Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google search blocked

Started by audstune , Sep 01 2011 02:40 PM

  • This topic is locked This topic is locked

#1
audstune
Posted 01 September 2011 - 02:40 PM

audstune

    New Member

  • Member
  • Pip
  • 4 posts
Hi...

I was attempting to do a google search on a site and this is the message I received: We're sorry...but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.

So I did a scan with hijackthis. But I don't know what the source is from the log, or what is safe to delete...I've attached the log, can anyone help with this?

Thanks so much!! :)

Attached Files


  • 0

Advertisements

#2
Render
Posted 04 September 2011 - 02:43 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select No.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • OTL scan log
  • Extras log

  • 0

#3
audstune
Posted 04 September 2011 - 05:08 PM

audstune

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Will do...thank you very much! :)
  • 0

#4
Render
Posted 05 September 2011 - 03:44 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

#5
audstune
Posted 10 September 2011 - 08:15 AM

audstune

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 9/10/2011 9:43:55 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\My Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 52.28% Memory free
6.19 Gb Paging File | 4.69 Gb Available in Paging File | 75.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.32 Gb Total Space | 61.65 Gb Free Space | 21.31% Space Free | Partition Type: NTFS
Drive D: | 8.77 Gb Total Space | 1.57 Gb Free Space | 17.92% Space Free | Partition Type: NTFS

Computer Name: HISWORLD2 | User Name: audstune | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/04 19:01:47 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe
PRC - [2011/06/28 07:04:00 | 006,512,896 | ---- | M] (Just Great Software) -- C:\Program Files\JGsoft\EditPadLite\EditPadLite7.exe
PRC - [2011/05/27 08:52:30 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/09/13 11:48:14 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/05/18 00:03:31 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
PRC - [2010/04/19 23:26:47 | 000,159,744 | ---- | M] () -- C:\Program Files\Kolbo Alert\alert.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
PRC - [2009/10/26 21:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\audstune\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2009/06/03 20:43:18 | 000,450,652 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
PRC - [2009/05/15 12:34:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe
PRC - [2009/02/18 12:01:42 | 001,447,632 | ---- | M] (WhiteCanyon, Inc.) -- C:\Program Files\WhiteCanyon\MySecurityVault\MySecurityVault_TrayIcon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/06 20:37:22 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/07/23 22:35:42 | 000,292,216 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/07/23 22:35:42 | 000,116,080 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/07/23 22:35:12 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/07/14 22:15:10 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2008/07/14 22:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2008/05/26 08:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\System32\vfsFPService.exe
PRC - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 20:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2000/06/29 04:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\Crypserv.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/11 10:43:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/11 10:43:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/11 10:42:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 10:42:42 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll
MOD - [2011/08/11 09:14:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/11 09:14:41 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/04/19 23:26:47 | 000,159,744 | ---- | M] () -- C:\Program Files\Kolbo Alert\alert.exe
MOD - [2008/07/23 22:35:44 | 000,120,216 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2008/07/23 22:35:42 | 000,259,480 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2008/07/23 22:35:42 | 000,038,184 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
MOD - [2008/07/23 22:35:40 | 000,345,384 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
MOD - [2008/07/23 22:35:04 | 000,066,856 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll
MOD - [2008/02/28 09:12:17 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\actskn43.ocx


========== Win32 Services (SafeList) ==========

SRV - [2011/08/02 20:49:17 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2011/04/13 18:10:34 | 000,103,336 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/05/18 00:03:31 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/30 19:17:28 | 000,946,180 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe -- (STacSV)
SRV - [2009/05/15 12:34:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe -- (AESTFilters)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/06 20:37:22 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/23 22:35:42 | 000,292,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2008/07/23 22:35:42 | 000,116,080 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2008/07/14 22:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/05/26 08:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2000/06/29 04:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/09/01 20:04:13 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110901.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/23 00:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110909.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/03 22:03:58 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110909.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 22:03:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110909.024\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 22:06:01 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/07/27 19:47:24 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 19:47:24 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/05/09 20:18:40 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/01 10:23:02 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/09/19 10:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/19 10:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/19 10:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/19 10:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/19 10:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/02 20:23:12 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/06/30 16:02:26 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DbusAudio.sys -- (DbusAudio)
DRV - [2009/06/03 20:43:18 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/05/20 15:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/12/17 09:31:50 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AsAudioDevice_351.sys -- (AsAudioDevice_351)
DRV - [2008/08/28 21:52:34 | 000,016,896 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VirtualAudio.sys -- (wsvad_driver)
DRV - [2008/08/06 01:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/25 09:28:00 | 007,547,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/24 00:55:40 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/07/07 15:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/06/26 00:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/05/26 08:44:14 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008/04/28 06:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/29 01:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc)
DRV - [2000/02/03 15:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...search.asp?p=%s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\URLSearchHook: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files\Soft-Search\tbSof1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ediblog.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ediblog.com/"
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..extensions.enabledItems: feedly@devhd:2.15
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.7600.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/audstune/AppData/Local/Temp/RapidSolution/Tunebite/.downloading/profile/rrproxy_ffox_4dcfcb89.pac"
FF - prefs.js..network.proxy.type: 2


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\audstune\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/09/07 05:00:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009/03/25 07:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin [2010/05/18 00:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\[email protected]\ [2010/05/28 21:07:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Logia\eSnipsDownloader\ext [2010/11/16 15:13:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2011/08/17 09:32:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 20:25:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 12:13:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\firefoxext [2009/03/25 07:48:14 | 000,000,000 | ---D | M]

[2009/03/25 12:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\audstune\AppData\Roaming\Mozilla\Extensions
[2011/09/06 09:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions
[2009/06/28 23:41:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/29 09:38:09 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/08/01 21:51:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/08 00:05:09 | 000,000,000 | ---D | M] (Fast Browser Search (My Web Tattoo)) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2011/08/18 15:43:12 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011/08/18 15:42:26 | 000,000,000 | ---D | M] (Dictionary.com) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\[email protected]
[2011/01/11 18:54:13 | 000,000,000 | ---D | M] (Font Finder) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\[email protected]
[2011/08/05 21:50:04 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2010/11/16 15:13:30 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\[email protected]
[2010/02/18 10:29:04 | 000,000,000 | ---D | M] (SpellBound) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\[email protected]
[2010/11/16 15:13:31 | 000,001,919 | ---- | M] () -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\searchplugins\bing-zugo.xml
[2009/12/08 00:05:10 | 000,005,413 | ---- | M] () -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\searchplugins\fast-browser-search.xml
[2011/08/24 11:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/27 14:25:49 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/16 12:43:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/16 13:28:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/24 11:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2010/04/04 22:21:16 | 000,000,000 | ---D | M] (Facemoods) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/08 13:26:11 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/08/17 09:32:52 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\[email protected]
[2011/09/07 20:25:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/04/01 01:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/26 21:02:30 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/05/13 20:16:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/03/10 11:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files\Soft-Search\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoods.dll (facemoods.com)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (AddThis Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (eSnipsBHO Class) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files\Logia\eSnipsDownloader\eSnipsBHO.dll (Logia Media)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files\Soft-Search\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (MySecurityVault Toolbar) - {D3117279-E115-4C9B-A8FE-D2983653EC51} - C:\Program Files\WhiteCanyon\MySecurityVault\WCVaultToolbar.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (MP3Bar) - {F6BD6330-76F8-44d9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Soft-Search Toolbar) - {09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} - C:\Program Files\Soft-Search\tbSof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (MP3Bar) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe ()
O4 - HKLM..\Run: [MySecurityVault Tray] C:\Program Files\WhiteCanyon\MySecurityVault\MySecurityVault_TrayIcon.exe (WhiteCanyon, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [WeatherEye] C:\Users\audstune\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Users\audstune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kolbo Alert.lnk = C:\Program Files\Kolbo Alert\alert.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dreamtemplate.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ediblog.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{351E24A1-3EB0-47AC-AAED-EE6C91C2BAC5}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img217.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img217.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/07 02:58:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{26a7ae5b-0e09-11df-b67e-00238b21dd91}\Shell\AutoRun\command - "" = setup.exe /AUTORUN
O33 - MountPoints2\{26a7ae5b-0e09-11df-b67e-00238b21dd91}\Shell\configure\command - "" = setup.exe -- [2011/05/10 19:56:41 | 009,722,931 | ---- | M] ()
O33 - MountPoints2\{26a7ae5b-0e09-11df-b67e-00238b21dd91}\Shell\install\command - "" = setup.exe -- [2011/05/10 19:56:41 | 009,722,931 | ---- | M] ()
O33 - MountPoints2\{26a7ae5e-0e09-11df-b67e-00238b21dd91}\Shell - "" = AutoRun
O33 - MountPoints2\{26a7ae5e-0e09-11df-b67e-00238b21dd91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{59fcadbf-cb93-11de-8055-00238b21dd91}\Shell - "" = AutoRun
O33 - MountPoints2\{59fcadbf-cb93-11de-8055-00238b21dd91}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{c3b0ba81-1054-11df-b67e-00238b21dd91}\Shell - "" = AutoRun
O33 - MountPoints2\{c3b0ba81-1054-11df-b67e-00238b21dd91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 20:21:52 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Local\TuneUpMedic
[2011/09/09 20:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedic
[2011/09/09 20:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUpMedic
[2011/09/09 20:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedic
[2011/09/09 15:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Amazon
[2011/09/06 10:39:29 | 000,000,000 | ---D | C] -- C:\Users\audstune\Documents\10 years on, anti-Semitic conspiracy theories about 9-11 persist JTA - Jewish & Israel News_files
[2011/09/03 19:19:41 | 000,000,000 | ---D | C] -- C:\Users\audstune\Documents\christianmalard_files
[2011/09/03 19:19:00 | 000,000,000 | ---D | C] -- C:\Users\audstune\Documents\Google Translate_files
[2011/09/03 14:48:14 | 000,000,000 | ---D | C] -- C:\Users\audstune\Documents\History of the Jews in Turkey - Wikipedia, the free encyclopedia_files
[2011/09/02 09:24:25 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/09/01 16:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/01 16:19:08 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/24 11:33:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/24 11:33:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/24 11:33:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/24 08:17:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/23 12:02:16 | 000,000,000 | ---D | C] -- C:\Debra Rae
[2011/08/17 23:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiesta Download Manager
[2011/08/17 18:43:14 | 000,000,000 | ---D | C] -- C:\flashtuts
[2011/08/17 18:43:14 | 000,000,000 | ---D | C] -- C:\Flashstuff
[2011/08/17 18:43:13 | 000,000,000 | ---D | C] -- C:\flash
[2011/08/17 18:42:04 | 000,000,000 | ---D | C] -- C:\Petie
[2011/08/17 18:42:04 | 000,000,000 | ---D | C] -- C:\pete
[2011/08/17 18:39:41 | 004,718,864 | ---- | C] (HTML-Helper) -- C:\Program Files\ussher.exe
[2011/08/17 18:35:32 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Roaming\Help
[2011/08/17 18:35:32 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Local\Help
[2011/08/17 18:35:16 | 000,000,000 | ---D | C] -- C:\Windows\INDSOFT
[2011/08/17 18:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Screen Creator
[2011/08/17 18:33:30 | 000,000,000 | ---D | C] -- C:\screenplays
[2011/08/17 18:32:14 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeLifter 5.0
[2011/08/17 18:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\CodeLifter5
[2011/08/17 17:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\SaverGenDemo
[2011/08/17 17:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaverGen Demo
[2011/08/17 17:04:34 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Local\Flat Rock Software
[2011/08/17 17:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\SSSTUDIO
[2011/08/16 13:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2011/08/16 13:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2011/08/16 00:05:29 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Roaming\AI Internet Solutions
[2011/08/16 00:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\HTMLValidatorLite80
[2011/08/13 09:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/08/13 09:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/08/13 09:35:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2011/08/12 21:11:34 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/08/12 21:06:59 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Local\Research In Motion
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/10 09:48:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/10 09:35:04 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 09:35:04 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 09:30:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888258364-4078971072-2230631149-1000UA.job
[2011/09/10 09:28:27 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB887F21-7757-4988-9E41-5A580E782853}.job
[2011/09/10 07:43:23 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/10 07:36:02 | 000,001,806 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/09/10 07:36:00 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/10 07:35:24 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/10 07:35:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/10 07:35:06 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\TuneUpMedic_scan_schedule_task_e40d44a1-a616-4b7b-97b7-382eb690109a.job
[2011/09/10 07:35:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/10 07:34:50 | 3216,232,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/10 07:32:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888258364-4078971072-2230631149-1000Core.job
[2011/09/10 00:40:09 | 000,000,840 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUpMedic.lnk
[2011/09/09 15:30:51 | 000,370,208 | ---- | M] () -- C:\Users\audstune\AppData\Local\Schedule8.dat
[2011/09/09 15:10:39 | 000,001,807 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2011/09/09 15:10:39 | 000,001,777 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Amazon Unbox Video.lnk
[2011/09/08 09:45:29 | 000,642,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/08 09:45:29 | 000,120,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/08 08:42:57 | 000,002,305 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/09/08 08:06:14 | 000,000,378 | ---- | M] () -- C:\Windows\System32\Pen_Tablet.dat
[2011/09/07 16:45:09 | 000,007,518 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/06 10:39:30 | 000,042,374 | ---- | M] () -- C:\Users\audstune\Documents\10 years on, anti-Semitic conspiracy theories about 9-11 persist JTA - Jewish & Israel News.htm
[2011/09/05 07:46:19 | 000,007,592 | ---- | M] () -- C:\Users\audstune\AppData\Local\d3d9caps.dat
[2011/09/03 19:19:45 | 000,000,617 | ---- | M] () -- C:\Users\audstune\Documents\christianmalard.htm
[2011/09/03 19:19:02 | 000,000,623 | ---- | M] () -- C:\Users\audstune\Documents\Google Translate.htm
[2011/09/03 14:48:16 | 000,201,945 | ---- | M] () -- C:\Users\audstune\Documents\History of the Jews in Turkey - Wikipedia, the free encyclopedia.htm
[2011/09/03 14:33:56 | 000,002,529 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2011/09/03 10:25:54 | 000,628,799 | ---- | M] () -- C:\Users\audstune\Documents\Palmer-Committee-Final-report.pdf
[2011/08/29 08:16:34 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/28 11:39:30 | 000,000,460 | ---- | M] () -- C:\Users\audstune\Documents\dr_site.cs
[2011/08/27 20:32:45 | 000,538,292 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/08/26 23:49:08 | 000,002,571 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Web Image Studio.lnk
[2011/08/25 22:11:29 | 000,000,951 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhymesaurus.lnk
[2011/08/25 22:09:35 | 000,000,718 | ---- | M] () -- C:\Users\audstune\Desktop\DropZip.exe - Shortcut.lnk
[2011/08/25 15:27:59 | 000,000,408 | ---- | M] () -- C:\Users\audstune\Documents\debrarae.cs
[2011/08/25 15:19:13 | 000,000,406 | ---- | M] () -- C:\Users\audstune\Desktop\Debra Rae.lnk
[2011/08/24 22:45:57 | 000,000,504 | ---- | M] () -- C:\{FD59F626-0F2A-4FDF-96BE-5F24364F5674}
[2011/08/24 08:49:32 | 000,202,782 | ---- | M] () -- C:\Users\audstune\Documents\durban_ngo_declaration_2001.pdf
[2011/08/23 15:58:41 | 001,341,797 | ---- | M] () -- C:\Users\audstune\Documents\WSWF%20Poker%20Save%20the%20Date%202011%20wh-final.pdf
[2011/08/23 11:17:27 | 000,000,943 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/21 22:37:28 | 000,134,041 | ---- | M] () -- C:\Users\audstune\Documents\CT_New_Hair_Biology_Model.pdf
[2011/08/17 23:23:12 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Fiesta Download Manager.lnk
[2011/08/17 18:36:43 | 000,000,210 | ---- | M] () -- C:\Windows\Screen Creator.INI
[2011/08/17 18:32:14 | 000,000,835 | ---- | M] () -- C:\Users\audstune\Desktop\Code Lifter.lnk
[2011/08/17 17:04:30 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Screen Saver Studio Deluxe.LNK
[2011/08/14 07:58:45 | 002,263,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/13 09:34:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/08/12 22:27:41 | 001,033,561 | ---- | M] () -- C:\Users\audstune\Documents\LoaderBackup-(2011-08-12).ipd
[2011/08/12 21:32:39 | 000,096,256 | ---- | M] () -- C:\Users\audstune\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/12 21:12:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/08/12 21:12:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/12 21:04:52 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/10 00:40:09 | 000,000,840 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUpMedic.lnk
[2011/09/09 20:21:53 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\TuneUpMedic_scan_schedule_task_e40d44a1-a616-4b7b-97b7-382eb690109a.job
[2011/09/09 15:10:39 | 000,001,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2011/09/09 15:10:39 | 000,001,777 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Amazon Unbox Video.lnk
[2011/09/07 08:01:45 | 000,000,378 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat
[2011/09/06 10:39:28 | 000,042,374 | ---- | C] () -- C:\Users\audstune\Documents\10 years on, anti-Semitic conspiracy theories about 9-11 persist JTA - Jewish & Israel News.htm
[2011/09/03 19:19:41 | 000,000,617 | ---- | C] () -- C:\Users\audstune\Documents\christianmalard.htm
[2011/09/03 19:19:00 | 000,000,623 | ---- | C] () -- C:\Users\audstune\Documents\Google Translate.htm
[2011/09/03 14:48:12 | 000,201,945 | ---- | C] () -- C:\Users\audstune\Documents\History of the Jews in Turkey - Wikipedia, the free encyclopedia.htm
[2011/09/03 14:33:56 | 000,002,529 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2011/09/03 10:25:54 | 000,628,799 | ---- | C] () -- C:\Users\audstune\Documents\Palmer-Committee-Final-report.pdf
[2011/08/28 11:39:29 | 000,000,460 | ---- | C] () -- C:\Users\audstune\Documents\dr_site.cs
[2011/08/26 23:49:08 | 000,002,571 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Web Image Studio.lnk
[2011/08/25 22:11:29 | 000,000,951 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhymesaurus.lnk
[2011/08/25 22:09:35 | 000,000,718 | ---- | C] () -- C:\Users\audstune\Desktop\DropZip.exe - Shortcut.lnk
[2011/08/25 15:27:59 | 000,000,408 | ---- | C] () -- C:\Users\audstune\Documents\debrarae.cs
[2011/08/25 15:19:12 | 000,000,406 | ---- | C] () -- C:\Users\audstune\Desktop\Debra Rae.lnk
[2011/08/25 11:40:31 | 000,000,398 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB887F21-7757-4988-9E41-5A580E782853}.job
[2011/08/24 22:45:57 | 000,000,504 | ---- | C] () -- C:\{FD59F626-0F2A-4FDF-96BE-5F24364F5674}
[2011/08/24 08:49:32 | 000,202,782 | ---- | C] () -- C:\Users\audstune\Documents\durban_ngo_declaration_2001.pdf
[2011/08/23 15:58:41 | 001,341,797 | ---- | C] () -- C:\Users\audstune\Documents\WSWF%20Poker%20Save%20the%20Date%202011%20wh-final.pdf
[2011/08/23 11:17:26 | 000,000,943 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/21 22:37:28 | 000,134,041 | ---- | C] () -- C:\Users\audstune\Documents\CT_New_Hair_Biology_Model.pdf
[2011/08/17 23:23:12 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Fiesta Download Manager.lnk
[2011/08/17 18:35:16 | 000,000,210 | ---- | C] () -- C:\Windows\Screen Creator.INI
[2011/08/17 18:32:14 | 000,000,835 | ---- | C] () -- C:\Users\audstune\Desktop\Code Lifter.lnk
[2011/08/17 17:04:30 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Screen Saver Studio Deluxe.LNK
[2011/08/17 17:04:23 | 000,000,764 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen Saver Studio Deluxe.lnk
[2011/08/13 09:34:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/08/12 22:27:40 | 001,033,561 | ---- | C] () -- C:\Users\audstune\Documents\LoaderBackup-(2011-08-12).ipd
[2011/08/12 21:12:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/08/12 21:12:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/12 21:11:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/05/31 13:07:23 | 000,000,054 | ---- | C] () -- C:\Windows\Musician.INI
[2011/04/27 01:19:30 | 000,000,074 | RHS- | C] () -- C:\Windows\ICMET20.BIN
[2011/03/22 09:25:00 | 000,538,292 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/08 13:44:41 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/09/26 19:51:44 | 004,054,056 | ---- | C] () -- C:\Windows\System32\PhotoLooksRenderer.dll
[2010/07/23 09:09:47 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/07/16 22:50:33 | 000,000,621 | ---- | C] () -- C:\Windows\tlknw17.ini
[2010/07/16 16:44:52 | 000,000,625 | ---- | C] () -- C:\Windows\tlknw3.ini
[2010/07/16 15:04:53 | 000,000,623 | ---- | C] () -- C:\Windows\tlknw5.ini
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/16 19:18:59 | 000,000,030 | R--- | C] () -- C:\Windows\System32\drivers\RevHDD.ini
[2010/06/10 22:15:05 | 000,000,200 | ---- | C] () -- C:\Windows\ulead32.ini
[2010/06/05 00:31:22 | 000,005,120 | ---- | C] () -- C:\Windows\EyeCand3.INI
[2010/06/03 22:56:06 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2010/05/06 17:44:04 | 000,000,008 | RHS- | C] () -- C:\ProgramData\7C3CD8275B.sys
[2010/05/05 12:45:53 | 000,188,416 | ---- | C] () -- C:\Windows\System32\muangsys.dll
[2010/05/05 12:45:53 | 000,077,824 | ---- | C] () -- C:\Windows\System32\muadisp.dll
[2010/02/09 21:50:55 | 000,000,096 | ---- | C] () -- C:\Users\audstune\AppData\Local\fusioncache.dat
[2010/02/09 19:22:02 | 000,000,032 | ---- | C] () -- C:\Windows\tdlp32.ini
[2010/01/06 17:29:55 | 000,000,318 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2009/12/17 17:26:00 | 000,007,518 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/30 14:42:07 | 000,370,208 | ---- | C] () -- C:\Users\audstune\AppData\Local\Schedule8.dat
[2009/09/01 15:25:33 | 000,000,044 | ---- | C] () -- C:\Windows\Crypkey.ini
[2009/09/01 15:25:31 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2009/09/01 15:25:31 | 000,024,608 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2009/09/01 15:25:31 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2009/09/01 15:25:31 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2009/08/31 13:03:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2009/08/25 14:48:47 | 000,004,000 | ---- | C] () -- C:\Windows\logos20.ini
[2009/08/23 23:06:59 | 000,634,880 | ---- | C] () -- C:\Windows\System32\ISerifVideo1.dll
[2009/08/23 23:06:59 | 000,524,288 | ---- | C] () -- C:\Windows\System32\ISerifVideoDX1.dll
[2009/08/23 23:06:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ISerifAnimation1.dll
[2009/08/23 23:06:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ISerifDSFiltEnum1.dll
[2009/08/23 23:06:58 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2009/08/23 23:06:58 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2009/08/23 23:06:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2009/08/23 23:06:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2009/08/23 22:57:34 | 000,314,880 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009/08/23 22:53:17 | 000,000,108 | ---- | C] () -- C:\Windows\LETSDRAW.INI
[2009/08/23 22:51:57 | 000,000,109 | ---- | C] () -- C:\Windows\TOONWORX.INI
[2009/08/18 18:03:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/18 18:03:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/07 21:30:52 | 000,047,104 | ---- | C] () -- C:\Windows\System32\Wh2Robo.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 20:30:27 | 001,015,808 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009/07/28 20:30:27 | 000,220,160 | ---- | C] () -- C:\Windows\System32\WnASPI32.dll
[2009/07/28 20:30:27 | 000,172,032 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/07/28 20:30:27 | 000,061,440 | ---- | C] () -- C:\Windows\System32\libfaac.dll
[2009/07/28 20:30:27 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2009/07/28 20:30:27 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DGRip.dll
[2009/07/28 20:30:27 | 000,036,352 | ---- | C] () -- C:\Windows\System32\MP2enc.dll
[2009/07/16 22:08:16 | 000,032,768 | ---- | C] () -- C:\Users\audstune\AppData\Roaming\SharedSettings.ccs
[2009/07/16 22:08:01 | 000,000,168 | ---- | C] () -- C:\Windows\System32\xpysys.dll
[2009/07/15 08:08:56 | 000,007,592 | ---- | C] () -- C:\Users\audstune\AppData\Local\d3d9caps.dat
[2009/07/05 22:23:36 | 000,096,256 | ---- | C] () -- C:\Users\audstune\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 20:13:04 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/05/15 12:43:28 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/04/26 22:07:27 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\E9F27C3760.sys
[2009/04/26 22:07:26 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/04/25 23:05:44 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/26 00:58:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/25 12:20:04 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/25 12:20:02 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/09/07 04:13:16 | 000,001,806 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/09/07 03:38:34 | 000,107,359 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/11/14 19:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007/06/05 16:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,263,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,642,906 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,120,064 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/02/23 17:37:18 | 000,047,104 | ---- | C] () -- C:\Windows\System32\dsfFLACEncoder.dll
[2006/02/23 16:37:06 | 000,047,616 | ---- | C] () -- C:\Windows\System32\dsfVorbisDecoder.dll
[2006/02/23 16:36:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dsfOggDemux2.dll
[2006/02/23 16:35:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfOGMDecoder.dll
[2006/02/23 16:35:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfNativeFLACSource.dll
[2006/02/23 16:35:40 | 000,049,664 | ---- | C] () -- C:\Windows\System32\dsfFLACDecoder.dll
[2006/02/23 16:34:58 | 000,083,456 | ---- | C] () -- C:\Windows\System32\libFLAC++.dll
[2006/02/23 16:34:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\libFishSound.dll
[2006/02/23 16:34:38 | 000,029,696 | ---- | C] () -- C:\Windows\System32\libOOOggSeek.dll
[2006/02/23 16:34:26 | 001,163,264 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2006/02/23 16:34:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\libOOogg.dll
[2006/02/23 16:33:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\libFLAC.dll

========== Files - Unicode (All) ==========
[2009/09/02 09:29:43 | 000,000,000 | ---D | M](C:\Windows\System32\?I???I?I?I?I?I?I) -- C:\Windows\System32\Ĩ䘺睗ĨĨĨĨĨĨ
[2009/09/02 09:29:43 | 000,000,000 | ---D | C](C:\Windows\System32\?I???I?I?I?I?I?I) -- C:\Windows\System32\Ĩ䘺睗ĨĨĨĨĨĨ

========== Alternate Data Streams ==========

@Alternate Data Stream - 961 bytes -> C:\Users\audstune\Documents\Special Savings Coupon from The Tree!.eml:OECustomProperty
@Alternate Data Stream - 881 bytes -> C:\Users\audstune\Documents\When Metaphors Attack! (Latest Oped).eml:OECustomProperty
@Alternate Data Stream - 836 bytes -> C:\ProgramData\Temp:35E5AF34
@Alternate Data Stream - 264 bytes -> C:\ProgramData\Temp:890CC2F3
@Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:0CFE8F97
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:8CE646EE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0A8E2C33

< End of report >

OTL Extras logfile created on: 9/10/2011 9:43:55 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\My Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 52.28% Memory free
6.19 Gb Paging File | 4.69 Gb Available in Paging File | 75.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.32 Gb Total Space | 61.65 Gb Free Space | 21.31% Space Free | Partition Type: NTFS
Drive D: | 8.77 Gb Total Space | 1.57 Gb Free Space | 17.92% Space Free | Partition Type: NTFS

Computer Name: HISWORLD2 | User Name: audstune | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- C:\Program Files\JGsoft\EditPadLite\EditPadLite7.exe (Just Great Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0744DBC4-DE0D-4EB5-88E1-5FAEC53406A1}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{0B8C999E-FAFE-4342-B0E6-5182B4AD1E1D}" = lport=86 | protocol=6 | dir=in | name=broadcam video streaming server web server |
"{1E39BCEC-30EB-4215-BAFC-27376FF61365}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{2C2CAE35-3621-4348-B92A-B79FC3B7D170}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{38A36062-22F0-4E78-974A-7FC276088D45}" = rport=137 | protocol=17 | dir=out | app=system |
"{420FBF3D-0421-4949-8DB7-B9C50DE5889B}" = lport=137 | protocol=17 | dir=in | app=system |
"{4775F3F7-E55C-4397-B62F-90C05631C130}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{6C28BC8C-CD4A-458D-90E8-2972B7B88A21}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{6F45DC21-0FDC-44DA-BA3A-1248A89ED403}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{7DA88C5C-CDF9-4C99-BD4F-48BDEB76EDAF}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{8D432550-6CC7-43CC-B2F3-CB58F11E346D}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{8FB826F3-999E-4F5E-AF08-121B362D0056}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |
"{96E42A93-2505-47D1-9980-CBDA3DD93A39}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9B57C845-9A64-4BB9-AF50-A7F743AB6170}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9C4F1E5A-5053-4A1A-848D-93F04C0311CA}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2F69805-F2A2-4885-B656-586164CCF98D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A3825233-09B2-48A1-A800-0A33001FBA2B}" = rport=138 | protocol=17 | dir=out | app=system |
"{A5C51EA4-7AD7-4D4C-9F0C-8DA97CA43AD9}" = lport=445 | protocol=6 | dir=in | app=system |
"{BFAC44D4-5723-4C4E-A278-0B46BB5A2304}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{CC8D4E25-A4B7-4C1D-871C-99D23D0E0740}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{E0C840AA-689E-4A1F-B1AE-CCAAA6D687E4}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{E221AD8C-435A-446B-BCC8-19FF73660681}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{ED5ACDF9-CDC8-4A4A-A81E-7105C83002A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{EEB8061B-69C6-4780-BD79-C61E64FA3161}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{EF727619-D8C3-443D-AE15-EE8A42DC9AED}" = lport=139 | protocol=6 | dir=in | app=system |
"{F3B3AFC0-094C-401A-BBF7-9F2A753C5225}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019D8E28-9CEC-4330-A55A-1EC778837D12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0359F3D5-52D3-4D14-A770-9B6CD2DC50FD}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{0415FDF8-ECE3-4D0B-9426-A112BB522E91}" = protocol=6 | dir=in | app=c:\password keeper\passwordkeeper.exe |
"{0A7EC7B8-18DC-4C1D-97DE-9408549868E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BEB8AE4-F8D8-41EA-B546-EBB9EFB20523}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{0DDC4D6C-96BB-4F43-BA72-1B7344F99352}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{102CED7D-70B5-42EB-9825-D827C6540367}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11717B1E-9450-49F8-9ADC-E0EBA4660BA7}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{122027A8-0F8A-4137-B241-7578333134C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13DED996-A6B2-401E-9203-4061221B7B7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1505E2DD-A692-4C49-BB6D-C525B21B612F}" = protocol=6 | dir=in | app=c:\users\audstune\appdata\local\temp\7zs90ca.tmp\symnrt.exe |
"{199F93CE-2188-4D03-B7E4-7E4501409FED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B347AE9-E29F-4EF0-B8A7-0D7A79C3BEF8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{235B1275-55B4-4907-8BCF-1563B52D67EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{247A44EF-FBB0-4F7F-A349-9F9C9EA324B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A348943-0B5A-4D84-925D-541DEA844B9F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{32A14BF5-CF01-4DF0-929A-D96466CA6846}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{354CADF6-B1EF-4E70-9837-8E80ECE3E616}" = protocol=17 | dir=in | app=c:\program files\addthis toolbar\toolbarupdate.exe |
"{358563D2-8D28-47D0-AFE7-C52A23105BCA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36E50804-3765-49FD-AF88-C2BF0E528861}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{37CDD452-25B4-41D3-BE57-75FC0FEDB82A}" = protocol=17 | dir=in | app=c:\program files\premieropinion\pmropn.exe |
"{389B718C-FB68-47B0-B1ED-86B9125403A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A7305D8-59A8-47BB-BBDD-4B0F54B9F27C}" = protocol=6 | dir=in | app=c:\program files\addthis toolbar\toolbarupdate.exe |
"{3E9756DD-1EC9-47C9-9003-98482FCE9B5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40F5E7BC-E987-4920-B75D-138B2BF6AEDB}" = protocol=58 | dir=in | [email protected],-28545 |
"{420172DF-AAA2-4CA3-BCA9-2879CD1D25CC}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{420FD868-52DF-4E5F-AC9E-C7CC695E488F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4214D2A4-0C33-4FCD-BC1E-B69742617FF0}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{4484A955-F7E4-4F2F-940B-0D4F97F1F44A}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{4B16908A-34DE-47E6-8469-452FEE440A57}" = protocol=17 | dir=in | app=c:\program files\replay av 8\replayav.exe |
"{504BB3A3-2E86-4E82-9D03-9A8B6FCC91EE}" = protocol=17 | dir=in | app=c:\program files\addthis toolbar\troubleshooter.exe |
"{50776535-0D02-42B8-AEB5-9200865B5132}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52912038-67DA-4CB1-B7CF-E4104BB3BDC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5332BE33-952C-4319-BCB2-6083E81FB693}" = protocol=58 | dir=out | [email protected],-28546 |
"{5403D039-AA49-4B3A-884D-0E5333F16683}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{540C4C86-091E-4DC2-A361-85BF2D6122E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54D1F26E-C84F-4BFA-B692-667ADA3B2EF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57EAD01A-DD3D-4E8D-821F-8C034A42DD4D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A26EC19-7C3C-41D4-B7E0-B33EC01163DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F3DD73A-1A71-43B2-8154-FE9B1AAFD5F1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{604EA769-55CF-4A9F-9DE2-F409C9FFFD84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{606244B9-1D83-4984-982A-3B547993E3C0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{622E2289-AF86-4DA3-BE8C-AFAA898F3C42}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |
"{629F1A6C-0A99-459B-AF6A-FFFD6C6BC59A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6621A1E0-8487-4545-BF17-1D75C61460F0}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{663AADF0-6453-497F-BF16-D1F663D4C1D5}" = protocol=17 | dir=in | app=c:\program files\replay converter 3\replayconverter.exe |
"{69358B41-843A-4651-839D-90FC0E738416}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B44C88C-43AF-4364-84DE-F26CF7071A5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DA44CF7-BC9E-4B6E-B936-5FBD68B805B3}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{71E1C14A-7CAA-492D-926C-995E94CF14E2}" = protocol=6 | dir=in | app=c:\users\audstune\appdata\local\temp\~os5908.tmp\pmropn.exe |
"{7462A1C3-76A8-4C20-AB96-81C6E4546360}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B20A103-1D94-454C-9A91-03D2F49B55F3}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{7FD0D155-8E0F-4549-BAC0-C9756F3AF82C}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{81CFEB91-3B25-405F-B1D6-28D06B5A3B96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81E850E6-78E6-4AF8-9C4E-6B6D6B52D3E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83133844-7358-4934-8FE8-08EA4F84A1B6}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{84A91593-B946-4F12-A489-4EC840E6BDDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{86C26262-BF99-41A6-8484-8F314418AA8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8969F7A6-ADC2-47BA-988B-3CF595FEFAE7}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8AEEBE44-F1FB-4134-83A2-F2AA87865F6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DD2EBBE-DA28-4248-A8B4-0159C16BBEFD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8DF70A49-ACAB-491D-A272-E84BB4ECB1B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94B41223-2326-4E86-A001-AD20C66434B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FE00137-00FB-4E17-B7F3-8514076220F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0294DEB-AD46-4E17-9EBC-58957DFE4D8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A4F95534-99CE-4CBC-A2BC-B6B4C671F8FA}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |
"{A50B31AD-DCEF-4BAC-86EB-BE958E2C180B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9A97FD2-C86D-4095-AD84-12E3A2E58C6E}" = protocol=6 | dir=in | app=c:\program files\premieropinion\pmropn.exe |
"{AB44472F-FC62-4904-B7F1-3920374374EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB9BC0C5-2C64-4D6A-A4DE-2CFAB93FAE1D}" = protocol=17 | dir=in | app=c:\users\audstune\appdata\local\temp\7zs90ca.tmp\symnrt.exe |
"{AEAFA3C2-3ABE-4289-ADA6-9F09473B91E3}" = protocol=6 | dir=in | app=c:\program files\addthis toolbar\troubleshooter.exe |
"{AF3C0872-22E0-4D79-82B2-71F10137DFF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8DD7105-C711-459B-A899-542CA6FE53B8}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{BB6DF8B4-5D4A-4E85-9D2F-E3E357DD12F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC424796-6554-4DB1-846A-79CD8715548D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC5F4A9B-DA75-4A1A-A256-E09DCED6FBD6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C08B8A1C-C047-4F9A-B584-802824FFA6FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1A23F1F-A5BB-42D5-929D-0ABAE323A4AB}" = protocol=1 | dir=out | [email protected],-28544 |
"{CC86D0D9-8082-4EC6-ADB8-6B5031E24793}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{CF0D5848-01BA-413C-8598-32CAB6EB58CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF735FC7-69B0-4F14-8125-1C59FC52E53F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5C43497-3436-44F4-B5D7-77EC99011BEA}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{D64FAC80-7BB7-4C4A-B31A-1A479AACB6A1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{DBD23115-43F3-455A-A9A1-ECD597A0E6B9}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E150002B-670C-4BD9-AB38-30493A8C1073}" = protocol=6 | dir=in | app=c:\program files\replay av 8\replayav.exe |
"{E2A32BF7-770E-425E-A41E-0F0F5AB99400}" = protocol=1 | dir=in | [email protected],-28543 |
"{E327DD77-B114-4DFB-94F6-06FB1FB5896A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8787A6A-C666-45FF-A4BC-89381EB95A4E}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{EBAAF83D-3B3E-4A97-BA03-84D910636277}" = protocol=6 | dir=in | app=c:\program files\replay converter 3\replayconverter.exe |
"{ED54EC39-B822-44BE-A4D5-F1DCAC7428BF}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{F3D6C34E-72C1-45B4-B8A6-061717DC6F6E}" = protocol=17 | dir=in | app=c:\password keeper\passwordkeeper.exe |
"{F4C81460-381C-4D10-8EC4-428142814420}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{F8451843-6D1C-4F46-AAB7-3BE8097E0B92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC64C761-CD1C-4F84-8C7B-AD7C2833CF79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD7F2B16-F52B-4988-8C91-0B3FEEBA1CFE}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{FE932929-0ACA-4FE6-91C9-6CAA87638E06}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"TCP Query User{1EDF5A45-68E7-4D4B-836B-CB6A9B261BB1}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{3C79E932-EFCD-40C9-A2A8-ADD5EAFA0A05}C:\windows\lmi80b.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi80b.tmp\lmi_rescue.exe |
"TCP Query User{4B0278CF-D856-42C3-AB54-073A76B592BE}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{7116541F-2976-4DC6-BA17-3836073E153E}C:\program files\3m\pdnotes\pdnotes.exe" = protocol=6 | dir=in | app=c:\program files\3m\pdnotes\pdnotes.exe |
"TCP Query User{A12EBAAE-3B12-49D6-A70E-FCD94130432E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{BF9915D4-0287-4205-8CCA-9CE11A6AC91C}C:\program files\hewlett-packard\media\tv\hptv.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\media\tv\hptv.exe |
"TCP Query User{C415E420-B88F-4517-88E6-BFE3733C5805}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CB0FB1FA-E7A0-4C78-AFCB-08D5DC631F3A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{CC3EBCF8-829C-4C04-A150-CAC2E5B730B9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{CECBD9BF-C039-4A11-B23A-39DEC3A702E7}C:\program files\worship kitchen\worshipkitchen.exe" = protocol=6 | dir=in | app=c:\program files\worship kitchen\worshipkitchen.exe |
"TCP Query User{CF135313-C092-4032-A91A-D53EF37DA91E}C:\program files\3m\pdnotes\pdnotes.exe" = protocol=6 | dir=in | app=c:\program files\3m\pdnotes\pdnotes.exe |
"TCP Query User{DD5EF834-2FEE-4772-8F45-CCB484F1D0B8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E0FE1480-6680-4EDA-8BDE-817D8D5AD1B4}C:\program files\worship kitchen\worshipkitchen.exe" = protocol=6 | dir=in | app=c:\program files\worship kitchen\worshipkitchen.exe |
"UDP Query User{1DAD4623-AB7B-40D2-803F-A55FF0D2F381}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1FE416E8-7AAC-40EC-B18F-FD8813BC415F}C:\program files\hewlett-packard\media\tv\hptv.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\media\tv\hptv.exe |
"UDP Query User{20FF610C-3CE1-4606-88B7-F171DAB6A057}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{3E8E5B74-8DFC-47A1-9E55-1622804D69E0}C:\windows\lmi80b.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi80b.tmp\lmi_rescue.exe |
"UDP Query User{465EC7A9-E8E6-48C1-88C5-D6DCD802C045}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{5FC5578C-1463-4221-98A2-3CE99145DB1B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{83FFA57B-DF9E-45B4-8507-3A9EBEDA0159}C:\program files\3m\pdnotes\pdnotes.exe" = protocol=17 | dir=in | app=c:\program files\3m\pdnotes\pdnotes.exe |
"UDP Query User{965A320B-17E8-4C26-A76F-62358B94AE8B}C:\program files\worship kitchen\worshipkitchen.exe" = protocol=17 | dir=in | app=c:\program files\worship kitchen\worshipkitchen.exe |
"UDP Query User{A8D7A007-EF8D-4A1C-85B5-27DA178B3EF6}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{D148251F-244D-4A0B-B585-0D8FB3046155}C:\program files\3m\pdnotes\pdnotes.exe" = protocol=17 | dir=in | app=c:\program files\3m\pdnotes\pdnotes.exe |
"UDP Query User{DAD2F1A3-F9B8-43BF-9F4A-BD1BB2E1A49F}C:\program files\worship kitchen\worshipkitchen.exe" = protocol=17 | dir=in | app=c:\program files\worship kitchen\worshipkitchen.exe |
"UDP Query User{E3845148-AA53-4EEA-9C48-F530FFE326D3}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{F4689885-A9C1-460D-A249-9DD33EAE4D23}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"_{9C9078D1-FA30-4E1B-A194-983A4898F848}" = Corel KPT Collection
"_{A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0}" = Corel Painter Essentials 4
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000 SR-1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{004C349C-DC75-4F6F-9B8D-61E37DC323B6}" = Magic Bullet PhotoLooks for PaintShop Photo Pro
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02F953C2-1934-4D5B-A464-BDA1E883894A}" = Serif PopArtPlus 1.0
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{077A8CAB-8B4D-4A15-93CF-FA0F8EFA5F0C}" = Tunebite
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0CD8A170-E470-11DB-3D6C-00D529464AE1}" = Notation Musician 2.6.3
"{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 27
"{28D948F7-60B6-4D10-97C4-498E2C5AE399}" = Serif MoviePlus 1.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3315B802-84C6-47BC-907A-9B77A4646197}_is1" = SWF to AVI 1.7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3A516DED-E5BA-4241-B2F4-99D035E081DE}" = MySecurityVault
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DAAFD82-7FB5-4793-A733-127D628C1D13}" = HP MediaSmart SmartMenu
"{4044436C-3A01-4ECA-8FC9-AC8F3F838EDC}" = Audials TV
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{447E3935-A085-42D4-0001-8BE5E4034B40}" = freeTunes 3.0
"{4498655A-94A6-4F12-929B-D8D6DCA5E0AF}" = Xara Dreamweaver Extension 1.03
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{4F949C30-F3C8-459C-8126-0D174746EF9B}" = Xara FrontPage Add-in 1.01
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{580EC579-E476-469F-9EBF-F82D696FC67A}" = iClone v2.5 Standard
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5926ED96-D094-467B-B302-0D1B17DCE852}" = Xara Menu Maker 1.1
"{5B049B61-0684-460E-A5F2-5EC314590344}" = Mavis Beacon Teaches Typing 18
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5F081A89-4CBD-4ACA-9456-7AE7A4BF0830}" = Serif MoviePlus 5 Resources
"{5FA08EAD-6532-4609-9E78-DBBEBE9AE6D2}" = Visual Site Designer
"{620797B0-A022-4B57-A95E-DD7DD0342009}" = MyPasswordGenerator
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CF2918-A98E-478B-9CC4-E07BF6C05AD3}" = Audials
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78728272-F480-4899-BBCB-776207C77D89}" = Serif MoviePlus 5
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{912A246B-B238-43BD-9A57-3F7FA0E00F45}" = Xara Web Designer 7 Premium
"{95549A84-FFED-4901-A796-CD163FC65C80}" = Ringtone Media Studio
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{998AD896-5B25-466D-8D56-CC0CC9228A68}" = Adobe Audition 2.0 Loopology Content
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049CF2-6702-4657-9BB6-CD1F6F0052F6}" = Mobile Studio
"{9C9078D1-FA30-4E1B-A194-983A4898F848}" = Corel KPT Collection
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D34DBEF-C329-426E-B07E-2C772F8463D9}" = Web Image Studio
"{A044C900-5DE1-4986-B0B8-D6A40271A929}" = Sound Effects
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A31B2635-E654-4DA5-838D-7324881F7D60}" = HP User Guides 0116
"{A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0}" = Corel Painter Essentials 4
"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}" = SPIF225 USB to SATA Bridge 98 Driver Installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B77E6613-61BE-4468-9FEC-53B498607105}" = Serif MediaPlus 1.0
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
"{CD0BE4EF-6BF6-466C-9CDE-C50E45D6317B}" = Xara X1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D534BE1A-D519-4F56-9306-0DECFF9F9E5D}" = muvee autoProducer 6.1
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D5B1535A-FDFC-4B40-B2E2-21DA83D9CB57}" = Adobe Audition CS5.5
"{D65302DD-91D3-4162-B9D5-E43FAB7BD1AB}_is1" = Smart SWF Converter 2.1 Trial
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D865F5F2-3C79-4C3C-888A-485AF486E782}" = DigitalPersona Personal 3.1.0
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FEF62C22-8E04-47FD-9C98-FF55E6B0A5A1}" = ShakespeareReaderInstaller
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"AddThis Toolbar" = AddThis Toolbar
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.0 Professional
"Adobe Acrobat 8 Professional_830" = Adobe Acrobat 8.3.0 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Audition 2.0" = Adobe Audition 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Advanced WMA Workshop_is1" = Advanced WMA Workshop version 2.03b
"AIM_6" = AIM 6
"AIMCustomEmoticons" = AIMCustomEmoticons
"Akamai" = Akamai NetSession Interface
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Applian Director2.0" = Applian Director
"ARLHM2000" = American Reference Library 2000 Uninstall
"Atlantis" = Atlantis (remove only)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3 Plugin
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BEIKS English Dictionary and Thesaurus for BlackBerry" = BEIKS English Dictionary and Thesaurus for BlackBerry
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Blow Up" = Alien Skin Blow Up
"BroadCam" = BroadCam Video Streaming Server
"Buddy Icon Maker 1.0.0.1" = Buddy Icon Maker 1.0.0.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CodeLifter 5.0" = CodeLifter 5.0
"CoffeeCup Flash FireStarter" = CoffeeCup Flash FireStarter
"CoffeeCup Flash Menu Builder" = CoffeeCup Flash Menu Builder
"CoffeeCup Live Chat" = CoffeeCup Live Chat
"CoffeeCup Password Wizard" = CoffeeCup Password Wizard
"CoffeeCup Shopping Cart Creator 3.5.2338" = CoffeeCup Shopping Cart Creator
"CoffeeCup Web JukeBox" = CoffeeCup Web JukeBox
"CoffeeCup Web JukeBox - Registered" = CoffeeCup Web JukeBox - Registered
"Color Schemer Studio_is1" = Color Schemer Studio
"Color Schemer v3_is1" = Color Schemer v3
"Colorizer 1.0.0.1" = Colorizer 1.0.0.1
"DBXTriever_is1" = DBXTriever 4.1
"Debut" = Debut Video Capture Software
"Digital Ear7" = Digital Ear
"DVD-CLONER V_is1" = DVD-CLONER V5.10 Build 967
"E.M. Magic Swf2Avi_is1" = E.M. Magic Swf2Avi V6.6.9.1102
"EditPad Lite" = Just Great Software EditPad Lite 7.0.4
"EmailOpenViewPro_is1" = EmailOpenViewPro 3.8.4
"eSnips_Downloader" = eSnips Downloader
"Exposure" = Alien Skin Exposure
"EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact
"EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"facemoods" = facemoods
"FeedForAll v2.0" = FeedForAll v2.0
"Flash Menu Factory1.0 DEMO Version" = Flash Menu Factory
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 5.10
"Flashation Menu Builder_is1" = Flashation Menu Builder
"FlashLynx" = FlashLynx Video Download Software
"F-Manager" = Fiesta Download Manager
"FTGimp_is1" = FlamingText Gimp 2.0
"GearDrivers" = GearDrivers
"GetSmile0903_is1" = GetSmile v1.952
"Glitterizer_is1" = Glitterizer 1.0
"GlitterText Maker_is1" = GlitterText Maker 1.0
"Guitar Guru Supplemental Guitar_is1" = Guitar Guru Supplemental Guitar Skins
"Harry's Filters_is1" = Harry's Filters 3.01
"Hit'n'Mix Play" = Hit'n'Mix Play
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"IcoFX_is1" = IcoFX 1.6.4
"ieSpell" = ieSpell
"Image Doctor" = Alien Skin Image Doctor 1.0
"ImageElements Motivational Poster Maker" = ImageElements Motivational Poster Maker
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{004C349C-DC75-4F6F-9B8D-61E37DC323B6}" = Magic Bullet PhotoLooks for PaintShop Photo Pro
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Jenkat Games Arcade" = Jenkat Games Arcade
"Kolbo Alert 4.0" = Kolbo Alert 4.0
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LameACM" = LameACM
"Launchy_21344213_is1" = Launchy 2.1.2
"Letsdraw" = Let's DRAW v1.1
"LogoDesignSuite" = LogoDesignSuite
"Magic Vines" = Magic Vines (remove only)
"MAGIX_MSI_Xara_Web_Designer_7_Premium" = Xara Web Designer 7 Premium
"Microangelo 5.0" = Microangelo 5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Morpheus Photo Morpher_is1" = Morpheus Photo Morpher v3.16
"Mosaic Creator_is1" = Mosaic Creator 3.1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSN Music Assistant" = MSN Music Assistant
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"MyWebSearch bar Uninstall" = My Web Search (Webfetti)
"NAV" = Norton AntiVirus
"NVIDIA Drivers" = NVIDIA Drivers
"Pacman" = Pacman (remove only)
"Paint Shop Pro 6" = Paint Shop Pro 6.01 CD
"Pamela" = Pamela Pro 4.7
"Password Keeper" = Password Keeper
"Pen Tablet Driver" = Pen Tablet
"Plugin Commander Light_is1" = Plugin Commander Light 1.60
"Plugin Galaxy Demo_is1" = Plugin Galaxy 2.0 Demo
"Poster Forge" = Poster Forge 1.02
"Prism" = Prism Video Converter
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"Radio365 2.1" = Radio365 2.1
"Replay Converter 3" = Replay Converter 3
"Replay Converter 4" = Replay Converter 4
"Replay_AV_807" = Replay AV 8
"Replay_Media_Splitter_1.2" = WM Splitter 1.7.1004
"ResumeMaker Deluxe" = ResumeMaker Deluxe
"Rhymesaurus FREE Edition_is1" = Rhymesaurus FREE Edition (2.0.0.0)
"SaverGen Demo V1.3_is1" = SaverGen Demo V1.3
"Screen Saver Studio Deluxe" = Screen Saver Studio Deluxe
"Search Toolbar" = Search Toolbar
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SmileyFeelingsInserter" = SmileyFeelingsInserter
"Snap Art" = Alien Skin Snap Art
"Soft-Search Toolbar" = Soft-Search Toolbar
"Solero Music Viewer_is1" = Solero Music Viewer 8.0.32.2
"ST5UNST #1" = The Holy Bible KJV Ver.7.3
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"SWiSH Max2" = SWiSH Max2
"SWiSH Max3" = SWiSH Max3
"SWiSH Max4" = SWiSH Max4
"SWiSH v2.0" = SWiSH v2.0
"SWiSH v2.01" = SWiSH v2.01
"SWiSH Video3" = SWiSH Video3
"SWiSHmax" = SWiSHmax
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Logo Creator v4" = The Logo Creator v4
"The Logo Creator v5" = The Logo Creator v5
"The Logo Creator v5.2" = The Logo Creator v5.2
"ToolBox" = NCH Toolbox
"Toonworks" = Toonworks v1.31
"TuneUpMedic" = TuneUpMedic
"Tweak Manager_is1" = Tweak Manager 2.1
"Ultra Wave To Text_is1" = Ultra Wave To Text 2.0
"VideoPad" = VideoPad Video Editor
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Plastic Surgery Software - VPSS_is1" = Virtual Plastic Surgery Software - VPSS v1.0
"VLC media player" = VLC media player 1.1.11
"vReveal" = vReveal
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"Web Calendar" = Web Calendar
"WebDesigner" = Microsoft Expression Web
"WIDI Recognition System Standard 4.03" = WIDI Recognition System Standard 4.03 (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinPcapInst" = WinPcap 4.1.2
"WM Capture" = WM Capture
"WM Recorder" = WM Recorder
"Xenofex2" = Alien Skin Xenofex 2.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Smilebox" = Smilebox
"WeatherEye" = WeatherEye

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2010 8:20:47 AM | Computer Name = HisWorld2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25845060

Error - 11/22/2010 8:20:49 AM | Computer Name = HisWorld2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2010 8:20:49 AM | Computer Name = HisWorld2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25846651

Error - 11/22/2010 8:20:49 AM | Computer Name = HisWorld2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25846651

Error - 11/22/2010 8:20:50 AM | Computer Name = HisWorld2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2010 8:20:50 AM | Computer Name = HisWorld2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25847759

Error - 11/22/2010 8:20:50 AM | Computer Name = HisWorld2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25847759

Error - 11/22/2010 8:20:51 AM | Computer Name = HisWorld2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2010 8:20:51 AM | Computer Name = HisWorld2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25848757

Error - 11/22/2010 8:20:51 AM | Computer Name = HisWorld2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25848757

[ DigitalPersona Pro Events ]
Error - 3/26/2009 11:28:25 AM | Computer Name = HisWorld2 | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 3/26/2009 11:28:30 AM | Computer Name = HisWorld2 | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 3/26/2009 11:28:42 AM | Computer Name = HisWorld2 | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ Media Center Events ]
Error - 5/19/2009 3:33:14 PM | Computer Name = HisWorld2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 11:46:15 AM | Computer Name = HisWorld2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 8/28/2011 12:11:20 PM | Computer Name = HisWorld2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1337
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/8/2011 9:19:14 PM | Computer Name = HisWorld2 | Source = BROWSER | ID = 8032
Description =

Error - 9/8/2011 9:29:58 PM | Computer Name = HisWorld2 | Source = bowser | ID = 8003
Description =

Error - 9/9/2011 8:27:42 AM | Computer Name = HisWorld2 | Source = Service Control Manager | ID = 7011
Description =

Error - 9/9/2011 8:28:12 AM | Computer Name = HisWorld2 | Source = Service Control Manager | ID = 7011
Description =

Error - 9/9/2011 8:31:02 AM | Computer Name = HisWorld2 | Source = Service Control Manager | ID = 7000
Description =

Error - 9/9/2011 8:31:02 AM | Computer Name = HisWorld2 | Source = Service Control Manager | ID = 7026
Description =

Error - 9/9/2011 3:11:13 PM | Computer Name = HisWorld2 | Source = Service Control Manager | ID = 7030
Description =

Error - 9/10/2011 7:33:15 AM | Computer Name = HisWorld2 | Source = DCOM | ID = 10010
Description =

Error - 9/10/2011 7:35:56 AM | Computer Name = HisWorld2 | Source = Service Control Manager | ID = 7000
Description =

Error - 9/10/2011 7:35:56 AM | Computer Name = HisWorld2 | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Here are the logs...and thank you in advance! :)

Attached Files


  • 0

#6
Render
Posted 10 September 2011 - 09:38 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please proceed with these steps:

Step 1

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step 2

Rootkit Unhooker:
  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

When completed the above, please post back the following in the order asked for:
  • MBRCheck log
  • Rootkit Unhooker log

  • 0

#7
audstune
Posted 10 September 2011 - 02:04 PM

audstune

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here they are...

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x90804000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7548928 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 176.22 )
0x93808000 C:\Windows\system32\DRIVERS\NETw5v32.sys 6041600 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x8221E000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8221E000 PnpManager 3907584 bytes
0x8221E000 RAW 3907584 bytes
0x8221E000 WMIxWDM 3907584 bytes
0xA4630000 Win32k 2113536 bytes
0xA4630000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF200000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110910.002\NAVEX15.SYS 1572864 bytes (Symantec Corporation, AV Engine)
0x8B403000 C:\Windows\system32\drivers\ql2300.sys 1277952 bytes (QLogic Corporation, QLogic Fibre Channel Stor Miniport Driver)
0x8BC08000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8B805000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8BA04000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x806DA000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB960C000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8BB09000 C:\Windows\System32\Drivers\dump_iaStor.sys 843776 bytes
0x8AEAB000 C:\Windows\system32\DRIVERS\iaStor.sys 843776 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x996F4000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110901.001\BHDrvx86.sys 831488 bytes (Symantec Corporation, BASH Driver)
0x8B6A2000 C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS 765952 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x8B310000 C:\Windows\system32\drivers\megasr.sys 749568 bytes (LSI Corporation, Inc., LSI MegaRAID Software RAID Driver)
0xAAA2F000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8AE0A000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x90F37000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B20E000 C:\Windows\system32\drivers\elxstor.sys 606208 bytes (Emulex, Storport Miniport Driver for LightPulse HBAs)
0x92A00000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xB9721000 C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect)
0x8B762000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8AC0B000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x80610000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAAB36000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8B015000 C:\Windows\system32\drivers\adp94xx.sys 434176 bytes (Adaptec, Inc., Adaptec Windows SAS/SATA Storport Driver)
0x96AF2000 C:\Windows\system32\DRIVERS\stwrt.sys 421888 bytes (IDT, Inc., IDT PC Audio)
0x99661000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x99603000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110909.030\IDSvix86.sys 385024 bytes (Symantec Corporation, IDS Core Driver)
0x98C08000 C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0x8B63B000 C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store)
0x8B53B000 C:\Windows\system32\drivers\ql40xx.sys 348160 bytes (QLogic Corporation, QLogic iSCSI Storport Miniport Driver)
0xAEABC000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0xA4870000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8B07F000 C:\Windows\system32\drivers\adpahci.sys 311296 bytes (Adaptec, Inc., Adaptec Windows SATA Storport Driver)
0x8AD5E000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x98C9B000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8AC8A000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80699000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8AFB9000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8B976000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x98D7B000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B172000 C:\Windows\system32\drivers\uliahci.sys 245760 bytes (ULi Electronics Inc., ULi SATA Controller Driver)
0x8B93B000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x92AD0000 C:\Windows\system32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xAEA43000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8BD20000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x96A9C000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x825D8000 ACPI_HAL 208896 bytes
0x825D8000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8B609000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x98CE3000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x92B7B000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x92BC1000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B1AE000 C:\Windows\system32\drivers\ulsata2.sys 180224 bytes (Promise Technology, Inc., Promise SATAII150 Series Windows Drivers)
0x8B910000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B9B4000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAAAEF000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xAEA94000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8BD85000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8ACE1000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B10C000 C:\Windows\system32\drivers\adpu320.sys 155648 bytes (Adaptec, Inc., Adaptec StorPort Ultra320 SCSI Driver)
0x8B0E6000 C:\Windows\system32\drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x98C61000 C:\Windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0x8BBD7000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x98D4C000 C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)
0x96A03000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x93DCB000 C:\Windows\system32\DRIVERS\Rtlh86.sys 139264 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0xB9700000 C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl 135168 bytes (Cyberlink Corp., -)
0x807D5000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAEA03000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8B5D4000 C:\Windows\system32\drivers\ulsata.sys 135168 bytes (Promise Technology, Inc., Promise Ultra/Sata Series Driver for Win2003)
0x98DC5000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x96B9E000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8B1DA000 C:\Windows\system32\drivers\vsmraid.sys 135168 bytes (VIA Technologies Inc.,Ltd, VIA RAID DRIVER FOR AMD-X86-64)
0xAEA24000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8AF81000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x996BF000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xAABA3000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8AD17000 C:\Windows\system32\drivers\mpio.sys 114688 bytes (Microsoft Corporation, MultiPath Support Bus-Driver)
0x8B0CB000 C:\Windows\system32\drivers\adpu160m.sys 110592 bytes (Adaptec, Inc., Adaptec LH Ultra160 Driver (x86))
0x8BAEE000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xAAA0C000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x807BA000 C:\Windows\system32\drivers\nvraid.sys 110592 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x8B2D4000 C:\Windows\system32\drivers\lsi_fc.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT FC Driver (StorPort))
0x8AF9F000 C:\Windows\system32\drivers\lsi_scsi.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT SCSI Driver (StorPort))
0x8ADE3000 C:\Windows\system32\drivers\msdsm.sys 106496 bytes (Microsoft Corporation, Microsoft Device Specific Module)
0xAABC0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x92B2E000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x92B16000 C:\Windows\system32\DRIVERS\enecir.sys 98304 bytes (ENE TECHNOLOGY INC., ENE CIR Driver for eHome)
0x8B2EE000 C:\Windows\system32\drivers\lsi_sas.sys 98304 bytes (LSI Logic, LSI Logic Fusion-MPT SAS Driver (StorPort))
0xAEA7C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x996DD000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x92A9B000 C:\Windows\system32\DRIVERS\jmcr.sys 94208 bytes (JMicron Technology Corporation, JMicron JMB38X Flash Media Controller Driver)
0x8B7D3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x997BF000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8B146000 C:\Windows\system32\drivers\arc.sys 90112 bytes (Adaptec, Inc., Adaptec RAID Storport Driver)
0x8B15C000 C:\Windows\system32\drivers\arcsas.sys 90112 bytes (Adaptec, Inc., Adaptec SAS RAID WS03 Driver)
0xBF3A5000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x98D15000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8B7EA000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAABD9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x96A49000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8BD61000 C:\Windows\system32\drivers\sbp2port.sys 86016 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0x8B59D000 C:\Windows\system32\drivers\sisraid4.sys 86016 bytes (Silicon Integrated Systems, SiS AHCI Stor-Miniport Driver)
0x8B132000 C:\Windows\system32\drivers\djsvs.sys 81920 bytes (Adaptec, Inc., Adaptec Ultra SCSI miniport)
0xBF380000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110910.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x96A35000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x98C87000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x92AB2000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xAAB23000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x98D39000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8BDB5000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x96AE1000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80680000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8B692000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x92B64000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8B2AC000 C:\Windows\system32\drivers\iirsp.sys 65536 bytes (Intel Corp./ICP vortex GmbH, Intel/ICP Raid Storport Driver)
0xAAADF000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8ADD3000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x93DED000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x96A65000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8BDF0000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8AD08000 C:\Windows\system32\drivers\isapnp.sys 61440 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0x98DF0000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8BD76000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8AD33000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x96A26000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x90FEE000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8AD4F000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x92A8D000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xA48C0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x96A77000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x98D2B000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8B3D2000 C:\Windows\system32\drivers\nfrd960.sys 57344 bytes (IBM Corporation, IBM ServeRAID Controller Driver)
0x96BDA000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x96B59000 C:\Windows\system32\drivers\nvhda32v.sys 57344 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)
0x8ADAF000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8AC7C000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x997EC000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8B9DE000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8B3E0000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8B590000 C:\Windows\system32\drivers\sisraid2.sys 53248 bytes (Microsoft Corporation, SiS RAID Stor Miniport Driver)
0x96A8F000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x997DF000 C:\Windows\system32\drivers\vfs101x.sys 53248 bytes (Validity Sensors, Inc., Validity Fingerprint Scanner USB Driver)
0x92B55000 C:\Windows\system32\DRIVERS\Accelerometer.sys 49152 bytes (Hewlett-Packard Company, HP Accelerometer)
0x8B2BC000 C:\Windows\system32\drivers\iteatapi.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8211 ATA/ATAPI SCSI miniport)
0x8B2C8000 C:\Windows\system32\drivers\iteraid.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8212 ATA RAID SCSI miniport)
0x8B5B2000 C:\Windows\system32\drivers\symc8xx.sys 49152 bytes (LSI Logic, LSI Logic 8XX SCSI Miniport Driver)
0x92BB5000 C:\Windows\system32\drivers\tbhsd.sys 49152 bytes (RapidSolution Software AG, Tunebite High-Speed Dubbing)
0xB96F4000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x96B92000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x90FD7000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0xBF394000 C:\Users\audstune\AppData\Local\Temp\aswMBR.sys 45056 bytes
0x96B67000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8B00A000 C:\Windows\system32\drivers\hpcisss.sys 45056 bytes (Hewlett-Packard Company, Smart Array Storport Driver)
0x92AC5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x92B0B000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8B3C7000 C:\Windows\system32\drivers\mraid35x.sys 45056 bytes (LSI Logic Corporation, MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86)
0x96BCF000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B9EB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x98D70000 C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0x8B5BE000 C:\Windows\system32\drivers\sym_hi.sys 45056 bytes (LSI Logic, LSI Logic Hi-Perf SCSI Miniport Driver)
0x8B5C9000 C:\Windows\system32\drivers\sym_u3.sys 45056 bytes (LSI Logic, LSI Logic Ultra160 SCSI Miniport Driver)
0x92BAA000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8BDDC000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90FE3000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8AD45000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x98DE6000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B2A2000 C:\Windows\system32\drivers\i2omp.sys 40960 bytes (Microsoft Corporation, I2O Miniport Driver)
0x8B306000 C:\Windows\system32\drivers\megasas.sys 40960 bytes (LSI Corporation, MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86)
0x8AE00000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x96A85000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAAB19000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x98DB7000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xB96EA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xBF3BB000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8BDC6000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x96B7B000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x997D6000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8BDAC000 C:\Windows\system32\DRIVERS\hpdskflt.sys 36864 bytes (Hewlett-Packard Company, HP Disk Filter - SATA/RAID)
0x96B72000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x96BE8000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA4850000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8BDE7000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x92B4C000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8ACD0000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8AF79000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80691000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8ADCB000 C:\Windows\system32\drivers\cmdide.sys 32768 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0x96AD1000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8ACD9000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x96BBF000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x96BC7000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x92BEE000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8BD59000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAAA27000 C:\Windows\system32\DRIVERS\tifsfilt.sys 32768 bytes (Acronis, Acronis True Image File System Filter)
0x807F6000 C:\Windows\system32\drivers\viaide.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0x96AD9000 C:\Windows\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0x8BD18000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0x8ADBD000 C:\Windows\system32\drivers\aliide.sys 28672 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0x8ADC4000 C:\Windows\system32\drivers\amdide.sys 28672 bytes (Microsoft Corporation, AMD IDE Driver)
0x96B8B000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x92B74000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8ADA8000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80609000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAEB23000 C:\Windows\system32\drivers\npf.sys 28672 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0x96B84000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8AC00000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x96A5E000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x92B46000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x93800000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0x8B75D000 C:\Windows\System32\Drivers\PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x98DC1000 C:\Windows\system32\ckldrv.sys 16384 bytes
0x8BC00000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8AD42000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x93DFD000 C:\Windows\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0x92B61000 C:\Windows\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)
0xBF3A1000 C:\Windows\system32\drivers\MSPCLOCK.sys 8192 bytes (Microsoft Corporation, MS Proxy Clock)
0xBF39F000 C:\Windows\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0x96A75000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x93805000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP HDX 18 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 222):
0x8221E000 \SystemRoot\system32\ntkrnlpa.exe
0x825D8000 \SystemRoot\system32\hal.dll
0x80609000 \SystemRoot\system32\kdcom.dll
0x80610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80680000 \SystemRoot\system32\PSHED.dll
0x80691000 \SystemRoot\system32\BOOTVID.dll
0x80699000 \SystemRoot\system32\CLFS.SYS
0x806DA000 \SystemRoot\system32\CI.dll
0x8AC0B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AC7C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AC8A000 \SystemRoot\system32\drivers\acpi.sys
0x8ACD0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8ACD9000 \SystemRoot\system32\drivers\msisadrv.sys
0x8ACE1000 \SystemRoot\system32\drivers\pci.sys
0x8AD08000 \SystemRoot\system32\drivers\isapnp.sys
0x8AD17000 \SystemRoot\system32\drivers\mpio.sys
0x8AD33000 \SystemRoot\System32\drivers\partmgr.sys
0x8AD42000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AD45000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AD4F000 \SystemRoot\system32\drivers\volmgr.sys
0x8AD5E000 \SystemRoot\System32\drivers\volmgrx.sys
0x8ADA8000 \SystemRoot\system32\drivers\intelide.sys
0x8ADAF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8ADBD000 \SystemRoot\system32\drivers\aliide.sys
0x8ADC4000 \SystemRoot\system32\drivers\amdide.sys
0x8ADCB000 \SystemRoot\system32\drivers\cmdide.sys
0x8ADD3000 \SystemRoot\System32\drivers\mountmgr.sys
0x8ADE3000 \SystemRoot\system32\drivers\msdsm.sys
0x807BA000 \SystemRoot\system32\drivers\nvraid.sys
0x807D5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AC00000 \SystemRoot\system32\drivers\pciide.sys
0x807F6000 \SystemRoot\system32\drivers\viaide.sys
0x8AE0A000 \SystemRoot\system32\drivers\iastorv.sys
0x8AEAB000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8AF79000 \SystemRoot\system32\drivers\atapi.sys
0x8AF81000 \SystemRoot\system32\drivers\ataport.SYS
0x8AF9F000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x8AFB9000 \SystemRoot\system32\drivers\storport.sys
0x8AE00000 \SystemRoot\system32\drivers\msahci.sys
0x8B00A000 \SystemRoot\system32\drivers\hpcisss.sys
0x8B015000 \SystemRoot\system32\drivers\adp94xx.sys
0x8B07F000 \SystemRoot\system32\drivers\adpahci.sys
0x8B0CB000 \SystemRoot\system32\drivers\adpu160m.sys
0x8B0E6000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8B10C000 \SystemRoot\system32\drivers\adpu320.sys
0x8B132000 \SystemRoot\system32\drivers\djsvs.sys
0x8B146000 \SystemRoot\system32\drivers\arc.sys
0x8B15C000 \SystemRoot\system32\drivers\arcsas.sys
0x8B20E000 \SystemRoot\system32\drivers\elxstor.sys
0x8B2A2000 \SystemRoot\system32\drivers\i2omp.sys
0x8B2AC000 \SystemRoot\system32\drivers\iirsp.sys
0x8B2BC000 \SystemRoot\system32\drivers\iteatapi.sys
0x8B2C8000 \SystemRoot\system32\drivers\iteraid.sys
0x8B2D4000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8B2EE000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8B306000 \SystemRoot\system32\drivers\megasas.sys
0x8B310000 \SystemRoot\system32\drivers\megasr.sys
0x8B3C7000 \SystemRoot\system32\drivers\mraid35x.sys
0x8B3D2000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B3E0000 \SystemRoot\system32\drivers\nvstor.sys
0x8B403000 \SystemRoot\system32\drivers\ql2300.sys
0x8B53B000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B590000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B59D000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B5B2000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B5BE000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B5C9000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B172000 \SystemRoot\system32\drivers\uliahci.sys
0x8B5D4000 \SystemRoot\system32\drivers\ulsata.sys
0x8B1AE000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B1DA000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B609000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B63B000 \SystemRoot\system32\drivers\NAV\1206000.01D\SYMDS.SYS
0x8B692000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B6A2000 \SystemRoot\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
0x8B75D000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B762000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B805000 \SystemRoot\system32\drivers\ndis.sys
0x8B910000 \SystemRoot\system32\drivers\msrpc.sys
0x8B93B000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA04000 \SystemRoot\System32\drivers\tcpip.sys
0x8BAEE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BC08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD18000 \SystemRoot\system32\drivers\wd.sys
0x8BD20000 \SystemRoot\system32\drivers\volsnap.sys
0x8BD59000 \SystemRoot\System32\Drivers\spldr.sys
0x8BD61000 \SystemRoot\system32\drivers\sbp2port.sys
0x8BD76000 \SystemRoot\System32\Drivers\mup.sys
0x8BD85000 \SystemRoot\System32\drivers\ecache.sys
0x8BDAC000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8BDB5000 \SystemRoot\system32\drivers\disk.sys
0x8BDC6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BDDC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BDE7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BDF0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90804000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90F37000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90FD7000 \SystemRoot\System32\drivers\watchdog.sys
0x90FE3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B976000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90FEE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92A00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x93808000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x93DCB000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x93DED000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x92A8D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x92A9B000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x92AB2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x93800000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x92AC5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x92AD0000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x93805000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92B0B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92B16000 \SystemRoot\system32\DRIVERS\enecir.sys
0x93DFD000 \SystemRoot\system32\drivers\pfc.sys
0x92B2E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x92B46000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x92B4C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x92B55000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x92B61000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x92B64000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92B74000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92B7B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x92BAA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x92BB5000 \SystemRoot\system32\drivers\tbhsd.sys
0x92BC1000 \SystemRoot\system32\drivers\portcls.sys
0x8BBD7000 \SystemRoot\system32\drivers\drmk.sys
0x8B9B4000 \SystemRoot\system32\drivers\ks.sys
0x92BEE000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8B9DE000 \SystemRoot\system32\drivers\modem.sys
0x8B7D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B9EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x96A03000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x96A26000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x96A35000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x96A49000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x96A5E000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x96A65000 \SystemRoot\system32\DRIVERS\termdd.sys
0x96A75000 \SystemRoot\system32\DRIVERS\swenum.sys
0x96A77000 \SystemRoot\system32\DRIVERS\circlass.sys
0x96A85000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x96A8F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x96A9C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x96AD1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x96AD9000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x96AE1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x96AF2000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x96B59000 \SystemRoot\system32\drivers\nvhda32v.sys
0x96B67000 \SystemRoot\system32\DRIVERS\hidir.sys
0x96B72000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x96B7B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x96B84000 \SystemRoot\System32\Drivers\Null.SYS
0x96B8B000 \SystemRoot\System32\Drivers\Beep.SYS
0x96B92000 \SystemRoot\System32\drivers\vga.sys
0x96B9E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x96BBF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x96BC7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x96BCF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x96BDA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x96BE8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B7EA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x98C08000 \SystemRoot\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS
0x98C61000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x98C87000 \SystemRoot\system32\DRIVERS\smb.sys
0x98C9B000 \SystemRoot\system32\drivers\afd.sys
0x98CE3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x98D15000 \SystemRoot\system32\DRIVERS\pacer.sys
0x98D2B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x98D39000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x98D4C000 \SystemRoot\system32\drivers\NAV\1206000.01D\Ironx86.SYS
0x98D70000 \SystemRoot\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
0x98D7B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x98DB7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x98DC1000 \SystemRoot\system32\ckldrv.sys
0x99603000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110909.030\IDSvix86.sys
0x99661000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x996BF000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x996DD000 \SystemRoot\System32\Drivers\dfsc.sys
0x996F4000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110901.001\BHDrvx86.sys
0x997BF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x997D6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x997DF000 \SystemRoot\system32\drivers\vfs101x.sys
0x98DC5000 \SystemRoot\System32\Drivers\usbvideo.sys
0x997EC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BB09000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xA4630000 \SystemRoot\System32\win32k.sys
0x98DE6000 \SystemRoot\System32\drivers\Dxapi.sys
0x98DF0000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA4850000 \SystemRoot\System32\TSDDD.dll
0xA4870000 \SystemRoot\System32\ATMFD.DLL
0xA48C0000 \SystemRoot\System32\cdd.dll
0xAAA0C000 \SystemRoot\system32\drivers\luafv.sys
0xAAA27000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xAAA2F000 \SystemRoot\system32\drivers\spsys.sys
0xAAADF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAAAEF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAAB19000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAAB23000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAB36000 \SystemRoot\system32\drivers\HTTP.sys
0xAABA3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAABC0000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAABD9000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAEA03000 \SystemRoot\system32\drivers\mrxdav.sys
0xAEA24000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAEA43000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAEA7C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAEA94000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAEABC000 \SystemRoot\System32\DRIVERS\srv.sys
0xAEB23000 \SystemRoot\system32\drivers\npf.sys
0xB960C000 \SystemRoot\system32\drivers\peauth.sys
0xB96EA000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB96F4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB9700000 \??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
0xB9721000 \SystemRoot\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
0xBF3A5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xBF394000 \??\C:\Users\audstune\AppData\Local\Temp\aswMBR.sys
0xBF39F000 \SystemRoot\system32\drivers\MSPQM.sys
0xBF3A1000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0xBF200000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110910.002\NAVEX15.SYS
0xBF380000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110910.002\NAVENG.SYS
0x77470000 \WINDOWS\System32\ntdll.dll

Processes (total 101):
0 System Idle Process
4 System
488 C:\WINDOWS\System32\smss.exe
620 csrss.exe
672 C:\WINDOWS\System32\wininit.exe
684 csrss.exe
716 C:\WINDOWS\System32\services.exe
728 C:\WINDOWS\System32\lsass.exe
736 C:\WINDOWS\System32\lsm.exe
888 C:\WINDOWS\System32\svchost.exe
932 C:\WINDOWS\System32\nvvsvc.exe
960 C:\WINDOWS\System32\svchost.exe
1052 C:\WINDOWS\System32\svchost.exe
1080 C:\WINDOWS\System32\svchost.exe
1092 C:\WINDOWS\System32\svchost.exe
1136 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
1204 C:\WINDOWS\System32\winlogon.exe
1300 C:\WINDOWS\System32\audiodg.exe
1324 C:\WINDOWS\System32\svchost.exe
1360 C:\WINDOWS\System32\SLsvc.exe
1392 C:\WINDOWS\System32\svchost.exe
1468 C:\WINDOWS\System32\hpservice.exe
1508 C:\WINDOWS\System32\vfsFPService.exe
1560 C:\WINDOWS\System32\svchost.exe
1888 C:\WINDOWS\System32\rundll32.exe
1904 C:\WINDOWS\System32\wisptis.exe
1912 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1988 C:\WINDOWS\System32\spoolsv.exe
324 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1028 C:\WINDOWS\System32\svchost.exe
2104 C:\WINDOWS\System32\taskeng.exe
2320 C:\WINDOWS\System32\wisptis.exe
2328 C:\WINDOWS\System32\taskeng.exe
2352 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2400 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe
2436 C:\WINDOWS\System32\svchost.exe
2460 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2560 C:\WINDOWS\System32\dwm.exe
2576 C:\WINDOWS\explorer.exe
2800 C:\Program Files\Bonjour\mDNSResponder.exe
2816 C:\WINDOWS\System32\Crypserv.exe
2896 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2952 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSSVC.EXE
3036 C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
3136 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3144 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3156 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
3184 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3204 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
3248 C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
3424 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3436 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3444 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
3532 C:\WINDOWS\System32\svchost.exe
3632 C:\WINDOWS\System32\PSIService.exe
3696 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
3728 C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
3748 C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
3760 C:\WINDOWS\SMINST\BLService.exe
3776 C:\Program Files\WhiteCanyon\MySecurityVault\MySecurityVault_TrayIcon.exe
3808 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
3864 C:\WINDOWS\System32\svchost.exe
4064 C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
4080 C:\WINDOWS\System32\Pen_Tablet.exe
2372 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2360 C:\WINDOWS\System32\svchost.exe
588 C:\WINDOWS\System32\SearchIndexer.exe
2836 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2872 C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
1728 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
1952 WmiPrvSE.exe
1032 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2340 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
828 dllhost.exe
4128 C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
4152 C:\Program Files\IDT\WDM\sttray.exe
4184 C:\WINDOWS\System32\rundll32.exe
4204 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4216 C:\WINDOWS\ehome\ehtray.exe
4276 C:\Users\audstune\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
4284 C:\Program Files\Windows Media Player\wmpnscfg.exe
4308 C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
4316 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4408 C:\Program Files\Kolbo Alert\alert.exe
4468 C:\WINDOWS\ehome\ehmsas.exe
4904 C:\WINDOWS\System32\wbem\unsecapp.exe
5168 C:\Program Files\Windows Media Player\wmpnetwk.exe
5556 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5588 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
3476 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
3276 C:\WINDOWS\System32\svchost.exe
4660 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5808 C:\WINDOWS\System32\wuauclt.exe
5308 C:\Program Files\JGsoft\EditPadLite\EditPadLite7.exe
3676 C:\Program Files\Skype\Phone\Skype.exe
5716 C:\Program Files\WMR14\wmrecorder.exe
3164 C:\Program Files\WMR14\wrestore.exe
2216 C:\Program Files\WMR14\rmrp.exe
14160 C:\Program Files\Mozilla Firefox\firefox.exe
13176 C:\Program Files\Mozilla Firefox\plugin-container.exe
13924 C:\My Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`54600000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40F

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Attached Files


  • 0

#8
Render
Posted 10 September 2011 - 04:02 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download AVPTool from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#9
Render
Posted 29 September 2011 - 02:10 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP