hpomdl19.dat -> [2010/03/24 21:42:20 | 000,013,898 | ---- | C] ()
nsreg.dat -> C:\Windows\nsreg.dat -> [2010/01/20 15:18:57 | 000,000,000 | ---- | C] ()
phpdesigner2007pe.xml -> C:\Users\Scott\AppData\Roaming\phpdesigner2007pe.xml -> [2010/01/06 20:46:04 | 000,013,280 | ---- | C] ()
APOMngr.DLL -> C:\Windows\SysWow64\APOMngr.DLL -> [2009/11/20 20:18:36 | 000,176,128 | ---- | C] ()
CmdRtr.DLL -> C:\Windows\SysWow64\CmdRtr.DLL -> [2009/11/20 20:18:36 | 000,073,728 | ---- | C] ()
ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2009/11/20 20:18:15 | 000,000,000 | ---- | C] ()
CCBiosSupportAPI.dll -> C:\Windows\SysWow64\CCBiosSupportAPI.dll -> [2009/09/25 15:50:00 | 000,097,584 | ---- | C] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 00:38:36 | 000,067,584 | --S- | C] ()
NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 21:35:51 | 000,000,741 | ---- | C] ()
dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 21:34:42 | 000,215,943 | ---- | C] ()
mib.bin -> C:\Windows\mib.bin -> [2009/07/13 19:10:29 | 000,043,131 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] ()
mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 16:26:10 | 000,673,088 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] ()
AgCPanelSwedish.dll -> C:\Windows\SysWow64\AgCPanelSwedish.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] ()
AgCPanelSpanish.dll -> C:\Windows\SysWow64\AgCPanelSpanish.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelPortugese.dll -> C:\Windows\SysWow64\AgCPanelPortugese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelKorean.dll -> C:\Windows\SysWow64\AgCPanelKorean.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelJapanese.dll -> C:\Windows\SysWow64\AgCPanelJapanese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelGerman.dll -> C:\Windows\SysWow64\AgCPanelGerman.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelFrench.dll -> C:\Windows\SysWow64\AgCPanelFrench.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
< End of report >




thanks for any help!!!!

Edited by Essexboy, 23 July 2011 - 01:53 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can resolve this for you
On completion of these runs can you let me know how the computer is behaving

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Processes - Safe List]
YY -> csrss.exe -> C:\Users\Scott\AppData\Local\Temp\csrss.exe
YY -> dwm.exe -> C:\Users\Scott\AppData\Roaming\dwm.exe
YY -> conhost.exe -> C:\Users\Scott\AppData\Roaming\Microsoft\conhost.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:61273
< FireFox Settings [Prefs.js] > -> C:\Users\Scott\AppData\Roaming\Mozilla\FireFox\Profiles\ustkuvl3.default\prefs.js
YN -> network.proxy.http -> "127.0.0.1"
YN -> network.proxy.http_port -> 61273
YN -> network.proxy.type -> 1
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "conhost" -> C:\Users\Scott\AppData\Roaming\Microsoft\conhost.exe [C:\Users\Scott\AppData\Roaming\Microsoft\conhost.exe]
< 64bit-WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
64bit-*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\Users\Scott\AppData\Local\Temp\csrss.exe -> C:\Users\Scott\AppData\Local\Temp\csrss.exe
< 64bit-WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
< WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\Users\Scott\AppData\Local\Temp\csrss.exe -> C:\Users\Scott\AppData\Local\Temp\csrss.exe
< WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
[Files/Folders - Created Within 30 Days]
NY -> Updates -> C:\Windows\SysWow64\Updates
NY -> Data -> C:\Windows\SysWow64\Data
[Files/Folders - Modified Within 30 Days]
NY -> menu.new -> C:\ProgramData\menu.new
NY -> menu.bfm -> C:\ProgramData\menu.bfm
NY -> dwm.exe -> C:\Users\Scott\AppData\Roaming\dwm.exe
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Czuma

Czuma

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
[Processes - Safe List]
[Modules - Safe List]
[Win32 Services - Safe List]
[Driver Services - Safe List]
[Registry - Safe List]
[Files/Folders - Created Within 30 Days]
File C:\ProgramData\Spybot - Search & Destroy -> [2011/07/23 10:08:20 | 000,000,000 | ---D | C] not found!
File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ewido -> [2011/07/23 09:59:28 | 000,000,000 | ---D | C] not found!
File C:\Program Files (x86)\ewido -> [2011/07/23 09:59:26 | 000,000,000 | ---D | C] not found!
File C:\Users\Scott\AppData\Roaming\Lavasoft -> [2011/07/23 09:58:45 | 000,000,000 | ---D | C] not found!
File C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 -> [2011/07/23 09:56:59 | 000,000,000 | R--D | C] not found!
File C:\Users\Scott\Desktop\Anti Malware tools -> [2011/07/23 09:44:06 | 000,000,000 | ---D | C] not found!
File C:\Users\Scott\AppData\Roaming\Ventrilo -> [2011/07/22 20:33:08 | 000,000,000 | ---D | C] not found!
File C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo -> [2011/07/22 20:32:38 | 000,000,000 | ---D | C] not found!
File C:\Program Files\Ventrilo -> [2011/07/22 20:32:36 | 000,000,000 | ---D | C] not found!
File C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2011/07/22 20:32:13 | 000,000,000 | ---D | C] not found!
File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes -> [2011/07/21 00:04:32 | 000,000,000 | ---D | C] not found!
File C:\Program Files\iPod -> [2011/07/21 00:03:45 | 000,000,000 | ---D | C] not found!
File C:\Program Files\iTunes -> [2011/07/21 00:03:44 | 000,000,000 | ---D | C] not found!
File C:\Program Files\Bonjour -> [2011/07/21 00:02:04 | 000,000,000 | ---D | C] not found!
File C:\Program Files (x86)\Bonjour -> [2011/07/21 00:02:04 | 000,000,000 | ---D | C] not found!
File C:\Windows\SysNative\dns-sd.exe -> [2011/07/12 11:34:00 | 000,096,104 | ---- | C] (Apple Inc.) not found!
File C:\Windows\SysNative\dnssd.dll -> [2011/07/12 11:34:00 | 000,085,864 | ---- | C] (Apple Inc.) not found!
File C:\Windows\SysWow64\dns-sd.exe -> [2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) not found!
File C:\Windows\SysWow64\dnssd.dll -> [2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) not found!
File C:\Windows\SysWow64\Updates -> [2011/07/08 19:03:07 | 000,000,000 | ---D | C] not found!
File C:\Windows\SysWow64\Data -> [2011/07/08 19:03:01 | 000,000,000 | ---D | C] not found!
File not found!
[Files/Folders - Modified Within 30 Days]
File C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/23 10:04:42 | 000,014,016 | -H-- | M] () not found!
File C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/23 10:04:42 | 000,014,016 | -H-- | M] () not found!
File C:\Users\Public\Desktop\ewido security suite.lnk -> [2011/07/23 09:59:28 | 000,001,092 | ---- | M] () not found!
File C:\Windows\bootstat.dat -> [2011/07/23 09:56:37 | 000,067,584 | --S- | M] () not found!
File C:\hiberfil.sys -> [2011/07/23 09:56:33 | 529,780,735 | -HS- | M] () not found!
File C:\Windows\SysNative\Config.MPF -> [2011/07/23 09:50:47 | 000,014,636 | ---- | M] () not found!
File C:\OTL.exe -> [2011/07/23 09:44:23 | 000,085,543 | ---- | M] () not found!
File C:\Users\Scott\AppData\Roaming\B50C.5FC -> [2011/07/22 21:26:02 | 000,020,611 | ---- | M] () not found!
File C:\Users\Public\Desktop\World of Warcraft.lnk -> [2011/07/22 20:55:04 | 000,001,064 | ---- | M] () not found!
File C:\ProgramData\menu.new -> [2011/07/22 20:44:12 | 000,000,166 | ---- | M] () not found!
File C:\ProgramData\menu.bfm -> [2011/07/22 20:44:12 | 000,000,166 | ---- | M] () not found!
File C:\Users\Scott\Desktop\Ventrilo.lnk -> [2011/07/22 20:32:38 | 000,000,919 | ---- | M] () not found!
File C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> [2011/07/22 20:32:38 | 000,000,262 | ---- | M] () not found!
File C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2011/07/21 00:06:12 | 000,002,515 | ---- | M] () not found!
File C:\Users\Public\Desktop\Safari.lnk -> [2011/07/21 00:06:12 | 000,002,491 | ---- | M] () not found!
File C:\Users\Public\Desktop\iTunes.lnk -> [2011/07/21 00:04:32 | 000,001,745 | ---- | M] () not found!
File C:\Users\Scott\AppData\Roaming\dwm.exe -> [2011/07/20 18:10:40 | 000,180,736 | ---- | M] () not found!
File C:\Windows\SysNative\dns-sd.exe -> [2011/07/12 11:34:00 | 000,096,104 | ---- | M] (Apple Inc.) not found!
File C:\Windows\SysNative\dnssd.dll -> [2011/07/12 11:34:00 | 000,085,864 | ---- | M] (Apple Inc.) not found!
File C:\Windows\SysWow64\dns-sd.exe -> [2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) not found!
File C:\Windows\SysWow64\dnssd.dll -> [2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) not found!
File C:\Windows\tasks\McQcTask.job -> [2011/07/01 01:00:31 | 000,000,318 | ---- | M] () not found!
File not found!
[Files - No Company Name]
File C:\Users\Public\Desktop\ewido security suite.lnk -> [2011/07/23 09:59:28 | 000,001,092 | ---- | C] () not found!
File C:\OTL.exe -> [2011/07/23 09:53:10 | 000,085,543 | ---- | C] () not found!
File C:\ProgramData\menu.new -> [2011/07/22 20:44:12 | 000,000,166 | ---- | C] () not found!
File C:\ProgramData\menu.bfm -> [2011/07/22 20:44:12 | 000,000,166 | ---- | C] () not found!
File C:\Users\Scott\Desktop\Ventrilo.lnk -> [2011/07/22 20:32:38 | 000,000,919 | ---- | C] () not found!
File C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> [2011/07/22 20:32:34 | 000,000,262 | ---- | C] () not found!
File C:\Users\Public\Desktop\iTunes.lnk -> [2011/07/21 00:04:32 | 000,001,745 | ---- | C] () not found!
File C:\Users\Scott\AppData\Roaming\dwm.exe -> [2011/07/05 21:04:27 | 000,180,736 | ---- | C] () not found!
File C:\Users\Scott\AppData\Roaming\B50C.5FC -> [2011/07/05 21:04:07 | 000,020,611 | ---- | C] () not found!
File C:\Users\Scott\AppData\Roaming\servetome-fonts.conf -> [2011/05/07 01:45:32 | 000,005,259 | ---- | C] () not found!
File C:\Windows\SysWow64\PerfStringBackup.INI -> [2010/12/08 09:52:44 | 000,730,638 | ---- | C] () not found!
File C:\Users\Scott\AppData\Local\resmon.resmoncfg -> [2010/09/19 22:49:51 | 000,000,017 | ---- | C] () not found!
File C:\Windows\WRcfg.ini -> [2010/07/24 15:03:38 | 000,001,801 | ---- | C] () not found!
File C:\Windows\WRMCcfg.ini -> [2010/07/24 15:03:38 | 000,000,388 | ---- | C] () not found!
File C:\Windows\hpomdl19.dat.temp -> [2010/03/24 22:02:44 | 000,013,898 | ---- | C] () not found!
File C:\Windows\hpoins19.dat -> [2010/03/24 21:42:20 | 000,221,430 | ---- | C] () not found!
File C:\Windows\hpomdl19.dat -> [2010/03/24 21:42:20 | 000,013,898 | ---- | C] () not found!
File C:\Windows\nsreg.dat -> [2010/01/20 15:18:57 | 000,000,000 | ---- | C] () not found!
File C:\Users\Scott\AppData\Roaming\phpdesigner2007pe.xml -> [2010/01/06 20:46:04 | 000,013,280 | ---- | C] () not found!
File C:\Windows\SysWow64\APOMngr.DLL -> [2009/11/20 20:18:36 | 000,176,128 | ---- | C] () not found!
File C:\Windows\SysWow64\CmdRtr.DLL -> [2009/11/20 20:18:36 | 000,073,728 | ---- | C] () not found!
File C:\Windows\ativpsrm.bin -> [2009/11/20 20:18:15 | 000,000,000 | ---- | C] () not found!
File C:\Windows\SysWow64\CCBiosSupportAPI.dll -> [2009/09/25 15:50:00 | 000,097,584 | ---- | C] () not found!
File C:\Windows\bootstat.dat -> [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () not found!
File C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () not found!
File C:\Windows\SysWow64\dssec.dat -> [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () not found!
File C:\Windows\mib.bin -> [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () not found!
File C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () not found!
File C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () not found!
File C:\Windows\SysWow64\mlang.dat -> [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () not found!
File C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] () not found!
File C:\Windows\SysWow64\AgCPanelSwedish.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] () not found!
File C:\Windows\SysWow64\AgCPanelSpanish.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] () not found!
File C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () not found!
File C:\Windows\SysWow64\AgCPanelPortugese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () not found!
File C:\Windows\SysWow64\AgCPanelKorean.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () not found!
File C:\Windows\SysWow64\AgCPanelJapanese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () not found!
File C:\Windows\SysWow64\AgCPanelGerman.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () not found!
File C:\Windows\SysWow64\AgCPanelFrench.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () not found!
File f report > not found!
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 07232011_104432





here is the log i am runing malware bytes now will post when malware bytes and the other app
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that you copied the script that I posted ? As the report bears no relationship to what I asked OTS to do
  • 0

#5
Czuma

Czuma

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ok this time when it ran it did not give me a text it said it needed to reboot so i did, priortr to that i did run malwawre bytes and it said i had some trojans removed them and had me rebooth prior to this reboot with OTS. I alran the avast app you had me runn it completed fine
i didnt have a log so i reran the OTS so here is the log of that



OTS logfile created on: 7/23/2011 12:04:33 PM - Run 2
OTS by OldTimer - Version 3.1.44.0 Folder = C:\Users\Scott\Desktop\Anti Malware tools
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 63.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.50 Gb Total Space | 338.87 Gb Free Space | 74.07% Space Free | Partition Type: NTFS
Drive D: | 2.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCOTT-ALIEN
Current User Name: Scott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Quick Scan

[Processes - Safe List]
otl.exe -> C:\Users\Scott\Desktop\Anti Malware tools\OTL.exe -> [2011/07/23 10:12:28 | 000,645,120 | ---- | M] (OldTimer Tools)
mbamgui.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe -> [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
mbamservice.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
servetome.exe -> C:\Program Files (x86)\ServeToMe\Contents\Windows\ServeToMe.exe -> [2011/03/18 23:15:20 | 000,850,648 | ---- | M] ()
memeosend.exe -> C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe -> [2010/07/20 13:18:14 | 004,625,680 | ---- | M] (Memeo Inc.)
mcmscsvc.exe -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.)
memeodashboard.exe -> C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe -> [2010/04/30 09:47:00 | 000,069,896 | ---- | M] (Memeo)
seagatedashboardservice.exe -> C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -> [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo)
instantbackup.exe -> C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe -> [2010/04/22 19:33:00 | 000,323,808 | ---- | M] ()
toaster.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe -> [2010/03/25 17:08:06 | 001,573,376 | ---- | M] (SoftThinks - Dell)
sftservice.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -> [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks)
mcsysmon.exe -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.)
mcagent.exe -> C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
alienfxhook32mngr.exe -> C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe -> [2009/10/05 15:36:04 | 000,013,624 | ---- | M] (Alienware)
alienwarealienfxcontroller.exe -> C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe -> [2009/10/05 15:35:52 | 000,058,696 | ---- | M] (Alienware Corporation)
ctaudsvc.exe -> C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -> [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd)
xenotray.exe -> C:\Program Files (x86)\Bigfoot Networks\Xeno Suite\XenoTray.exe -> [2009/08/05 13:29:08 | 000,696,320 | ---- | M] (Bigfoot Networks, Inc.)
gamedetectservice.exe -> C:\Program Files (x86)\Bigfoot Networks\Xeno Suite\GameDetectService.exe -> [2009/08/05 13:26:40 | 000,212,480 | ---- | M] ()
perftuneservice.exe -> C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -> [2009/07/27 15:19:12 | 000,030,944 | ---- | M] (Intel Corporation)
mcproxy.exe -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
iaantmon.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
nbservice.exe -> C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -> [2009/05/15 08:35:52 | 000,935,208 | ---- | M] (Nero AG)
brs.exe -> C:\Program Files (x86)\CyberLink\Shared Files\brs.exe -> [2009/04/29 02:50:26 | 000,075,048 | ---- | M] (cyberlink)
pdvd8serv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe -> [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.)
ewidoctrl.exe -> C:\Program Files (x86)\ewido\security suite\ewidoctrl.exe -> [2004/11/11 18:53:03 | 000,016,448 | ---- | M] (ewido networks)

[Modules - Safe List]
otl.exe -> C:\Users\Scott\Desktop\Anti Malware tools\OTL.exe -> [2011/07/23 10:12:28 | 000,645,120 | ---- | M] (OldTimer Tools)
sahook.dll -> c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll -> [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.)
alienfxhook.dll -> C:\Program Files\Alienware\Command Center\AlienFXHook.dll -> [2009/10/05 15:36:42 | 000,015,656 | ---- | M] (Alienware Corp.)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)
msvcr90.dll -> C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll -> [2009/06/10 16:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
64bit-(McShield) [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/11/04 17:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.)
64bit-(McODS) [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/10/28 12:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.)
64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009/08/27 02:56:26 | 000,202,752 | ---- | M] (AMD)
64bit-(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(AERTFilters) [Auto | Running] -> C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -> [2009/06/03 18:56:06 | 000,092,160 | ---- | M] (Andrea Electronics Corporation)
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -> [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.)
(Creative Audio Engine Licensing Service) Creative Audio Engine Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -> [2010/07/24 15:03:33 | 000,079,360 | ---- | M] (Creative Labs)
(Creative ALchemy AL6 Licensing Service) Creative ALchemy AL6 Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -> [2010/07/24 15:03:21 | 000,079,360 | ---- | M] (Creative Labs)
(mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.)
(SeagateDashboardService) Seagate Dashboard Service [Auto | Running] -> C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -> [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo)
(MemeoBackgroundService) MemeoBackgroundService [Auto | Running] -> C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -> [2010/04/22 19:33:04 | 000,025,824 | ---- | M] (Memeo)
(SftService) SoftThinks Agent Service [Auto | Running] -> C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -> [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks)
(McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
(HPSLPSVC) HP Network Devices Support [Auto | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -> [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.)
(CTAudSvcService) Creative Audio Service [Auto | Running] -> C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -> [2009/08/28 19:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd)
(GameDetect) GameDetect [Auto | Running] -> C:\Program Files (x86)\Bigfoot Networks\Xeno Suite\GameDetectService.exe -> [2009/08/05 13:26:40 | 000,212,480 | ---- | M] ()
(XTUService) Intel® Extreme Tuning Utility [Auto | Running] -> C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -> [2009/07/27 15:19:12 | 000,030,944 | ---- | M] (Intel Corporation)
(Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation)
(McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(IAANTMON) Intel® Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
(Nero BackItUp Scheduler 4.0) Nero BackItUp Scheduler 4.0 [Auto | Running] -> C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -> [2009/05/15 08:35:52 | 000,935,208 | ---- | M] (Nero AG)
(wampmysqld) wampmysqld [On_Demand | Stopped] -> c:\wamp\mysql\bin\mysqld-nt.exe -> [2007/07/06 14:14:02 | 005,730,304 | ---- | M] ()
(wampapache) wampapache [On_Demand | Stopped] -> c:\wamp\apache2\bin\httpd.exe -> [2007/01/10 01:17:24 | 000,020,539 | ---- | M] (Apache Software Foundation)
(ewido security suite guard) ewido security suite guard [Disabled | Stopped] -> C:\Program Files (x86)\ewido\security suite\ewidoguard.exe -> [2005/07/19 12:37:52 | 000,163,904 | ---- | M] (ewido networks)
(ewido security suite control) ewido security suite control [Auto | Running] -> C:\Program Files (x86)\ewido\security suite\ewidoctrl.exe -> [2004/11/11 18:53:03 | 000,016,448 | ---- | M] (ewido networks)

[Driver Services - Safe List]
64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation)
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.)
64bit-(AWOPFilterDriver) AWOPFilterDriver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -> [2010/09/02 01:12:22 | 000,019,464 | ---- | M] ()
64bit-(MPFP) MPFP [Kernel | System | Running] -> C:\Windows\SysNative\drivers\Mpfp.sys -> [2010/07/15 15:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.)
64bit-(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mfehidk.sys -> [2009/11/04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.)
64bit-(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfeavfk.sys -> [2009/11/04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.)
64bit-(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfesmfk.sys -> [2009/11/04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.)
64bit-(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mferkdk.sys -> [2009/11/04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.)
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2009/08/27 05:13:06 | 006,203,392 | ---- | M] (ATI Technologies Inc.)
64bit-(AtiHdmiService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtiHdmi.sys -> [2009/08/23 13:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.)
64bit-(WRfiltv) WRfiltv [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WRfiltv.sys -> [2009/07/31 11:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.)
64bit-(SI3132) SiI-3132 SATALink Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SI3132.sys -> [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc)
64bit-(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SiWinAcc.sys -> [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc)
64bit-(SiRemFil) SATALink External Device Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SiRemFil.sys -> [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(k57nd60a) Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\k57nd60a.sys -> [2009/07/06 14:08:10 | 000,317,480 | ---- | M] (Broadcom Corporation)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009/06/24 18:22:48 | 000,408,600 | ---- | M] (Intel Corporation)
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 15:38:56 | 000,000,308 | ---- | M] ()
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(Xeno7x64) Killer Xeno Gaming Adapter Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Xeno7x64.sys -> [2009/06/02 18:24:46 | 000,131,096 | ---- | M] (Bigfoot Networks, Inc.)
64bit-(Edge7x64) Killer Xeno NDIS-Edge Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Edge7x64.sys -> [2009/06/02 18:24:46 | 000,027,672 | ---- | M] (Bigfoot Networks, Inc.)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.)
64bit-(smbusp) Intel® SMBus 2.0 Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\intelsmb.sys -> [2009/05/13 16:31:02 | 000,063,616 | ---- | M] (Intel Corporation)
64bit-(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LMouFilt.Sys -> [2009/04/22 18:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.)
64bit-(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\LHidFilt.Sys -> [2009/04/22 18:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.)
64bit-(WimFltr) WimFltr [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WimFltr.sys -> [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation)
(IOCBIOS) IOCBIOS [Kernel | Auto | Running] -> C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -> [2009/07/09 11:53:00 | 000,027,096 | ---- | M] (Intel Corporation)
({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) Power Control [2009/11/20 18:08:09] [Kernel | Auto | Running] -> c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -> [2009/04/16 00:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.)
(ewido security suite driver) ewido security suite driver [Kernel | System | Stopped] -> C:\Program Files (x86)\ewido\security suite\guard.sys -> [2004/11/22 09:15:15 | 000,003,072 | ---- | M] ()

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{7b13ec3e-999a-4b70-b9cb-2617b8323822}" [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{aac4043a-8832-4abe-9963-35377f30b8e6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://www.alienware.com/ ->
HKEY_CURRENT_USER\: Main\\"Default_Secondary_Page_URL" -> http://support.alienware.com [binary data] ->
HKEY_CURRENT_USER\: Main\\"Secondary Start Pages" -> [Binary data over 100 bytes] ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.alienware.com/ ->
64bit-HKEY_CURRENT_USER\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,309,096 | ---- | M] (McAfee, Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,251,928 | ---- | M] (McAfee, Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{aac4043a-8832-4abe-9963-35377f30b8e6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 1 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local;<local> ->
< FireFox Settings [Prefs.js] > -> C:\Users\Scott\AppData\Roaming\Mozilla\FireFox\Profiles\ustkuvl3.default\prefs.js ->
extensions.enabledItems -> [email protected]:1.5.4 ->
extensions.enabledItems -> [email protected]:4.51 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 ->
network.proxy.http -> "" ->
network.proxy.http_port -> "" ->
network.proxy.type -> "" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\HP\Digital Imaging\smart web printing\MozillaAddOn3 [C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/03/24 21:45:30 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files (x86)\McAfee\SiteAdvisor [C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR] -> [2011/05/25 17:23:54 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/12 00:10:09 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2011/05/12 00:10:09 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Scott\AppData\Roaming\Mozilla\Extensions -> [2010/01/20 15:19:01 | 000,000,000 | ---D | M]
-> C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ustkuvl3.default\extensions -> [2011/05/26 05:37:37 | 000,000,000 | ---D | M]
-> C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\ustkuvl3.default\extensions\[email protected] -> [2010/05/06 19:51:07 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/01/20 15:18:47 | 000,000,000 | ---D | M]
HP Smart Web Printing -> C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 -> [2010/03/24 21:45:30 | 000,000,000 | ---D | M]
McAfee SiteAdvisor -> C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR -> [2011/05/25 17:23:54 | 000,000,000 | ---D | M]
Firebug -> C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\USTKUVL3.DEFAULT\EXTENSIONS\[email protected] -> [2010/05/06 19:51:07 | 000,000,000 | ---D | M]
< FireFox Components [Program Folders] > ->
< HOSTS File > ([2009/06/10 16:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/11/04 17:47:38 | 000,060,224 | ---- | M] (McAfee, Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2011/04/08 15:37:58 | 000,309,096 | ---- | M] (McAfee, Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 05:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7b13ec3e-999a-4b70-b9cb-2617b8323822} [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/11/04 17:53:42 | 000,062,784 | ---- | M] (McAfee, Inc.)
{aac4043a-8832-4abe-9963-35377f30b8e6} [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2011/04/08 15:37:58 | 000,251,928 | ---- | M] (McAfee, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 05:47:42 | 000,160,496 | ---- | M] (Yahoo! Inc)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,309,096 | ---- | M] (McAfee, Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2011/04/08 15:37:58 | 000,251,928 | ---- | M] (McAfee, Inc.)
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}" [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
"{aac4043a-8832-4abe-9963-35377f30b8e6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 05:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{7B13EC3E-999A-4B70-B9CB-2617B8323822}" [HKLM] -> C:\Program Files (x86)\Zynga\tbZyn1.dll [Zynga Toolbar] -> [2010/07/21 09:12:06 | 002,734,688 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{AAC4043A-8832-4ABE-9963-35377F30B8E6}" [HKLM] -> C:\Program Files (x86)\Castle_Age\tbCas1.dll [Castle Age Toolbar] -> [2010/09/16 19:45:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"AlienFX Controller" -> C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe ["C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"] -> [2009/10/05 15:35:52 | 000,058,696 | ---- | M] (Alienware Corporation)
"IAAnotif" -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
"Kernel and Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2009/04/22 18:09:36 | 000,130,576 | ---- | M] (Logitech, Inc.)
"Launch Keyboard CI" -> c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe ["c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe" /SHOWHIDE] -> [2009/05/28 11:42:12 | 003,438,088 | ---- | M] (Alienware)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/06/03 18:56:08 | 007,833,120 | ---- | M] (Realtek Semiconductor)
"Skytel" -> [C:\Program Files\Realtek\Audio\HDA\Skytel.exe] -> File not found
"Thermal Controller" -> C:\Program Files\Alienware\Command Center\ThermalController.exe ["C:\Program Files\Alienware\Command Center\ThermalController.exe" /auto] -> [2009/10/05 15:34:12 | 000,166,200 | ---- | M] (Alienware Corp.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BDRegion" -> c:\Program Files (x86)\CyberLink\Shared Files\brs.exe [c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe] -> [2009/04/29 02:50:26 | 000,075,048 | ---- | M] (cyberlink)
"Malwarebytes' Anti-Malware" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation)
"mcagent_exe" -> C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe ["C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
"McENUI" -> C:\Program Files (x86)\McAfee\MHN\McENUI.exe [C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide] -> [2009/07/07 22:02:26 | 001,176,808 | ---- | M] (McAfee, Inc.)
"Memeo AutoSync" -> C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent] -> [2010/04/16 16:43:12 | 000,144,608 | ---- | M] (Memeo Inc.)
"Memeo Instant Backup" -> C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui] -> [2010/04/22 19:33:08 | 000,136,416 | ---- | M] (Memeo Inc.)
"Memeo Send" -> C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe [C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent] -> [2010/07/20 13:18:14 | 000,236,816 | ---- | M] ()
"PDVD8LanguageShortcut" -> c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ["c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"] -> [2009/04/16 00:54:44 | 000,050,472 | ---- | M] (CyberLink Corp.)
"RemoteControl8" -> c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ["c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"] -> [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.)
"Seagate Dashboard" -> C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui] -> [2010/04/30 09:47:02 | 000,079,112 | ---- | M] ()
"StartCCC" -> c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2009/08/26 23:18:10 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.)
< 64bit-RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"DSUpdateLauncher" -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"] -> [2009/09/17 14:14:00 | 000,018,160 | ---- | M] (Dell)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"" -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] -> [2011/03/21 20:29:26 | 000,560,128 | ---- | M] (Dell)
"STToasterLauncher" -> C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe [C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe] -> [2010/02/11 12:53:00 | 000,120,128 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Messenger (Yahoo!)" -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/06/20 04:03:56 | 004,351,216 | ---- | M] (Yahoo! Inc.)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [0] -> File not found
\\"ConsentPromptBehaviorUser" -> [3] -> File not found
\\"EnableLUA" -> [0] -> File not found
\\"PromptOnSecureDesktop" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1093 domain(s) found. ->
bhc.edu .[*] -> Trusted sites ->
bhc-blackboard_bhc.edu [http] -> Trusted sites ->
myblackhawk_bhc.edu [*] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. ->
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_14] ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29} [HKLM] -> http://ccfiles.creat...15112/CTPID.cab [Creative Software AutoUpdate Support Package] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{A27FB204-6BE9-41E7-A300-520520548425}\\DhcpNameServer -> 192.168.0.1 (Killer Xeno NDIS EDGE Interface) ->
{B8B51C96-3A70-48E6-ABD0-BC7931CAA9E5}\\DhcpNameServer -> 0.0.0.0 (Broadcom NetLink ™ Gigabit Ethernet) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 20:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}" [HKLM] -> C:\Program Files (x86)\ewido\security suite\shellhook.dll [ewido shell guard] -> [2004/09/30 07:21:56 | 000,039,488 | ---- | M] ()
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{071B04E4-944F-4415-823E-60D618CBB01C} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{151113F4-5DE8-4F21-B5EF-6A27827BE700} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{1E2D72EB-E090-4713-85A6-04435A8BF97A} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{260F2480-A942-4D15-A6AE-93C377F882AC} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system |
{301C970B-A4E5-4C96-AD67-CAB1A98A430F} -> lport=2799 | protocol=6 | dir=in | action=allow | name=altova license metering port (tcp) |
{4B7B051D-22D1-4498-9BFD-4A726F6B96BB} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{5887A8F1-2659-488E-BEF4-EAE397BBE101} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system |
{642603CD-696E-44C2-829B-5E76C9300A0C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{6D775462-D8E6-4E00-866F-562C840BF0E7} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system |
{88EB936C-092F-4C69-B156-86FD31CD2FE0} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system |
{8E337BDD-06E7-4574-B0FB-7994AC26144C} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system |
{9D882D52-9344-4CD3-9FBC-9C3C6FDE2FDC} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system |
{A9185B5D-D823-4CBB-8179-9935FDDB55EC} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{BB70B83B-9FF9-443C-82AF-1F73D2DB4CF5} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss |
{D321AAD2-9121-465C-95B7-DF826D40861A} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{E06F23C9-697C-47C7-8A8A-774BD06B3398} -> lport=2799 | protocol=17 | dir=in | action=allow | name=altova license metering port (udp) |
{E1BEC105-9743-444B-8265-7F5A5CC94271} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{E5799705-CC3D-42CA-AFBC-E2FA12D6CB6E} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system |
{FFE76941-3203-40D6-9CCE-301B5C9A83A2} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{0122D654-819B-4B6B-B064-2651BB459B36} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
{055541AA-09A6-4D55-AEC6-E6C656E184FA} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
{056A375C-4F94-46BE-810B-7A365B26BE00} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
{0F0D95DB-4BBC-41E8-8F65-D562F1A35971} -> dir=in | action=allow | name=hpqgpc01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
{11639C76-D698-4018-B6F6-3BE5811C1A78} -> dir=in | action=allow | name=hpqsudi.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
{135EA6E5-927F-450B-8105-DF9559D3E424} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 |
{16EBDDBB-289A-4EF5-8537-2753BBA14CA5} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{1837CEF6-48DE-403F-869D-B4A36F07ACFF} -> profile=public | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe |
{19FCEE21-BD63-48C8-A950-7EA7825DA183} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{248C770E-A5E6-436C-93D3-9AFC4120476E} -> dir=in | action=allow | name=hpqusgm.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
{29A74F12-FE43-42E0-8C2F-D7C94A03B8AD} -> dir=in | action=allow | name=hpiscnapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
{315C880A-445C-499B-A6AE-6CFE63019165} -> profile=private | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{346AF33A-CAF2-4126-932A-399D71892850} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{392670AC-B829-40FC-9826-E89EB0FFE9B0} -> profile=domain | dir=in | action=allow | name=mcafee network agent | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
{3AC88A92-96D8-47F0-8384-30D4807731F2} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{40F86E82-54A2-4AEF-9DB8-7CB91BAB928A} -> dir=in | action=allow | name=hpqcopy2.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
{49F8175A-ABA0-4EE5-AA1E-F6C8516073BF} -> profile=private | protocol=6 | dir=in | action=allow | name=vmcmoteserver | app=c:\program files (x86)\vmcmoteserver\server\vmcmoteserver.exe |
{4A8B1F34-F3F3-4E72-A1A9-5A68C7406273} -> profile=public | protocol=6 | dir=out | action=allow | name=windows media player x86 (tcp-out) | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{4C438A41-E634-4408-994A-FB2BB57A3EB5} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe |
{4E2B42B9-E800-4903-BA55-C22A09760F3B} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{50D03786-ABC5-4E1C-81BD-A1CCCFBDCE39} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{52AE588D-2B92-49F6-99C8-C48686BAFC57} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe |
{54D53793-AB74-4020-A1C3-96E3B74DE4C4} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{56289E5F-0352-44E2-B80B-0B49CF882E05} -> profile=public | protocol=17 | dir=out | action=allow | name=windows media player x86 (udp-out) | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{58856C85-665C-4B32-9F54-F508160AA481} -> profile=private | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
{5C35E40A-776A-4C31-9F96-61BC33E79121} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{60A1DC02-E22D-4AA0-A3E3-6660FA115AC4} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{61FBC0B3-B1C5-4201-AF15-82F072BC292A} -> dir=in | action=allow | name=hpfccopy.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
{643A6C07-ECA9-4B8E-A933-0BE50F740F7D} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
{69CBC21A-73AA-4313-A6FB-D1ABA3138BAF} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
{6BBBC53F-598D-446E-9618-ECF76D03B45E} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
{765F769C-9994-4C4F-944D-50288B4B4543} -> dir=in | action=allow | name=hpqpsapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
{78A583E8-6533-433F-AB10-11127D95CB22} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe |
{7D02CA3F-69C2-4EEF-88CF-F818B05822F1} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 |
{7E2FEAFB-0C96-49E3-8A77-F7A8C16EFFC1} -> dir=in | action=allow | name=hpqnrs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
{81B5A6F4-60C8-4107-9FE1-15BF534C2736} -> dir=in | action=allow | name=hposfx08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
{8681D88E-5C8A-408A-A6BE-55A084DBA41A} -> profile=private | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
{9617449E-1F18-4FC4-ACB3-EE40CBE3AA8E} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{96488AD5-A887-43AF-81B4-7F18B43B3644} -> dir=in | action=allow | name=hpzwiz01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
{9C1BE57C-D6D0-4492-828D-9CB2522122E4} -> dir=in | action=allow | name=hpqste08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
{9CE70AF8-CE8E-4C50-A274-449B4218E1E9} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 |
{9D3544D0-1B4D-437E-BCAD-4F2C995B1C62} -> dir=in | action=allow | name=cyberlink powerdvd 8.0 | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
{9D777A19-17DD-48D6-98C5-B7F521CE86B1} -> dir=in | action=allow | name=smartwebprintexe.exe | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
{9EEC82BB-D416-483E-AF46-84CA50F79545} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
{A155485D-7169-467F-82B7-C2AB52380ECE} -> dir=in | action=allow | name=hpqgplgtupl.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
{AD748F72-E4D0-4D99-A198-15E0884519D6} -> dir=in | action=allow | name=hposid01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
{B4246AB6-7488-4779-8B7E-7AF2D4A4A958} -> dir=in | action=allow | name=hpoews01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
{BEEDF1D8-FD61-48E1-B2B6-84F160A3047B} -> profile=private | protocol=17 | dir=in | action=allow | name=vmcmoteserver | app=c:\program files (x86)\vmcmoteserver\server\vmcmoteserver.exe |
{C223FD2C-FBF8-45ED-BB78-ADA3414620F3} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
{C591AC26-E1EC-4641-9E16-8759713A23A7} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{C975D7E8-93FF-4CB4-8DF3-C04DA91F3AE3} -> dir=in | action=allow | name=hpqfxt08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
{CC19CF33-1B1E-4C26-9630-792FFC920F4E} -> dir=in | action=allow | name=hpofxs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
{CD70C7F8-08C9-4086-9CC9-992235322E16} -> dir=in | action=allow | name=hpqkygrp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
{D40673DD-413B-4D92-921C-1FA907E7E2F8} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
{D43D2E75-E1B0-4AC0-B582-D9B153F8CD1B} -> dir=in | action=allow | name=hpqpse.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
{D6B3DCD3-6892-486F-A730-CBCE34B15C93} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 |
{DBEDE7CE-D5D5-4B19-BA0E-63DA968464C4} -> profile=public | protocol=17 | dir=in | action=allow | name=windows media player (udp-in) | app=%programfiles%\windows media player\wmplayer.exe |
{DFF7CE1A-7223-483F-B683-799C483819AC} -> dir=in | action=allow | name=hpwucli.exe | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
{E04EF51D-2980-4D28-9734-9BCC089BD710} -> profile=public | protocol=17 | dir=in | action=allow | name=windows media player x86 (udp-in) | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{E05E65AA-1A50-4DDE-A377-C1E854A56680} -> profile=public | protocol=17 | dir=out | action=allow | name=windows media player (udp-out) | app=%programfiles%\windows media player\wmplayer.exe |
{E69FCD62-209A-452B-AB61-E4B8AAFFA8BB} -> dir=in | action=allow | name=hpqphotocrm.exe | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
{EB0A870D-166C-47B5-B0DD-893B7D4AB61D} -> profile=public | protocol=6 | dir=out | action=allow | name=windows media player (tcp-out) | app=%programfiles%\windows media player\wmplayer.exe |
{EBEBFBE9-7AA6-4DED-8A4D-FFBB93198AA9} -> dir=in | action=allow | name=hpofxm08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
{EC99612D-F294-4BC5-B7A9-4D8D8EF44E70} -> profile=public | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe |
{ED4B233B-B6FF-45BC-8A7C-953A7170AA04} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{F1A94004-7C8F-4471-A0F9-99B420869485} -> dir=in | action=allow | name=hpqtra08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
{F4536311-4F85-4547-8A61-C941988C2E9B} -> profile=private | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{F4C908EE-8EC6-48E0-99CB-BD64A7294A96} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
{F688C2E2-E7D6-411D-B7CC-AA6B148691DD} -> dir=in | action=allow | name=hpqusgh.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
{FC588ADD-DDB9-46DF-9B85-F2E645A3DE24} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{FD98E274-4989-4E95-B705-A4099A33998B} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
TCP Query User{D91E7856-A5F6-48E7-9FB1-5044E8303BD0}C:\users\public\games\world of warcraft\launcher.exe -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=c:\users\public\games\world of warcraft\launcher.exe |
UDP Query User{5509DE69-CCBC-4ADE-830F-466C0FD1981C}C:\users\public\games\world of warcraft\launcher.exe -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=c:\users\public\games\world of warcraft\launcher.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
CyberLink PowerDVD 8 -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 -> [2011/07/23 12:00:25 | 000,000,000 | R--D | C]
Malwarebytes -> C:\Users\Scott\AppData\Roaming\Malwarebytes -> [2011/07/23 10:46:45 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2011/07/23 10:46:39 | 000,041,272 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/07/23 10:46:39 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/07/23 10:46:38 | 000,000,000 | ---D | C]
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/07/23 10:46:35 | 000,025,912 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2011/07/23 10:46:35 | 000,000,000 | ---D | C]
_OTS -> C:\_OTS -> [2011/07/23 10:44:32 | 000,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2011/07/23 10:08:20 | 000,000,000 | ---D | C]
ewido -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ewido -> [2011/07/23 09:59:28 | 000,000,000 | ---D | C]
ewido -> C:\Program Files (x86)\ewido -> [2011/07/23 09:59:26 | 000,000,000 | ---D | C]
Lavasoft -> C:\Users\Scott\AppData\Roaming\Lavasoft -> [2011/07/23 09:58:45 | 000,000,000 | ---D | C]
Anti Malware tools -> C:\Users\Scott\Desktop\Anti Malware tools -> [2011/07/23 09:44:06 | 000,000,000 | ---D | C]
Ventrilo -> C:\Users\Scott\AppData\Roaming\Ventrilo -> [2011/07/22 20:33:08 | 000,000,000 | ---D | C]
Ventrilo -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo -> [2011/07/22 20:32:38 | 000,000,000 | ---D | C]
Ventrilo -> C:\Program Files\Ventrilo -> [2011/07/22 20:32:36 | 000,000,000 | ---D | C]
Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2011/07/22 20:32:13 | 000,000,000 | ---D | C]
iTunes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes -> [2011/07/21 00:04:32 | 000,000,000 | ---D | C]
iPod -> C:\Program Files\iPod -> [2011/07/21 00:03:45 | 000,000,000 | ---D | C]
iTunes -> C:\Program Files\iTunes -> [2011/07/21 00:03:44 | 000,000,000 | ---D | C]
Bonjour -> C:\Program Files\Bonjour -> [2011/07/21 00:02:04 | 000,000,000 | ---D | C]
Bonjour -> C:\Program Files (x86)\Bonjour -> [2011/07/21 00:02:04 | 000,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
menu.new -> C:\ProgramData\menu.new -> [2011/07/23 12:01:08 | 000,000,166 | ---- | M] ()
menu.bfm -> C:\ProgramData\menu.bfm -> [2011/07/23 12:01:08 | 000,000,166 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2011/07/23 12:00:04 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011/07/23 12:00:02 | 529,780,735 | -HS- | M] ()
Config.MPF -> C:\Windows\SysNative\Config.MPF -> [2011/07/23 11:58:52 | 000,014,636 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/23 11:04:41 | 000,014,016 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/23 11:04:41 | 000,014,016 | -H-- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2011/07/23 10:46:39 | 000,001,099 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/07/23 10:46:39 | 000,001,075 | ---- | M] ()
World of Warcraft.lnk -> C:\Users\Public\Desktop\World of Warcraft.lnk -> [2011/07/23 10:27:00 | 000,001,064 | ---- | M] ()
ewido security suite.lnk -> C:\Users\Public\Desktop\ewido security suite.lnk -> [2011/07/23 09:59:28 | 000,001,092 | ---- | M] ()
OTL.exe -> C:\OTL.exe -> [2011/07/23 09:44:23 | 000,085,543 | ---- | M] ()
B50C.5FC -> C:\Users\Scott\AppData\Roaming\B50C.5FC -> [2011/07/22 21:26:02 | 000,020,611 | ---- | M] ()
Ventrilo.lnk -> C:\Users\Scott\Desktop\Ventrilo.lnk -> [2011/07/22 20:32:38 | 000,000,919 | ---- | M] ()
{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> [2011/07/22 20:32:38 | 000,000,262 | ---- | M] ()
Apple Safari.lnk -> C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2011/07/21 00:06:12 | 000,002,515 | ---- | M] ()
Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2011/07/21 00:06:12 | 000,002,491 | ---- | M] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/07/21 00:04:32 | 000,001,745 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation)
McQcTask.job -> C:\Windows\tasks\McQcTask.job -> [2011/07/01 01:00:31 | 000,000,318 | ---- | M] ()
268 C:\Users\Scott\AppData\Local\Temp\*.tmp files -> C:\Users\Scott\AppData\Local\Temp\*.tmp ->

[Files - No Company Name]
menu.new -> C:\ProgramData\menu.new -> [2011/07/23 12:01:08 | 000,000,166 | ---- | C] ()
menu.bfm -> C:\ProgramData\menu.bfm -> [2011/07/23 12:01:08 | 000,000,166 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2011/07/23 10:46:39 | 000,001,099 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/07/23 10:46:39 | 000,001,075 | ---- | C] ()
ewido security suite.lnk -> C:\Users\Public\Desktop\ewido security suite.lnk -> [2011/07/23 09:59:28 | 000,001,092 | ---- | C] ()
OTL.exe -> C:\OTL.exe -> [2011/07/23 09:53:10 | 000,085,543 | ---- | C] ()
Ventrilo.lnk -> C:\Users\Scott\Desktop\Ventrilo.lnk -> [2011/07/22 20:32:38 | 000,000,919 | ---- | C] ()
{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini -> [2011/07/22 20:32:34 | 000,000,262 | ---- | C] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/07/21 00:04:32 | 000,001,745 | ---- | C] ()
B50C.5FC -> C:\Users\Scott\AppData\Roaming\B50C.5FC -> [2011/07/05 21:04:07 | 000,020,611 | ---- | C] ()
servetome-fonts.conf -> C:\Users\Scott\AppData\Roaming\servetome-fonts.conf -> [2011/05/07 01:45:32 | 000,005,259 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010/12/08 09:52:44 | 000,730,638 | ---- | C] ()
resmon.resmoncfg -> C:\Users\Scott\AppData\Local\resmon.resmoncfg -> [2010/09/19 22:49:51 | 000,000,017 | ---- | C] ()
WRcfg.ini -> C:\Windows\WRcfg.ini -> [2010/07/24 15:03:38 | 000,001,801 | ---- | C] ()
WRMCcfg.ini -> C:\Windows\WRMCcfg.ini -> [2010/07/24 15:03:38 | 000,000,388 | ---- | C] ()
hpomdl19.dat.temp -> C:\Windows\hpomdl19.dat.temp -> [2010/03/24 22:02:44 | 000,013,898 | ---- | C] ()
hpoins19.dat -> C:\Windows\hpoins19.dat -> [2010/03/24 21:42:20 | 000,221,430 | ---- | C] ()
hpomdl19.dat -> C:\Windows\hpomdl19.dat -> [2010/03/24 21:42:20 | 000,013,898 | ---- | C] ()
nsreg.dat -> C:\Windows\nsreg.dat -> [2010/01/20 15:18:57 | 000,000,000 | ---- | C] ()
phpdesigner2007pe.xml -> C:\Users\Scott\AppData\Roaming\phpdesigner2007pe.xml -> [2010/01/06 20:46:04 | 000,013,280 | ---- | C] ()
APOMngr.DLL -> C:\Windows\SysWow64\APOMngr.DLL -> [2009/11/20 20:18:36 | 000,176,128 | ---- | C] ()
CmdRtr.DLL -> C:\Windows\SysWow64\CmdRtr.DLL -> [2009/11/20 20:18:36 | 000,073,728 | ---- | C] ()
ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2009/11/20 20:18:15 | 000,000,000 | ---- | C] ()
CCBiosSupportAPI.dll -> C:\Windows\SysWow64\CCBiosSupportAPI.dll -> [2009/09/25 15:50:00 | 000,097,584 | ---- | C] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 00:38:36 | 000,067,584 | --S- | C] ()
NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 21:35:51 | 000,000,741 | ---- | C] ()
dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 21:34:42 | 000,215,943 | ---- | C] ()
mib.bin -> C:\Windows\mib.bin -> [2009/07/13 19:10:29 | 000,043,131 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] ()
mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 16:26:10 | 000,673,088 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] ()
AgCPanelSwedish.dll -> C:\Windows\SysWow64\AgCPanelSwedish.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] ()
AgCPanelSpanish.dll -> C:\Windows\SysWow64\AgCPanelSpanish.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelPortugese.dll -> C:\Windows\SysWow64\AgCPanelPortugese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelKorean.dll -> C:\Windows\SysWow64\AgCPanelKorean.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelJapanese.dll -> C:\Windows\SysWow64\AgCPanelJapanese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelGerman.dll -> C:\Windows\SysWow64\AgCPanelGerman.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()
AgCPanelFrench.dll -> C:\Windows\SysWow64\AgCPanelFrench.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] ()

[File - Lop Check]
.servetome-fontconfig -> C:\Users\Scott\AppData\Roaming\.servetome-fontconfig -> [2011/05/07 01:46:06 | 000,000,000 | ---D | M]
Acreon -> C:\Users\Scott\AppData\Roaming\Acreon -> [2009/12/01 02:03:43 | 000,000,000 | ---D | M]
BACS.exe -> C:\Users\Scott\AppData\Roaming\BACS.exe -> [2009/12/02 16:52:33 | 000,000,000 | ---D | M]
Leadertech -> C:\Users\Scott\AppData\Roaming\Leadertech -> [2011/04/14 23:09:45 | 000,000,000 | ---D | M]
Memeo -> C:\Users\Scott\AppData\Roaming\Memeo -> [2011/04/15 20:35:21 | 000,000,000 | ---D | M]
Notepad++ -> C:\Users\Scott\AppData\Roaming\Notepad++ -> [2010/01/20 14:17:29 | 000,000,000 | ---D | M]
PHP Designer 2007 -> C:\Users\Scott\AppData\Roaming\PHP Designer 2007 -> [2010/01/06 20:46:04 | 000,000,000 | ---D | M]
Seagate -> C:\Users\Scott\AppData\Roaming\Seagate -> [2011/04/14 23:12:39 | 000,000,000 | ---D | M]
McDefragTask.job -> C:\Windows\Tasks\McDefragTask.job -> [2011/05/15 01:05:49 | 000,000,340 | ---- | M] ()
McQcTask.job -> C:\Windows\Tasks\McQcTask.job -> [2011/07/01 01:00:31 | 000,000,318 | ---- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/07/23 12:00:05 | 000,032,606 | ---- | M] ()

[File - Purity Scan]

< End of report >


thanks!!
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are your current problems ? Also could you post the malwarebytes log please

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: "ProxyEnable" -> 1
[Files/Folders - Modified Within 30 Days]
NY -> menu.new -> C:\ProgramData\menu.new
NY -> menu.bfm -> C:\ProgramData\menu.bfm
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!
  • 0

#7
Czuma

Czuma

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ok ran it and it asked for a reboot again
. i reran mayware bytes and there were no additonal malware objects
  • 0

#8
Czuma

Czuma

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
still cant update windows up date.... ie randomly freezes like this post will freeze for a bit then eventually respond... also the white flag in my systray by my clock
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Freezing on this page is due to the size of the code boxes, I will remove the tags - does it run any faster ?

Could you go to this MS page and run the fixit tool about halfway down. Run it normally at first and if that fails then run it aggressively

Once done can you let me know of any remaining problems
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I forgot the flag - do you mean this ? If so it is a normal part of windows 7
[attachment=51450:Capture.GIF]
  • 0

#11
Czuma

Czuma

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
looks good. i ran the ms fix in default and after reboot i can now run updates this also took the white flag away so not sure if it was a problem or just a symptom. all other virus symptoms seem gone now tyvm for your help!!!
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished.

Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP