Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have been infected with the 007Gaurd


  • Please log in to reply

#1
maverick1965

maverick1965

    Member

  • Member
  • PipPip
  • 14 posts
All I no is there is about 20 tcp connection using my network and slowing down my internet to the point of frustration beyond control.

I would really appreciate if someone could help me with this. I work from my PC 12 hours a day and now I can't get anything done.


Kind Regards,

Gary M. Morton
LD Multimedia & Entertainment Group
Revolutionary Films - CEO/Owner
602-487-0373
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 1

#3
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron,



Thanks for your help! Sorry it took me about 25 minutes to do this logged on. Here you go...OTL logfile created on: 9/26/2011 6:31:33 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\GaryMaverickMorton\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 63.35% Memory free
6.48 Gb Paging File | 5.07 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): c:\pagefile.sys 3317 4975 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.54 Gb Total Space | 173.42 Gb Free Space | 24.83% Space Free | Partition Type: NTFS
Drive E: | 7.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAVERICK1965 | User Name: GaryMaverickMorton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/26 18:30:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\GaryMaverickMorton\Desktop\OTL.com
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/26 13:51:42 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10u_ActiveX.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/07 06:08:32 | 000,644,104 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/22 02:05:22 | 000,110,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2010/08/11 20:54:48 | 001,405,584 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2010/08/10 13:59:58 | 001,885,040 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2010/08/10 13:59:44 | 000,042,400 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2010/08/10 13:57:26 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2009/03/05 06:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2010/08/10 13:55:24 | 000,184,016 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\framework.dll
MOD - [2010/08/10 13:54:40 | 000,108,320 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\connector.dll
MOD - [2010/07/23 10:00:26 | 000,189,184 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\txmlutil.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (ArchVision Content Manager Service)
SRV - [2011/09/20 14:13:54 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/01 15:24:18 | 000,002,560 | ---- | M] () [Disabled | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2010/09/22 02:05:22 | 000,110,752 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®
SRV - [2010/08/10 13:59:58 | 001,885,040 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2010/08/10 13:59:44 | 000,042,400 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Disabled | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/07/23 09:51:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010/05/16 09:17:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/02/10 10:35:44 | 000,728,064 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV - [2010/12/07 06:08:18 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV - [2010/11/20 05:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 16:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2010/09/01 20:38:08 | 000,067,152 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2010/07/27 12:50:00 | 000,253,072 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
DRV - [2010/07/09 15:08:14 | 000,327,368 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/06/28 12:55:42 | 000,970,320 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010/06/28 12:55:36 | 000,633,424 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010/06/18 19:11:42 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2010/06/18 16:11:44 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010/05/13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)
DRV - [2010/03/26 01:15:50 | 000,221,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel®
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\System32\drivers\bdvedisk.sys -- (Bdvedisk)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/03/12 10:00:00 | 000,286,208 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WMP54Gv41x86.sys -- (rt61x86)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2010/09/01 20:45:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2010/09/01 20:45:32 | 000,000,000 | ---D | M]


========== Chrome ==========


O1 HOSTS File: ([2011/09/25 10:04:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Administrator\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C296E83C-51BF-41E0-A915-912E08E4266C} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} file:///D:/Templates/faked.org/index.htm (Reg Error: Value error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2498A412-18BC-45D9-890E-A1B6C650953D}: DhcpNameServer = 68.105.28.11 68.105.29.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/25 04:01:01 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/16 00:40:46 | 000,000,062 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{65b0dc2b-110c-11e0-958f-0024e81bbb8c}\Shell - "" = AutoRun
O33 - MountPoints2\{65b0dc2b-110c-11e0-958f-0024e81bbb8c}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{bcaea5af-2bd7-11e0-9597-0024e81bbb8c}\Shell - "" = AutoRun
O33 - MountPoints2\{bcaea5af-2bd7-11e0-9597-0024e81bbb8c}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{f4589f6c-6b97-11e0-87d5-0024e81bbb8c}\Shell - "" = AutoRun
O33 - MountPoints2\{f4589f6c-6b97-11e0-87d5-0024e81bbb8c}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative32)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/26 18:30:25 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\GaryMaverickMorton\Desktop\OTL.com
[2011/09/25 14:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
[2011/09/25 14:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/09/25 14:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/09/25 14:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\vshare.tv_Bar
[2011/09/25 14:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011/09/25 10:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/25 10:05:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/25 10:05:25 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\AppData\Local\temp
[2011/09/25 10:03:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/25 09:56:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/25 09:56:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/25 09:56:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/25 09:56:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/25 09:56:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/25 06:50:12 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\Documents\Visual Studio 2005
[2011/09/25 06:41:21 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\Documents\LD Video
[2011/09/25 03:43:29 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\AppData\Roaming\Systweak
[2011/09/25 03:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2011/09/25 03:41:16 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Users\GaryMaverickMorton\Desktop\cnet_antispyware_exe.exe
[2011/09/20 14:14:11 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\MMData
[2011/09/20 14:13:59 | 000,000,000 | ---D | C] -- C:\EP
[2011/09/20 14:13:53 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2011/09/20 14:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Magic
[2011/09/20 14:12:58 | 000,000,000 | -H-D | C] -- C:\Users\GaryMaverickMorton\InstallAnywhere
[2011/09/20 09:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Magic Scheduling
[2011/09/20 09:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Magic Budgeting
[2011/09/20 09:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Planet
[2011/09/19 08:12:54 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\AppData\Local\{0DA3C7FE-62C0-4E20-A3C3-8D908453968F}
[2011/09/19 08:12:42 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\AppData\Local\{58950ED7-FCFA-4588-AEC4-8439FD3BCD57}
[2011/09/19 01:02:09 | 000,728,064 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\rtl8192cu.sys
[2011/09/09 03:28:35 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\AppData\Roaming\vlc
[2011/09/09 01:16:33 | 000,000,000 | ---D | C] -- C:\Graboid
[2011/09/09 01:15:56 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\AppData\Local\Graboid_Inc
[2011/09/09 01:15:56 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\AppData\Local\Graboid
[2011/09/09 01:15:54 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\AppData\Local\Geckofx
[2011/09/09 01:15:53 | 000,000,000 | ---D | C] -- C:\Users\GaryMaverickMorton\AppData\Roaming\Mozilla
[2011/09/08 21:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video
[2011/09/08 21:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2011/09/08 07:40:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/08 07:40:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/08 07:40:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/09/07 09:57:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/26 18:30:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\GaryMaverickMorton\Desktop\OTL.com
[2011/09/26 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/09/26 16:17:25 | 000,007,662 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\Resmon.ResmonCfg
[2011/09/26 16:16:43 | 000,020,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 16:16:43 | 000,020,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 16:14:03 | 000,647,666 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/26 16:14:03 | 000,112,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/26 16:09:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/26 16:08:58 | 2608,730,112 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/25 15:21:08 | 000,000,865 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/09/25 10:04:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/25 09:01:37 | 254,770,366 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/25 05:29:02 | 000,000,020 | ---- | M] () -- C:\Windows\¸ø€
[2011/09/25 05:09:35 | 000,000,057 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/09/25 05:09:00 | 003,781,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/25 03:41:16 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Users\GaryMaverickMorton\Desktop\cnet_antispyware_exe.exe
[2011/09/25 01:24:05 | 000,000,989 | ---- | M] () -- C:\Users\GaryMaverickMorton\Desktop\Search Everything.lnk
[2011/09/24 23:57:11 | 000,437,764 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110925-033139.backup
[2011/09/24 08:17:00 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B12A55F1-040C-42AF-B3FF-473A5B347260}
[2011/09/23 10:29:37 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DA02F5CB-6654-4ABC-892C-354CD732B348}
[2011/09/23 09:30:05 | 000,025,936 | ---- | M] () -- C:\Users\GaryMaverickMorton\Desktop\1303675743834.jpg
[2011/09/20 10:13:38 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C3635FED-B38F-4AEA-A373-7B9AF65F96F9}
[2011/09/20 10:11:39 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DAD9C0A0-BC2A-4CD7-B16D-C473F132F9BE}
[2011/09/19 08:17:00 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{F9C17696-588D-4F8A-8E78-E87D9581BDE2}
[2011/09/19 01:07:35 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{4EF00D96-6E39-4E94-BEA1-3FE41D463F1A}
[2011/09/19 01:05:41 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{6B9132AD-E262-4765-95C9-21C90A2690A1}
[2011/09/19 01:01:53 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{A0B6A87E-A7B4-4B9C-841C-624110860094}
[2011/09/19 00:59:56 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D557DEE1-16B4-4145-B880-97EB1AB3F1E6}
[2011/09/18 23:39:36 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{5C285AA8-74CA-4B57-BD9B-04F2645F203C}
[2011/09/18 23:37:42 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{9EA8A6CF-E5E2-45F8-B036-1E15D47554F6}
[2011/09/17 08:17:00 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{337004A4-1FF5-495D-A97E-3A69EF993B18}
[2011/09/15 08:17:00 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{073051B1-BEE2-4A6E-9F37-A8188BEF4DB5}
[2011/09/14 08:17:00 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{AEA6F29A-9DD9-4CE1-AD9D-536FE24B81A5}
[2011/09/13 19:45:54 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DB864EAD-57CA-4B69-ACB7-804B463E2F80}
[2011/09/13 19:44:11 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{89CBB7E6-6662-447A-A470-DC2F7CE23948}
[2011/09/13 08:17:00 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{635C14AB-F976-4734-A480-04307FABCC76}
[2011/09/12 08:17:00 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{6B3B2D7D-E0D1-49C7-A606-941EBFB174C0}
[2011/09/09 08:17:00 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{409696D7-FE77-45D8-9D38-B9DE59A18317}
[2011/09/09 08:05:00 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{41D2C107-67F9-45DE-B337-01A1DC6D23DB}
[2011/09/08 08:05:00 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{96535798-5288-47FD-9A3A-213C9BE0873A}
[2011/09/08 06:39:46 | 000,000,000 | ---- | M] () -- C:\Users\GaryMaverickMorton\AppData\Local\{A11A846C-E362-4094-9303-FFDAA7B657A0}
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/25 09:56:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/25 09:56:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/25 09:56:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/25 09:56:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/25 09:56:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/25 05:29:02 | 000,000,020 | ---- | C] () -- C:\Windows\¸ø€
[2011/09/25 01:24:05 | 000,000,989 | ---- | C] () -- C:\Users\GaryMaverickMorton\Desktop\Search Everything.lnk
[2011/09/24 08:17:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B12A55F1-040C-42AF-B3FF-473A5B347260}
[2011/09/23 10:29:37 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DA02F5CB-6654-4ABC-892C-354CD732B348}
[2011/09/23 09:30:00 | 000,025,936 | ---- | C] () -- C:\Users\GaryMaverickMorton\Desktop\1303675743834.jpg
[2011/09/20 10:13:37 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C3635FED-B38F-4AEA-A373-7B9AF65F96F9}
[2011/09/20 10:11:37 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DAD9C0A0-BC2A-4CD7-B16D-C473F132F9BE}
[2011/09/20 09:43:37 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2011/09/19 08:17:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{F9C17696-588D-4F8A-8E78-E87D9581BDE2}
[2011/09/19 01:07:35 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{4EF00D96-6E39-4E94-BEA1-3FE41D463F1A}
[2011/09/19 01:05:39 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{6B9132AD-E262-4765-95C9-21C90A2690A1}
[2011/09/19 01:01:51 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{A0B6A87E-A7B4-4B9C-841C-624110860094}
[2011/09/19 00:59:55 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D557DEE1-16B4-4145-B880-97EB1AB3F1E6}
[2011/09/18 23:39:36 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{5C285AA8-74CA-4B57-BD9B-04F2645F203C}
[2011/09/18 23:37:42 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{9EA8A6CF-E5E2-45F8-B036-1E15D47554F6}
[2011/09/17 08:17:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{337004A4-1FF5-495D-A97E-3A69EF993B18}
[2011/09/15 08:17:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{073051B1-BEE2-4A6E-9F37-A8188BEF4DB5}
[2011/09/14 08:17:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{AEA6F29A-9DD9-4CE1-AD9D-536FE24B81A5}
[2011/09/13 19:45:54 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DB864EAD-57CA-4B69-ACB7-804B463E2F80}
[2011/09/13 19:44:11 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{89CBB7E6-6662-447A-A470-DC2F7CE23948}
[2011/09/13 08:17:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{635C14AB-F976-4734-A480-04307FABCC76}
[2011/09/12 08:17:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{6B3B2D7D-E0D1-49C7-A606-941EBFB174C0}
[2011/09/09 08:17:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{409696D7-FE77-45D8-9D38-B9DE59A18317}
[2011/09/09 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{41D2C107-67F9-45DE-B337-01A1DC6D23DB}
[2011/09/08 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{96535798-5288-47FD-9A3A-213C9BE0873A}
[2011/09/08 06:39:46 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{A11A846C-E362-4094-9303-FFDAA7B657A0}
[2011/08/23 16:11:23 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{3445E8B7-5B83-483C-916E-B95F06D9F32B}
[2011/08/23 16:10:40 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{BC127361-21E9-4B6C-B583-55BCA0CEAAC3}
[2011/08/23 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{BD1D61FB-B935-412D-86E0-815A417D7FF5}
[2011/08/23 03:36:27 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{9716632E-4D83-4579-AB5D-FA31BEE826D0}
[2011/08/23 03:35:09 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{25EA27F8-5EF6-4A62-83C9-7984934A5A3B}
[2011/08/22 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{EDC38F80-CD7D-4B08-9D32-B2A94FF43334}
[2011/08/22 06:54:35 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{EC86D2C8-58B4-46EE-95E7-083D28E9D817}
[2011/08/22 06:53:36 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D9C4BA28-3D12-4558-8D47-F02FE180F629}
[2011/08/21 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{CB6859A7-01D3-4BD7-820A-0949FADCB033}
[2011/08/21 06:55:14 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{4974722D-8E95-498A-BE05-4730C1665BEB}
[2011/08/21 06:54:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{40E4C5C4-550C-4D8A-A3A8-0BD9FB8C8F75}
[2011/08/20 21:06:35 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{4A28684B-ABAE-4336-A4B7-BA694A2207CD}
[2011/08/20 21:05:52 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{33322E3F-4577-4996-AAD1-9800F093A51D}
[2011/08/20 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{70BB5DE0-02B5-4A0C-A01D-24DE27D7427F}
[2011/08/19 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{96667CC2-48B1-41B5-8A56-26E063008114}
[2011/08/18 15:25:58 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{8177DCDA-5338-46F7-9E15-225E8921F474}
[2011/08/18 15:24:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{7F95844A-89FE-439C-8EF6-28E10347DD45}
[2011/08/18 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{53592FA6-E7E6-427B-A1BB-2CD3C12DFCA0}
[2011/08/18 07:06:40 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{1E5676A0-9B1A-44D7-9751-84C454EA84CF}
[2011/08/18 06:47:38 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D5DED8D3-080A-4642-8351-C9EC830742AC}
[2011/08/18 06:46:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{08570672-7540-4A57-8CF7-C235623E7086}
[2011/08/17 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{CDFBC3E7-F575-46AF-B78A-0E7C2220BA40}
[2011/08/17 07:58:18 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{60EA018A-BA7A-4678-8538-D406D172817C}
[2011/08/17 07:57:09 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{750EA23F-A6B7-4D01-AE59-25108652BCF4}
[2011/08/16 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{445B83E7-C438-430B-AC6B-1EB0CBA182D7}
[2011/08/15 13:22:29 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{8E0B1BFE-6910-431A-AAC1-6D7382B6EB2A}
[2011/08/15 13:20:40 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{80730A40-98B4-4FCF-A6AC-3AEC3E675568}
[2011/08/15 12:17:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{522027C7-1CB8-4CE1-B281-046639AB0176}
[2011/08/15 12:15:08 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{6B018338-65DB-4ECC-9484-8B6E24BE110A}
[2011/08/13 18:55:57 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C59A77FE-4680-4AF5-90C9-370EC40E23F1}
[2011/08/13 18:54:35 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{0EFDCE8D-D209-42B9-BE37-FD987C7671CF}
[2011/08/13 09:30:35 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DE82067A-637B-4CF6-ACE0-D998E5BA0A36}
[2011/08/13 09:28:55 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{3CA700B5-9469-47F0-AA65-6961EEF21E87}
[2011/08/13 09:04:34 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{831941DB-E67A-4B89-A6A8-43D44280AAA7}
[2011/08/13 09:02:29 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{1791FD85-2F78-4DD8-9C81-ECB47DD5054E}
[2011/08/13 08:53:24 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{0C5232AE-A5C2-4094-AEFB-B124C0CF139F}
[2011/08/13 08:42:26 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{BD4F1FE2-4D29-4B90-888A-A4A319A41584}
[2011/08/13 08:40:35 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{CF3254FF-D704-438F-9167-151566912C5C}
[2011/08/13 08:38:06 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{BF8DF7BB-DFE1-4713-AABC-69A75B672F8D}
[2011/08/13 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{F7B536A1-6D46-479B-AF2A-FE9DAFEE0BC8}
[2011/08/13 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{78DDB9E8-9325-43DD-83D6-8F6D1DE6A290}
[2011/08/13 07:33:12 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{6232D885-E502-48F6-9937-2C30A75C3C2A}
[2011/08/13 07:31:24 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{65601BBC-1C98-423B-A70D-303D81E4B102}
[2011/08/12 10:33:39 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{64B47A24-A2AA-4A40-9A21-37EAC34C38CA}
[2011/08/12 10:32:30 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{CCFE2249-317F-45FD-898F-B0D8474A1ACB}
[2011/08/12 08:05:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{21EDA1D6-95F4-4EB6-8236-2B07B0C97B6D}
[2011/08/12 04:32:57 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B9FDAC83-E0E2-4F47-B004-2A1CD4670CF1}
[2011/08/12 04:31:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{E9F72519-CB68-42FF-A7C2-2DF2D0B42323}
[2011/08/12 02:56:04 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{E6642B9A-7647-482F-855D-865D676F1E28}
[2011/08/12 01:54:55 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{5086778B-435F-4951-80D1-66599E17F7FD}
[2011/08/12 01:53:26 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B7B86D59-9CF4-4E48-951A-D9424E48A4CC}
[2011/08/12 01:17:15 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{23252608-C9B7-4EDE-85D7-7D08DB741D70}
[2011/08/11 15:32:35 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{13ACFFC3-1525-41F2-B971-97E18155A293}
[2011/08/11 08:05:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{0E8926BF-2B3E-4006-AD25-060504FA126E}
[2011/08/10 08:05:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C6C1A36F-2D61-4C22-9E22-2348B0774381}
[2011/08/10 05:32:34 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{7166CB07-9938-4925-AE1D-28F9EB125F55}
[2011/08/10 05:31:17 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{260F7C00-DF84-4F9B-A870-842DDA740C19}
[2011/08/09 22:05:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{7D603408-9315-4C7E-A698-54BA97C980A2}
[2011/08/02 22:05:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D70D8FC0-0F04-42AB-AEEC-10CB5990F7D4}
[2011/08/02 18:00:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{13185558-B68A-4C90-8137-13A142C52688}
[2011/08/01 18:00:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{E5A30024-76F5-4DA1-B066-6693A7416048}
[2011/08/01 00:27:13 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{28AAAE19-DD73-457F-AE76-0AA4E4E9DC42}
[2011/08/01 00:25:31 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{794314E0-2A18-4AA7-B3B3-4D1FD134F970}
[2011/07/31 18:00:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{F45EB9ED-7529-4693-A37C-C865F3619B20}
[2011/07/30 18:00:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{443B8CF6-765F-4ACA-B4FF-D6E5E326DF86}
[2011/07/30 04:23:12 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{FE1CA6B8-B4C8-423E-96D4-0E295C719A50}
[2011/07/30 04:22:42 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{265D9BEF-5E7F-4174-9A19-A39B0511540B}
[2011/07/29 23:25:11 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{E258CB62-E4EB-45F2-93DB-B509358FF0AE}
[2011/07/29 23:23:22 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{BC5E60CF-CAF8-49D1-89D0-EDA2FE6516A3}
[2011/07/29 18:00:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{18E86D0D-A352-48AC-98C4-A71FDACBA19F}
[2011/07/29 11:18:51 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{86FA7D36-947A-4B29-8F8F-EEA20A78A1AC}
[2011/07/29 11:18:50 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{99BFB853-B9E1-4F6A-89C6-722EB14E1A73}
[2011/07/29 09:36:49 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{661B5B44-5654-4C79-9B3F-7515C0EA651C}
[2011/07/29 09:32:42 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{49D36FE7-6F21-47EB-82AD-7C1641B12EE8}
[2011/07/29 09:30:31 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{596ABFA4-7D4E-41D7-9183-CBEE7AA31CFD}
[2011/07/29 08:45:34 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{84306751-D384-40CF-A187-E8EC8179278D}
[2011/07/29 08:40:36 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{6CFD88F4-5CB6-4776-8E2C-52FA74AB8DF8}
[2011/07/29 08:38:31 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D1A7528B-52DB-402A-A453-76B34032393F}
[2011/07/29 08:30:37 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{0AB62E39-C5AC-4F92-8237-7464E1692369}
[2011/07/29 08:28:51 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{48860640-6F38-4459-BB9C-CEC3D612DDA3}
[2011/07/29 05:20:29 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{854F5186-090F-4FB3-9908-69394639C19D}
[2011/07/29 05:15:37 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B74ADB5A-FCBE-4B08-A281-3C7DC47F4FB2}
[2011/07/29 05:13:43 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{AB3809D9-D81C-4BC0-BD71-EA492EAA3BBA}
[2011/07/29 03:36:28 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{89E39753-716E-4148-BAAF-9F29D3B39460}
[2011/07/29 03:30:34 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B1A601CA-B83F-4087-8A74-E570AD7127A7}
[2011/07/29 03:28:36 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{F1FACC08-06E8-4FA3-89DB-1B303A9742F9}
[2011/07/29 02:07:47 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{7C682AF8-B7BA-4ED2-B62A-F8A084DD45A2}
[2011/07/29 02:03:25 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C48CF8A7-8960-45DA-AC58-D51A32BC4BAB}
[2011/07/29 02:01:20 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{51D0C302-80A1-4150-8729-392B33FC8A55}
[2011/07/28 18:00:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{05BA9137-DDE3-4015-8D49-181DB1D2D468}
[2011/07/27 18:00:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D329288E-586B-4B62-84B0-55BD58C15527}
[2011/07/27 02:48:04 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{174146A6-B240-4395-BCEC-DF2D046CA7B3}
[2011/07/27 02:46:06 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{7D3B869A-79D5-4AA4-A690-D4B966FE76D7}
[2011/07/27 02:41:38 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{CF52F3C2-1282-4D5E-9A3E-D5FD38082AF0}
[2011/07/27 02:13:28 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{3D89AA33-9529-4246-BC40-1AEAB615FC0A}
[2011/07/27 02:07:50 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{1EC9ABAC-8943-4B0B-8431-C58D5BF6AB4C}
[2011/07/27 02:05:55 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{56C460C9-9208-4A72-BDDD-A527E29CB821}
[2011/07/26 21:30:03 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{99D94906-8FB1-42EE-8EC6-8BB5C6AC903F}
[2011/07/26 21:24:40 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{A5AF67E7-602C-4EF2-B6B4-912FA6B99F16}
[2011/07/26 21:22:27 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{21C23ABE-A37D-4DCD-8582-0AF0A7221F6C}
[2011/07/26 18:00:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C19B7E67-513D-4EDD-86BF-59A748D1E3BE}
[2011/07/26 14:26:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/26 14:25:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/07 18:00:04 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{CDC47146-DD8D-45AB-9BA7-9AF9009731FA}
[2011/05/06 18:00:02 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{69DD8012-CC46-4650-BC27-AC40DB40C70F}
[2011/05/05 18:00:02 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{3C7A0785-D989-4195-BD3C-B56A9D4C6FC8}
[2011/05/05 17:14:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DA23CA09-F6FE-487E-8381-C2563DD55F26}
[2011/05/04 18:00:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D323FC24-A431-470B-924A-BA68F0A30F36}
[2011/05/04 17:14:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{A6D83942-EC69-4358-88B4-45A9C5396B35}
[2011/05/04 03:21:52 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{FBA13BBA-2167-456C-984A-2E99E4F7B56C}
[2011/05/04 03:20:24 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{8BD50A10-314F-44B5-9C24-7506F390729C}
[2011/05/03 18:00:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{EECD32E6-1221-44DB-A5D2-2960B514D34F}
[2011/05/03 17:14:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{EC7C9045-85DF-49E9-8B53-9E9B37506364}
[2011/05/02 18:00:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D11B2614-B7A5-449D-A055-4D0A102CF91E}
[2011/05/02 17:14:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{943F5F2E-89EA-43D9-94CB-CDB202BDAE76}
[2011/05/01 18:00:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{7C119810-0AAF-4C62-AC8B-00DA3FF408AB}
[2011/05/01 17:14:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{39046FF3-4C4A-4C74-967C-B273CD161FE9}
[2011/04/30 19:38:39 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{97E52365-541A-49BE-9FB7-E155EDF33CDD}
[2011/04/30 19:37:52 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B4E97E4D-8D33-400C-80C0-D68A4D2352A8}
[2011/04/30 18:00:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{8B5A01CF-3464-4FBD-9442-5B6A0CB40854}
[2011/04/30 17:14:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DAED5601-463C-40B2-9305-7D62716554C7}
[2011/04/29 18:00:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D0C08464-32DC-47F4-9C3D-B9FDFE93FCF3}
[2011/04/29 17:14:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{AFED3FBE-B7C6-49E3-B825-33BBE660172F}
[2011/04/28 18:00:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C02E9F3F-9EA9-4C90-852F-201B40BC829A}
[2011/04/28 17:14:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{86390184-E5D9-496A-980B-90E2F94680F0}
[2011/04/27 18:00:00 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{24784D79-A0DC-4254-8B8D-629214CF7C84}
[2011/04/27 17:14:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{5C49D5CF-AE86-473D-BA03-28943C96AF8D}
[2011/04/27 17:14:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{3E23653E-D29E-4A28-B299-5EFDD1961395}
[2011/04/24 15:20:06 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{89433E13-6464-4BC9-BBA4-D7946363D85C}
[2011/04/24 15:18:27 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{5999AA98-00DC-4AD7-BF79-0CCA69233C4C}
[2011/04/19 14:40:25 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{3D7B21C6-DF7F-40D3-91E7-D9E167F9F24B}
[2011/04/16 18:38:44 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{48A27FC4-7E79-4FAB-8B5E-AB5830E3249A}
[2011/04/16 18:37:49 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{60CC143A-0141-4090-AFEE-995DD9D78320}
[2011/04/15 12:57:45 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{196F7CE9-5495-4026-ACE1-BBEE55DA3186}
[2011/04/15 12:56:30 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{0B726737-1D42-47E5-83B4-1C62E042F77B}
[2011/04/14 22:04:15 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{543B08A0-CCBC-4883-B260-42144C5C0C0D}
[2011/04/14 22:02:56 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{1BBBA2A7-0D8E-4011-8F30-8F6CAF8C8F83}
[2011/04/13 16:33:34 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{4C18F098-1E6C-453D-A865-7D80343C4F32}
[2011/04/13 16:31:46 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{9D96702A-B9D4-43E3-8A50-24A34B642B87}
[2011/04/08 18:50:12 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{8BF4BD45-1FA0-469B-B9C4-823E965C8E25}
[2011/04/08 18:48:18 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{EDCDACFD-9F97-49F0-ABC0-5ACC78C13A65}
[2011/04/07 12:45:53 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{A20D3837-F491-473F-9768-238DDD660091}
[2011/04/07 12:16:23 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{3BA648CF-8F11-4B2A-992C-E68A629E3302}
[2011/04/07 12:15:02 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{465923DA-5BC2-4FD7-A924-244500BB9EC8}
[2011/04/07 07:10:16 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{196834AA-11F9-4FC0-B016-285FAD5920F7}
[2011/04/04 18:06:13 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{97384206-038A-45E3-A65C-7A5EC0CBA11A}
[2011/04/04 18:04:23 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{862713BD-64C1-41CB-A6C3-C54C15B8EC17}
[2011/04/04 12:56:23 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{452D0C41-4B9C-410F-B7AB-95808CFAD245}
[2011/04/04 12:54:27 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{9EDD2CD6-305B-4F58-A5E9-685231D23594}
[2011/03/18 00:09:43 | 000,008,955 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Roaming\ECC8.BDB
[2011/02/23 14:35:16 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{52FC6CAA-905C-4F54-81B0-212E2CD04D3A}
[2011/02/23 13:17:27 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{BEE384EA-F046-46CC-AD47-C36C08416DAA}
[2011/02/23 13:12:40 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{14280E45-624E-4FC2-AA38-B43E43C23039}
[2011/02/23 13:11:26 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{E2E93C2C-259D-4CE5-989D-0B415BFCC408}
[2011/02/23 09:24:52 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{9B4F76DF-AEF4-4373-B47B-DFB59088071A}
[2011/02/23 09:23:13 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{3FF0443F-EB6B-432E-A594-430FC2C0A481}
[2011/02/23 09:20:32 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{5AEE4CE2-1E3F-4FC8-A3EF-156DC186D99B}
[2011/02/23 09:18:48 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{2286ADB3-8A63-4A97-8651-89BF4BD5943D}
[2011/02/23 05:45:05 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{ABA0B1C4-2368-4AAA-B103-13DEA0C87F4F}
[2011/02/23 05:43:05 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{BE3CB3C1-FC01-42C3-88B5-53F4749D14BC}
[2011/02/23 05:40:33 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{82ED5686-1C51-409A-BB15-CA9328927918}
[2011/02/23 05:38:36 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{FA2F3B49-BBE3-4DF0-8EE9-A028B7461D73}
[2011/02/22 16:27:06 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B156C3D9-A7A9-4BFC-B023-19C9DE5715B7}
[2011/02/22 16:25:15 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C3554485-3F59-49A8-B224-6EA2366D2B24}
[2011/02/22 16:23:18 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{A9BAE2EF-6811-40D3-81DA-299DE00DB7D5}
[2011/02/22 16:21:23 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D8462CB5-0BC7-4B11-A846-E8F64F2AB280}
[2011/02/22 15:39:21 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B12C2D87-A462-4A85-AA27-CA616D3175F0}
[2011/02/22 15:38:49 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DD5E89D7-64B1-4360-B560-DA567A9FC7EC}
[2011/02/22 15:08:49 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{52EFA0AC-651E-47AA-8F34-C3B6A3C0A05A}
[2011/02/22 15:06:59 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{175C89B1-E7CF-483E-B4C5-E32DCE32750B}
[2011/02/22 13:31:24 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{15709ECB-63A0-4636-97FB-E851B44E44E6}
[2011/02/22 13:29:33 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{8D5A63E6-F28C-43E1-8B27-70DC279B241A}
[2011/02/22 13:25:42 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{630B2C64-C451-4F49-8F0D-89B68197801F}
[2011/02/22 13:24:12 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{8E342581-159D-4703-ADAE-7C8E77DBBC3E}
[2011/02/22 12:29:50 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{4346E49C-ACBC-4432-8E20-1CD8ACB61059}
[2011/02/22 12:27:55 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{10434C04-D76D-431F-80F3-D3298E73BEBE}
[2011/02/22 12:24:37 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/02/22 12:20:15 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{AF74EA15-929B-471E-A3FB-668B00556127}
[2011/02/22 12:18:17 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{60C88C3A-689C-4135-8FBD-2913C962E539}
[2011/02/22 12:06:10 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{4802D2E1-A4B3-4F37-87AD-925328FC619A}
[2011/02/22 12:04:17 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{AD32A618-795F-4EFD-A59F-A32480BADC48}
[2011/02/22 11:59:44 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DD285091-BD3D-4BF8-AADB-E4FF4DC4D3D0}
[2011/02/22 11:57:49 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{F7B3E562-1744-4CEC-9DDB-10EEE041A361}
[2011/02/22 11:35:12 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{CA147D31-87E4-4F6C-9980-0B0C9702B7D7}
[2011/02/22 11:12:23 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{4968FB54-D486-4F5E-8077-5FE42649119C}
[2011/02/22 11:10:31 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{E88F7CD6-D550-4AB7-8842-CD8F9F87B2B7}
[2011/02/22 11:07:35 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{EC678163-48D9-41B8-9CA9-A7D7D0460A89}
[2011/02/22 11:05:39 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{1F110904-5EBD-44BA-8EAE-35075AB886B6}
[2011/02/22 10:38:22 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{759AD783-44BC-43D5-A0DB-E18D01C0F6C3}
[2011/02/22 10:36:31 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B358AC84-FB47-4F0A-B490-4F027EC9BAF9}
[2011/02/22 10:31:34 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B93A85B8-D31F-4626-860D-62062CDF4174}
[2011/02/22 10:31:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{696381C8-68E9-40BD-8847-04D5073AD8CB}
[2011/02/22 09:14:36 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{3C0DF416-1416-417F-955E-6DA0F8FB093E}
[2011/02/22 09:10:15 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{F5E6ED17-842D-47F6-ADA5-0BA28252FB1A}
[2011/02/22 09:08:33 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{FDB53B25-D411-4557-AC8D-ABB57856931F}
[2011/02/22 08:26:32 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{F37FEE96-6269-45BF-ACEB-0F3C368603B0}
[2011/02/22 08:24:39 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{306D8BCC-0674-4A45-BCAB-A1F2920E8A6B}
[2011/02/22 08:21:41 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{24A9D26A-D905-430B-BB1A-DF3F63B674AA}
[2011/02/22 08:19:46 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{94810ABB-78CA-45F8-B1CC-12982277F91B}
[2011/02/22 08:08:38 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DF870690-DB0F-4EEB-B282-670AEF4B9368}
[2011/02/22 08:03:52 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{FF0C2EBF-AE05-4686-AF34-E77AA7A72099}
[2011/02/22 08:01:57 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{ACDE905C-2387-47AA-8887-082CB9FBC479}
[2011/02/22 07:52:21 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{90F804D7-48D4-45F3-9EE9-98650F976062}
[2011/02/22 07:50:26 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{E4FD5D73-4F9F-4FFF-AAF7-507EE5CE5634}
[2011/02/21 00:26:22 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B7752E8B-28D2-4AAA-81E6-C4C49F30A912}
[2011/02/21 00:25:15 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{97C3EA0A-87E1-4DB5-B48C-487864774B8C}
[2011/02/20 11:30:22 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{E36C8F40-6743-4CC7-BDEA-16460A718590}
[2011/02/20 11:28:44 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{97BD2159-28C9-44CE-A5EF-AFD89DA7B843}
[2011/02/19 23:53:21 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{772DDF48-A3C8-488E-84B6-CEA38A81DC1E}
[2011/02/19 23:51:37 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{17C6BDFF-23C4-4D23-8F62-7FAE5105E7A1}
[2011/02/15 05:06:34 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{1D108AF5-9603-418C-9644-F478B83693F3}
[2011/02/15 05:04:34 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{CB95FAA5-24D2-4362-9D40-09B3AA9FE5DB}
[2011/02/15 04:39:58 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{40EEE863-01E4-4A92-9DBD-62FD2DA8C5E6}
[2011/02/15 04:38:03 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{811A3189-23C7-4546-B7FE-90A44496D285}
[2011/02/14 17:10:41 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{19CA5A78-7025-4285-9A2D-C028F816B728}
[2011/02/14 17:09:04 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{9E769D94-E9BC-40EE-BC0D-257D953290FC}
[2011/02/12 19:59:55 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{2716CE2D-B108-4FD8-9EA3-F16984557912}
[2011/02/12 19:58:08 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{8173C1A3-A429-4F69-BABE-C3D7B54EA190}
[2011/02/12 19:54:50 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{E5229404-034E-4098-BB44-1E7660F07755}
[2011/02/12 19:06:11 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{3090E9E8-CCE5-4EB8-8264-94FFE52762DB}
[2011/02/12 19:04:18 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{5EA799F4-0B91-4364-8842-5D5AB271EA67}
[2011/02/12 07:12:19 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{7FAE4C07-12B8-4CA5-B6CE-6AC06DB2D96D}
[2011/02/12 07:11:10 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{9EDACAFD-7D47-4D46-9D54-97F66B5E0D2A}
[2011/02/12 06:34:29 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{EEB6DF30-56A6-43C5-918C-580B4F3B487C}
[2011/02/12 06:32:37 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{CA4DE313-A984-4635-93AF-AC8838294843}
[2011/02/12 06:04:16 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{BBF303AF-4A79-4733-8DC1-1F4B470E0F3E}
[2011/02/12 02:10:46 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C4C43AC2-BA72-43F6-B7E2-3AC063F69B1F}
[2011/02/12 02:09:11 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{58FCAC4A-250E-42C5-9906-0D46925AA9A1}
[2011/02/11 19:12:23 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{D7564E4C-5F63-45A6-8B24-488CA825525A}
[2011/02/11 19:10:33 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{AF321F31-1C20-4D24-9003-F2E57B47C0CF}
[2011/02/09 06:22:07 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{F960B38F-0BFB-4BF0-83D9-10F3495DB8D4}
[2011/02/09 06:20:16 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{03803EEB-988E-4432-922D-489A4EE9EA52}
[2011/02/08 18:20:49 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{55669353-A0AB-41BD-A015-7BE0637158A2}
[2011/02/08 18:18:02 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{51E55B29-08E6-45BC-A015-A5ED04D7001D}
[2011/02/08 18:16:12 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{8E977E94-FDF0-4463-9DEE-32A2548BC076}
[2011/02/03 22:56:05 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{24D87151-88BE-476E-9BF6-A2F6DE2EFB86}
[2011/02/03 22:54:30 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{96FCD392-61D6-4ED8-BEA8-ABF6E530C9CE}
[2011/02/03 18:10:42 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{9566CE95-65B9-4E21-9332-9EA347CE19D7}
[2011/02/03 18:09:14 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{A206846D-ED6E-4EF4-A9B8-A0D0DEAB6977}
[2011/02/03 14:37:35 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{374CE66C-423C-471E-8109-94F55DC0714B}
[2011/01/31 06:06:56 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{DB853ABD-E419-4FD3-AC5F-3AD588832E94}
[2011/01/31 06:05:14 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{6B1AB837-E81D-460F-AE91-296C6EA54AD9}
[2011/01/30 22:16:58 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{BEDD1285-3C56-4DE7-AA1C-180A23EB98AD}
[2011/01/30 22:15:06 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{8AD236A6-CA59-4A9A-81B3-E195DDB1A159}
[2011/01/26 08:56:21 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{A547AF51-2EAD-4ECB-B9E4-6A33B7029946}
[2011/01/26 08:54:34 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{CDB5BC84-B199-4230-9746-DEB5B84B3B78}
[2011/01/25 04:07:46 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{F8FA181E-6232-47E5-B8F5-7DAC4AF85B50}
[2011/01/25 04:06:05 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C3B46476-5CC6-410A-8776-EFB0CCDC3BA6}
[2011/01/24 15:34:01 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C5B2897F-6FF9-444C-8587-D0E05BC45707}
[2011/01/24 07:44:13 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{83B1248F-45FD-44B0-B802-980773DBDE89}
[2011/01/24 07:42:33 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{6162FCA0-F6BB-4331-AABC-854188ABA02B}
[2011/01/24 02:10:19 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{8158BDE3-6D92-4B0C-8033-D3F07663A50B}
[2011/01/24 02:08:35 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{B6FC17DC-E4B6-4F2D-9A0A-3BE927D25393}
[2011/01/22 13:01:15 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{280F4224-5775-42E3-AE09-BCB3A630E132}
[2011/01/13 11:42:38 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{1746CC39-884E-4417-9412-7FE81F9F212D}
[2011/01/13 11:40:47 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{4C2CF2F6-7191-4400-8D1A-4331ABD340FA}
[2011/01/12 17:41:29 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{77562BF4-D520-4599-A672-DB79F41D65B8}
[2011/01/01 15:24:20 | 000,000,865 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2011/01/01 15:24:18 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2010/12/01 10:02:15 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\eab2d51e-4aba-4bfa-b171-72e2c2a32088
[2010/11/09 16:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/09 16:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/09 16:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/09 16:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/10/04 21:56:12 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{04CCA61A-BE8F-43E2-8266-274DA9C27D01}
[2010/10/04 21:54:54 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{FAA59D10-294D-42D3-8B5C-61384461BB02}
[2010/10/04 21:51:09 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{9CAB67AE-5DBE-47DE-8E0C-A96884211265}
[2010/10/04 21:49:24 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{69897FDE-4E35-4CFC-B95C-9929ABA4137D}
[2010/10/04 21:38:52 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{33CDB88E-3662-4D67-9A1A-0C75CEF4C381}
[2010/10/04 21:38:33 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{7CB4926C-5751-49DD-8114-BA4EDB3987DE}
[2010/10/04 15:21:13 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{266B70B1-C204-48D1-96B8-FA0BFFF1CFB1}
[2010/09/27 03:27:02 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/09/27 03:27:02 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/09/03 11:52:25 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{19A14C07-AFB5-4554-A104-D62D20D779AA}
[2010/09/03 11:50:34 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{AB3C93FF-2872-4900-B233-F54154575F14}
[2010/09/02 21:16:05 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{662D568B-B3E0-4B9D-9D0B-6E1E0848854A}
[2010/09/01 20:12:54 | 000,717,042 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/09/01 09:50:40 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{C26ABD6C-E8F9-47AA-AB69-DF6D7BC9BB7E}
[2010/09/01 09:48:53 | 000,000,000 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\{7BB5083D-BA9D-402A-81D0-C7DF24FC0DAF}
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/06/01 00:45:51 | 000,000,615 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
[2010/05/29 01:27:09 | 000,044,544 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 17:58:09 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2010/05/27 11:47:26 | 000,001,634 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/19 03:48:06 | 000,000,168 | RHS- | C] () -- C:\ProgramData\27F34FFE5F.sys
[2010/05/19 03:48:05 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/17 09:57:19 | 000,007,662 | ---- | C] () -- C:\Users\GaryMaverickMorton\AppData\Local\Resmon.ResmonCfg
[2010/05/14 21:55:47 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010/05/14 02:55:47 | 000,749,568 | ---- | C] () -- C:\Windows\System32\swfgen.dll
[2010/05/14 02:55:47 | 000,131,584 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/05/01 12:24:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 003,781,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,647,666 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,112,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2005/02/24 12:29:14 | 000,162,176 | ---- | C] () -- C:\Windows\System32\drivers\PFC027.sys
[2005/01/25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\PA207USD.DLL

========== Files - Unicode (All) ==========
[2010/09/01 20:45:10 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2010/09/01 20:45:10 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
OTL Extras logfile created on: 9/26/2011 6:31:33 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\GaryMaverickMorton\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 63.35% Memory free
6.48 Gb Paging File | 5.07 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): c:\pagefile.sys 3317 4975 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.54 Gb Total Space | 173.42 Gb Free Space | 24.83% Space Free | Partition Type: NTFS
Drive E: | 7.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAVERICK1965 | User Name: GaryMaverickMorton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.scr [@ = AutoCADScriptFile] -- C:\Windows\System32\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0341796A-9224-48FB-AAE1-4079C7AE375E}" = DDXRenderer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CD39703-0DC3-40FB-A81E-3C25B08D593B}" = Business Plan Pro 15th Anniversary Edition (UK)
"{45873324-094C-4516-A84A-134A175A1CD6}" = PDFExport
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{548CDAD3-9144-4B04-977C-30CAB4838976}" = Grip points
"{57E7F262-3B6A-403E-81C2-E9D2B196D00C}" = DDXSheetSets
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{70928222-C6D7-451C-A1AB-6720C35311A1}" = Drumtracker
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{8967ABFB-CBCA-4EC0-8DE8-A01135267C16}" = EZplayer pro
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel® Network Connections 15.7.176.0
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92377672-DF6E-4D7C-AFFC-50B01254C488}" = DDXViewX
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96472D82-0239-11E0-9776-199EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x86)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7385936-7917-4210-9471-ECDF300D1D02}" = DWGdirectX Core
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}" = Belkin N300 Micro USB Wireless Adapter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9724615-DC4C-49C6-B741-44CFE412CDAF}" = USB PC Cam Plus
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C51496B3-E15E-41D8-B812-9492E4EC86E0}" = DDX DWF Support
"{CD7DB485-A1D7-4FA5-B66B-587CFF6CA361}" = DDX Field Evaluator
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}" = BitDefender Total Security 2011
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Aleo Flash Intro Banner Maker_is1" = Aleo Flash Intro Banner Maker 3.1
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BitDefender" = BitDefender Total Security 2011
"Cakewalk Beatscape_is1" = Beatscape 1.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"DreamStation DXi2" = DreamStation DXi2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Everything" = Everything 1.2.1.371
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{B9724615-DC4C-49C6-B741-44CFE412CDAF}" = USB PC Cam Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel® Network Connections 15.7.176.0
"SONAR8Producer_is1" = SONAR 8.0 Producer Edition
"The Logo Creator v5" = The Logo Creator v5
"The Logo Creator v5.2" = The Logo Creator v5.2
"vShare.tv plugin" = vShare.tv plugin 1.3
"vshare.tv_Bar Toolbar" = vshare.tv Bar Toolbar
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Download, Save and Run by right clicking and Run As Adminsitrator the Avast removal tool:
http://www.avast.com/uninstall-utility

Uninstall
Java 2 Runtime Environment, SE v1.4.2_04 (obsolete and dangerous to have)
Adobe Reader 9.4.6 (obsolete get the latest from adobe.com)
Vuze (P2P - dangerous)
Conduit Engine (adware)
vShare.tv plugin 1.3 (adware)
vshare.tv Bar Toolbar (adware)

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C296E83C-51BF-41E0-A915-912E08E4266C} - No CLSID value found.
O34 - HKLM BootExecute: (sasnative32)
[2011/09/25 03:41:16 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Users\GaryMaverickMorton\Desktop\cnet_antispyware_exe.exe
[2010/05/27 17:58:09 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2010/09/01 20:45:10 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2010/09/01 20:45:10 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
   
:Commands
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



Ron
  • 0

#5
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron,



I was unable to uninstall the Conduit Engine, Vshare plugin and tool bar. Please suggest.
  • 0

#6
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron,



I tried to procced to the next step and I will attach the results.



I will wait for you're reply before I move further.

Attached Files


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Try OTL again. Make sure when you paste that it looks just like what I asked you to copy. If necessary go in and hit Enter at the end of each line so they don't all run together. Make sure you hit Run Fix when you have it right.

If you can't get it to work then go on to the other steps.

Ron
  • 0

#8
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 11-09-27.02 - GaryMaverickMorton 09/27/2011 17:28:52.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3317.2116 [GMT -7:00]
Running from: c:\users\GaryMaverickMorton\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))
.
.
2011-09-28 00:37 . 2011-09-28 00:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-09-28 00:37 . 2011-09-28 00:37 -------- d-----w- c:\users\Rhondamorton\AppData\Local\temp
2011-09-28 00:37 . 2011-09-28 00:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-09-28 00:37 . 2011-09-28 00:37 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-09-28 00:37 . 2011-09-28 00:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-25 16:12 . 2011-09-25 16:12 -------- d-----w- c:\users\Administrator\AppData\Roaming\Systweak
2011-09-25 10:43 . 2010-09-02 03:23 -------- d-----w- c:\users\GaryMaverickMorton\AppData\Roaming\Systweak
2011-09-25 10:43 . 2010-09-02 03:23 -------- d-----w- c:\programdata\Systweak
2011-09-23 16:11 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E96DDDB-CB73-4BAE-A266-6A8D2EB75742}\mpengine.dll
2011-09-20 21:14 . 2011-09-20 21:14 -------- d-----w- c:\users\GaryMaverickMorton\MMData
2011-09-20 21:13 . 2011-09-20 21:14 -------- d-----w- C:\EP
2011-09-20 21:13 . 2011-09-20 21:13 -------- d--h--w- c:\program files\Zero G Registry
2011-09-20 21:13 . 2011-09-20 21:13 -------- d-----w- c:\program files\Movie Magic
2011-09-20 21:12 . 2011-09-20 21:12 -------- d--h--w- c:\users\GaryMaverickMorton\InstallAnywhere
2011-09-20 16:43 . 2011-01-01 22:24 45056 ----a-w- c:\windows\mmfs.dll
2011-09-20 16:27 . 2011-09-25 12:31 -------- d-----w- c:\program files\Creative Planet
2011-09-19 08:02 . 2011-02-10 17:35 728064 ----a-r- c:\windows\system32\drivers\rtl8192cu.sys
2011-09-09 10:28 . 2011-09-09 12:27 -------- d-----w- c:\users\GaryMaverickMorton\AppData\Roaming\vlc
2011-09-09 08:16 . 2011-09-09 08:16 -------- d-----w- C:\Graboid
2011-09-09 08:15 . 2011-09-09 08:16 -------- d-----w- c:\users\GaryMaverickMorton\AppData\Local\Graboid
2011-09-09 08:15 . 2011-09-09 08:15 -------- d-----w- c:\users\GaryMaverickMorton\AppData\Local\Geckofx
2011-09-09 04:02 . 2011-09-25 12:26 -------- d-----w- c:\program files\Graboid
2011-09-07 16:57 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 00:00 . 2011-03-22 21:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 13:56 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-22 02:54 . 2011-08-18 05:06 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-18 05:06 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-18 05:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-12 08:57 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-12 08:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-12 08:57 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-12 08:57 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-12 08:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-12 08:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:30 . 2011-08-12 08:57 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-07-08 17:37 . 2010-07-08 17:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-09-09 00:21 139768 ----a-w- c:\users\Administrator\AppData\Roaming\Complitly\Complitly.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-20 22:39 194848 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2010-08-10 71216]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2010-08-12 1405584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^GaryMaverickMorton^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\GaryMaverickMorton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^GaryMaverickMorton^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\GaryMaverickMorton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 10:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Everything]
2009-03-13 01:18 602624 ----a-w- c:\program files\Everything\Everything.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 02:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 02:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2010-12-07 13:08 644104 ----a-w- c:\windows\System32\M-AudioTaskBarIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 02:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 14:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-05-25 16:08 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" -bootmode
"Google Update"="c:\users\GaryMaverickMorton\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LWS"=c:\program files\Logitech\LWS\Webcam Software\LWS.exe -hide
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WebUpdateStartUp"=c:\program files\Common Files\InstallShield\WebUpdate\webupdate.exe Movie Magic Scheduling
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
.
R0 xsyicbp;xsyicbp;c:\windows\System32\drivers\iffkq.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-07-23 307544]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-16 1343400]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 ArchVision Content Manager Service;ArchVision Content Manager Service;c:\program files\ArchVision\ArchVision Content Manager\rpcACMapp.exe [x]
R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-06-28 633424]
R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-06-28 970320]
R4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-01-01 2560]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-06-18 72784]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-06-19 88144]
S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-20 85128]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 110752]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2010-08-10 42400]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 152528]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-07 158344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-10 728064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2010-05-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-maverick1965-GaryMaverickMorton.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-21 10:44]
.
2011-09-27 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-09-27 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 68.105.28.11 68.105.29.12
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-avast! - c:\program files\Alwil Software\Avast4\ashDisp.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vaaur8rPygA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-27 17:40:13
ComboFix-quarantined-files.txt 2011-09-28 00:40
ComboFix2.txt 2011-09-25 17:05
.
Pre-Run: 186,864,406,528 bytes free
Post-Run: 186,841,128,960 bytes free
.
- - End Of File - - FD00FEF0D23F5C9518D282DC3F8A4DB6

Attached File  combofix.txt   17.2KB   82 downloads
  • 0

#9
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Attached File  TDSSKiller.2.6.2.0_27.09.2011_17.45.43_log.txt   79.92KB   54 downloads
  • 0

#10
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Attached File  aswMBR.txt   1.04KB   54 downloads
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
See if this will work for OTL. I have attached a file called otlscript.txt download and save and open it in notepad. Copy the text then run OTL and Ctrl + v the text into the custom scans/fixes box. Make sure it looks like it does in the earlier post. It should not all run together. Then hit Run Fix.

Ron
  • 0

#12
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Attached File  09272011_192839.log   7.04KB   58 downloads
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
That worked. Finish the instructions in post #4.

Ron
  • 0

#14
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/09/2011 8:42:27 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/09/2011 3:23:17 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/09/2011 3:39:34 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/09/2011 3:39:34 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/09/2011 3:39:34 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/09/2011 3:39:34 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/09/2011 3:39:34 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/09/2011 3:23:51 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: xsyicbp

Log: 'System' Date/Time: 28/09/2011 2:51:22 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/09/2011 2:32:30 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/09/2011 2:32:30 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/09/2011 2:32:30 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/09/2011 2:32:30 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/09/2011 2:32:30 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/09/2011 2:30:09 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: xsyicbp

Log: 'System' Date/Time: 28/09/2011 1:57:44 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: xsyicbp

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/09/2011 3:26:41 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom1'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 3:26:41 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom0'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 3:24:33 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom0'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 3:24:33 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom1'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:57:07 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom0'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:57:07 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom1'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:32:58 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom1'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:32:58 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom0'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:31:06 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom0'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:31:06 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom1'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:28:50 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 28/09/2011 2:24:56 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom0'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:24:56 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom1'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:21:00 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom0'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:21:00 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom1'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:09:06 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 28/09/2011 2:00:39 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pixel.quantserve.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 28/09/2011 2:00:33 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom1'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:00:33 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'bdfsfltr' (Version 6.1, ?2010?-?06?-?25T06:37:20.000000000Z) failed to attach to volume '\Device\CdRom0'. The filter returned a non-standard final status of 0xc0000013. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 28/09/2011 2:00:27 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pixel.quantserve.com timed out after none of the configured DNS servers responded.


Attached File  VEW.txt1.txt   12.29KB   58 downloads
  • 0

#15
maverick1965

maverick1965

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/09/2011 8:47:26 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/09/2011 3:24:39 AM
Type: Error Category: 0
Event: 8204 Source: System Restore
System restore ended unexpectedly because of power loss or a program error. Additional information: (Windows Update).

Log: 'Application' Date/Time: 28/09/2011 2:56:45 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program OTL.com version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 810 Start Time: 01cc7d88806d8ec3 Termination Time: 16 Application Path: C:\Users\GaryMaverickMorton\Desktop\OTL.com Report Id: 62914ea4-e97d-11e0-839a-0024e81bbb8c

Log: 'Application' Date/Time: 28/09/2011 2:24:38 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program OTL.com version 3.2.29.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 350 Start Time: 01cc7d8571959ac9 Termination Time: 15 Application Path: C:\Users\GaryMaverickMorton\Desktop\OTL.com Report Id: 01d93943-e979-11e0-8456-0024e81bbb8c

Log: 'Application' Date/Time: 28/09/2011 2:20:40 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program OTL.com version 3.2.29.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2fc Start Time: 01cc7d84934f7cd4 Termination Time: 0 Application Path: C:\Users\GaryMaverickMorton\Desktop\OTL.com Report Id: 7319df7f-e978-11e0-8456-0024e81bbb8c

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/09/2011 3:02:36 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-3745904780-917009718-934944832-1000:
Process 908 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 908 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 908 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 908 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 908 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011


Log: 'Application' Date/Time: 28/09/2011 2:28:44 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-3745904780-917009718-934944832-1000:
Process 1220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\Policies
Process 1220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 888 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 888 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 888 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 888 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 888 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 1220 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software


Log: 'Application' Date/Time: 28/09/2011 1:19:44 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-3745904780-917009718-934944832-1000:
Process 944 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 944 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 944 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 944 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011
Process 944 (\Device\HarddiskVolume2\Program Files\BitDefender\BitDefender 2011\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3745904780-917009718-934944832-1000\Software\BitDefender\BitDefender Total Security 2011



Attached File  VEW.txt2.txt   7.69KB   49 downloads
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP