Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problem removing Tidserv.Activity.2

Started by tedins , Oct 09 2011 09:17 PM

Please log in to reply

#1
tedins

Posted 09 October 2011 - 09:17 PM

Member

Member
122 posts

I apparently have a backdoor trojan that I cannot get rid of. I have run almost everything I can find - FixTDSS, TDSS Killer, etc. All the anti-malware programs I download tell me its there, but none can deoete it. I also get notices of Trojan. Gen.2 being blocked, but never removed, and the suggestion to run Norton Power Eraser finds nothing.

Thanks for any and all help!

Here is the OTL File:

OTL logfile created on: 10/9/2011 10:01:36 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Tim\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 41.27% Memory free
8.12 Gb Paging File | 5.22 Gb Available in Paging File | 64.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108.18 Gb Total Space | 24.75 Gb Free Space | 22.88% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 406.11 Gb Free Space | 87.19% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 21:59:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Downloads\OTL.exe
PRC - [2011/10/07 09:33:54 | 001,191,216 | ---- | M] (Lavasoft Limited) -- D:\Adaware\AAWTray.exe
PRC - [2011/10/07 09:33:51 | 002,151,640 | ---- | M] (Lavasoft Limited) -- D:\Adaware\AAWService.exe
PRC - [2011/09/29 01:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/19 01:07:38 | 000,421,736 | ---- | M] (Apple Inc.) -- D:\Joans Itunes\iTunesHelper.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- D:\Norton\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/01/23 20:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2011/01/23 20:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/17 07:34:39 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008/07/28 19:45:42 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/28 19:45:42 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/07/21 15:10:06 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/06/21 03:53:53 | 000,679,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2008/06/20 10:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/19 10:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/06/13 03:34:02 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2008/06/12 01:13:24 | 000,337,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/06/08 01:41:22 | 000,352,256 | ---- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008/05/24 21:01:16 | 000,086,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
PRC - [2008/05/22 16:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/05/20 21:05:40 | 000,353,568 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
PRC - [2008/05/20 21:05:40 | 000,103,712 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
PRC - [2008/05/20 21:05:40 | 000,062,752 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
PRC - [2008/05/20 15:48:32 | 000,024,576 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/03 22:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/03/25 16:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2008/01/20 21:48:56 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/04 14:39:48 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 01:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/11 10:27:18 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/11 10:26:59 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/11 10:24:12 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/06/22 03:25:46 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/01/23 20:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2011/01/23 20:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/09/05 00:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsm.dll
MOD - [2008/07/28 19:45:44 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2008/06/13 03:34:02 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/14 15:45:36 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2010/04/14 15:45:30 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:64bit: - [2008/09/29 16:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2008/08/06 20:06:48 | 000,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/06/12 01:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2008/06/12 01:10:46 | 000,107,808 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/04/30 22:20:42 | 001,371,136 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 21:42:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/04/25 07:08:03 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/06/25 22:17:18 | 000,567,024 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2011/10/07 09:33:51 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- D:\Adaware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- D:\Norton\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/04/14 15:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeacoms.exe -- (lxea_device)
SRV - [2010/02/19 07:44:44 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe -- (RoxMediaDBVHS)
SRV - [2009/11/03 16:54:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/17 07:34:39 | 000,409,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008/07/28 19:45:42 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/07/12 22:40:36 | 000,133,120 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/06/20 10:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/19 10:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/06/08 01:41:22 | 000,352,256 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008/05/22 16:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/05/22 16:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/05/20 21:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/20 21:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/20 21:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/05/20 03:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 03:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 03:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/03/25 16:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/12 22:59:54 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 09:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/09 14:53:05 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/08/24 21:53:49 | 000,056,408 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stdriver64.sys -- (stdriver)
DRV:64bit: - [2011/08/18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0501000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 19:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/09/26 16:45:28 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 15:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 15:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/19 17:36:38 | 000,754,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009/06/19 17:36:16 | 000,673,272 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/08/09 09:34:31 | 000,021,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/08/09 09:34:29 | 000,132,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/08/09 09:34:29 | 000,095,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/08/09 09:33:05 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/08/09 08:10:58 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/07/17 08:54:22 | 000,064,512 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/07/14 20:17:16 | 000,315,648 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerFx2hbtv64.sys -- (AVerFx2hbtv64)
DRV:64bit: - [2008/07/11 22:32:13 | 001,027,968 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2008/07/01 23:13:36 | 000,073,104 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr_cfs.sys -- (JMCR_CFS)
DRV:64bit: - [2008/06/25 07:33:12 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/27 13:10:52 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/20 07:11:21 | 000,321,072 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/05/16 12:38:11 | 000,062,480 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2008/04/29 07:06:57 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/28 08:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/04/25 07:08:09 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/04/25 07:08:03 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/04/25 07:07:54 | 001,511,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/04/25 07:07:54 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/04/25 07:07:49 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/04/25 07:07:49 | 000,300,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/03/10 05:45:53 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SFEP.sys -- (SFEP)
DRV:64bit: - [2008/01/30 19:33:30 | 000,019,456 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/01/20 21:46:34 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 21:46:34 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:05 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:05 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 21:46:02 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/04/16 22:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2011/10/09 14:51:48 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111009.009\EX64.SYS -- (NAVEX15)
DRV - [2011/10/09 14:51:47 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/10/09 14:51:47 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/09 14:51:47 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111009.009\ENG64.SYS -- (NAVENG)
DRV - [2011/10/07 15:04:12 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111007.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/10/07 09:34:20 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Adaware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011/09/29 21:38:50 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110929.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2008/07/11 18:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\DMICall.sys -- (DMICall)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atssb.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.atssb.org"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Joans Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/09 19:00:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_2_3 [2011/10/09 20:54:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.16\Extensions\\Components: C:\Program Files (x86)\mozilla.org\SeaMonkey\Components [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.16\Extensions\\Plugins: C:\Program Files (x86)\mozilla.org\SeaMonkey\Plugins [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.16\Extensions\\Components: C:\Program Files (x86)\mozilla.org\SeaMonkey\Components [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.16\Extensions\\Plugins: C:\Program Files (x86)\mozilla.org\SeaMonkey\Plugins [2011/09/30 16:17:33 | 000,000,000 | ---D | M]

[2011/09/25 12:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
[2011/10/09 12:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bzm625f8.default\extensions
[2010/07/10 11:29:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bzm625f8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/09 12:51:50 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bzm625f8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/10/09 19:53:00 | 000,002,463 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bzm625f8.default\searchplugins\safesearch.xml
[2011/09/29 19:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/30 09:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/10 11:17:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/09 20:54:49 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_2_3
[2011/10/09 19:00:13 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/06/18 13:16:18 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2009/06/18 13:36:06 | 000,108,272 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/30 22:52:32 | 000,437,632 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15054 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Norton\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Norton\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Norton\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\Joans Itunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark S300-S400 Series] C:\Program Files (x86)\Lexmark S300-S400 Series\fm3032.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CAMPUS.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129996A3-C74B-43B0-9742-FC7AD6FD8AFC}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B891EC-B989-4471-B8D5-660806C4993C}: DhcpNameServer = 192.168.0.1 192.168.2.1
O18:64bit: - Protocol\Handler\intu-help-qb1 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Program Files (x86)\Sony\First Experience\wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Program Files (x86)\Sony\First Experience\wallpapers\wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\NPE
[2011/10/09 14:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/10/09 14:52:59 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys
[2011/10/09 14:52:59 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys
[2011/10/09 14:52:59 | 000,432,760 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symtdiv.sys
[2011/10/09 14:52:59 | 000,382,584 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/10/09 14:52:58 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/10/09 14:52:58 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/10/09 14:52:35 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys
[2011/10/09 14:52:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/10/09 14:31:45 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/09 14:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/10/09 14:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/09 14:30:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/10/09 14:30:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/10/09 14:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/10/09 14:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/10/09 14:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/10/09 12:52:10 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\QuickScan
[2011/10/09 09:25:19 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/10/07 09:34:20 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/10/07 09:28:42 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/10/07 09:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/10/07 09:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/10/07 08:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/30 16:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/09/30 16:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/30 16:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/30 16:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/30 14:36:15 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVG2012
[2011/09/30 14:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/30 13:03:06 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Intel
[2011/09/26 18:19:24 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/09/25 10:38:30 | 000,000,000 | ---D | C] -- C:\Update
[2011/09/25 09:48:20 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Auslogics
[2011/09/19 14:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/09/19 13:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011/07/22 15:26:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2011/07/22 15:26:43 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2011/07/22 15:26:43 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2011/07/22 15:26:42 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2011/07/22 15:26:42 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2011/07/22 15:26:42 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2011/07/22 15:26:42 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2011/07/22 15:26:42 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2011/07/22 15:26:42 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2011/07/22 15:26:42 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2011/07/22 15:26:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2011/07/22 15:26:42 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2010/09/26 16:45:28 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Tim\AppData\Roaming\pcouffin.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/09 21:49:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/09 21:01:03 | 000,760,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/09 21:01:03 | 000,645,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/09 21:01:03 | 000,119,716 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/09 20:55:03 | 000,113,051 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/09 20:54:13 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 20:54:13 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 20:54:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/09 20:52:50 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/09 19:57:29 | 000,113,051 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/09 15:07:49 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/10/09 15:06:44 | 002,927,956 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/10/09 14:53:05 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/09 14:53:05 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/09 14:53:05 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/07 09:34:18 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/10/07 09:33:48 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/10/07 09:28:42 | 000,000,543 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/07 08:41:37 | 000,002,549 | ---- | M] () -- C:\Users\Tim\Desktop\HiJackThis.lnk
[2011/10/07 08:34:36 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/10/06 10:12:47 | 000,002,675 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2011/10/04 09:31:54 | 000,017,408 | ---- | M] () -- C:\Users\Tim\AppData\Local\WebpageIcons.db
[2011/09/30 22:52:32 | 000,437,632 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/30 16:28:20 | 000,001,412 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/30 16:16:59 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/09/29 19:30:00 | 000,000,912 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/29 19:30:00 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/25 09:52:17 | 000,516,921 | ---- | M] () -- C:\test.xml
[2011/09/25 09:32:33 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2011/09/19 22:04:49 | 000,000,680 | ---- | M] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/09 15:06:32 | 002,927,956 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/10/09 14:52:59 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv64.cat
[2011/10/09 14:52:59 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat
[2011/10/09 14:52:59 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/10/09 14:52:59 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf
[2011/10/09 14:52:59 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf
[2011/10/09 14:52:59 | 000,001,474 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnetv.inf
[2011/10/09 14:52:59 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf
[2011/10/09 14:52:58 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/10/09 14:52:58 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/10/09 14:52:58 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/10/09 14:52:35 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/10/09 14:52:35 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/10/09 14:52:35 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf
[2011/10/09 14:52:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat
[2011/10/09 14:52:08 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/10/09 14:31:45 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/09 14:31:45 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/09 14:31:25 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/10/07 19:37:45 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/10/07 09:28:42 | 000,000,543 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/07 08:34:36 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/10/04 09:31:53 | 000,017,408 | ---- | C] () -- C:\Users\Tim\AppData\Local\WebpageIcons.db
[2011/09/30 16:28:20 | 000,001,412 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/30 16:16:59 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/09/25 09:52:15 | 000,516,921 | ---- | C] () -- C:\test.xml
[2011/09/25 09:32:33 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2011/09/19 14:01:16 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/09/19 14:01:15 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/09/19 14:01:15 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/09/19 14:01:15 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/09/19 14:01:15 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/09/19 14:01:15 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/09/19 14:01:15 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/09/19 14:01:15 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/09/19 14:01:15 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2011/09/19 14:01:15 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/09/19 14:01:15 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2011/09/19 14:01:15 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2011/09/19 14:01:15 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2011/09/19 14:01:15 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2011/09/19 14:01:15 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2011/09/19 14:01:15 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/09/19 14:01:15 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/09/19 14:01:15 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/09/19 14:01:15 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/09/19 14:01:15 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/09/19 14:01:15 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/09/19 14:01:15 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/07/22 15:26:43 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2011/07/22 15:26:43 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2011/07/22 15:26:43 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2011/07/22 15:26:43 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2011/07/22 15:26:43 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2011/07/22 15:26:43 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2011/07/22 15:26:43 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2011/07/22 15:26:42 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2011/07/22 15:26:42 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2011/07/22 15:17:33 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2011/07/22 15:17:33 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2011/03/05 14:53:58 | 000,000,000 | ---- | C] () -- C:\Users\Tim\AppData\Local\rx_image32.Cache
[2011/01/04 22:15:37 | 000,000,238 | ---- | C] () -- C:\Windows\dellstat.ini
[2010/12/24 12:06:27 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/11/30 20:19:28 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2010/11/30 20:19:28 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2010/11/30 20:19:27 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2010/11/30 20:19:27 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2010/11/30 20:19:27 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2010/11/18 20:50:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/22 16:34:38 | 000,000,103 | ---- | C] () -- C:\Windows\SysWow64\hptrace.ini
[2010/10/22 16:33:46 | 000,007,138 | ---- | C] () -- C:\Windows\hpdj5800.ini
[2010/10/19 17:33:30 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2010/10/19 17:33:30 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2010/10/19 17:33:30 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2010/09/26 16:45:28 | 000,099,384 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\inst.exe
[2010/09/26 16:45:28 | 000,007,859 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\pcouffin.cat
[2010/09/26 16:45:28 | 000,001,167 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\pcouffin.inf
[2010/07/15 13:12:04 | 000,000,680 | ---- | C] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat
[2010/04/17 10:48:19 | 000,211,340 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/02/07 14:02:49 | 000,024,226 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\UserTile.png
[2009/08/18 16:59:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/18 16:59:25 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/18 16:59:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/31 15:59:48 | 000,008,704 | ---- | C] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 20:40:52 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/06/11 20:40:47 | 000,118,784 | ---- | C] () -- C:\Windows\SeaMonkeyUninstall.exe
[2009/06/11 20:40:42 | 000,118,784 | ---- | C] () -- C:\Windows\GREUninstall.exe
[2009/06/11 20:40:41 | 000,008,839 | ---- | C] () -- C:\Windows\mozver.dat
[2009/04/03 17:52:54 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/13 17:56:02 | 000,397,312 | R--- | C] () -- C:\Windows\SysWow64\zshp1020.exe
[2009/03/13 17:56:02 | 000,106,496 | R--- | C] () -- C:\Windows\SysWow64\vshp1020.dll
[2009/02/18 10:20:26 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/04 17:00:47 | 000,000,226 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\wklnhst.dat
[2009/02/04 13:43:57 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/09/03 08:50:23 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/09/03 08:24:19 | 000,713,340 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/08/20 16:39:48 | 000,113,051 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/08/20 16:39:10 | 000,113,051 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/08/20 16:02:52 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/09/25 10:01:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Auslogics
[2011/09/30 14:36:15 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG2012
[2009/11/03 16:53:13 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\FileMaker
[2011/09/21 01:54:34 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\FrostWire
[2009/02/09 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Garritan
[2011/09/25 12:13:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ImTOO
[2009/02/05 08:55:38 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Leadertech
[2011/09/25 10:01:27 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\NCH Swift Sound
[2009/02/28 21:53:26 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Nvu
[2009/04/13 15:40:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Onyx F Series Console
[2009/08/11 19:05:43 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Plogue
[2011/10/09 12:52:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\QuickScan
[2011/09/25 10:01:27 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\S300-S400 Series
[2011/06/19 15:16:46 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Template
[2010/01/06 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\VOWSoft
[2011/10/09 20:52:50 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:411E1BE2

< End of report >

#2
tedins

Posted 09 October 2011 - 09:20 PM

Member

Topic Starter
Member
122 posts

If needed, here is the Extra TXT file generated by running OTL:

OTL Extras logfile created on: 10/9/2011 10:01:36 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Tim\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 41.27% Memory free
8.12 Gb Paging File | 5.22 Gb Available in Paging File | 64.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108.18 Gb Total Space | 24.75 Gb Free Space | 22.88% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 406.11 Gb Free Space | 87.19% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- Reg Error: Value error. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- Reg Error: Value error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = C3 41 B2 C9 A2 68 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6542EA-C236-46A2-BDC0-DAF9D41C507E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{19FAA935-9B3D-44BC-B2D8-010F3CE55F84}" = rport=138 | protocol=17 | dir=out | app=system |
"{1AAAE430-7C02-4747-87F3-24A144983237}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{2013899E-9EB9-4078-AD33-EDE859C19ED3}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{21ED4E7F-E2DB-4C56-8934-74222F9105E3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{27F87E52-1BFF-4CDA-A5C7-5268232CE1E2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33CB7420-A6ED-4337-B6FA-81A6474B73DB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3DA9E6E7-42A2-4247-952D-DEC80F39005F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4895CB14-2DFD-4D28-9AE3-5B8E817C3DA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B80D2F7-CC2D-4A27-81A1-BFFB0E8FCF58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4FE82F70-E87C-41E5-8757-0B695F825525}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51B8C9C6-AD20-4103-833D-8AC4F2685783}" = lport=137 | protocol=17 | dir=in | app=system |
"{59343717-8741-45CC-AEB2-AB43E16AC6A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{5AAB6D1A-17AD-4C68-BB88-F6062BAE5D27}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{5CBA5DB4-AC28-4489-9EB1-FC70EC14A2C6}" = rport=445 | protocol=6 | dir=out | app=system |
"{65EEC2C2-6C5F-4A20-B85D-39E96B232E5A}" = lport=139 | protocol=6 | dir=in | app=system |
"{6674AB1D-9FCC-4E32-99B4-0D113F5AF375}" = rport=137 | protocol=17 | dir=out | app=system |
"{67A3DA8F-342F-46C9-8008-D63562982709}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{712484A1-02FB-44AC-9FE9-D69FBDC3C854}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{738F1E7C-BAE7-48B1-8AF1-4F9843483B6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{827A68D8-BBB1-4AC0-9254-7CD2189EF2F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84C945AF-A307-4447-8CCB-56F8A1C58A5D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8D7535CA-243C-4471-B769-75EB3173FEF9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A1411F3D-26DE-4B87-9B8B-AF329DFB91B3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B100EF37-506A-4BE1-BAF7-6B15BB9F0ACC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B3CEB5F1-71CE-49B4-A245-AFBB5FFCB807}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B57B5DC5-5419-453B-87E0-3AD37A83A453}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8F41A1B-E067-4ED7-A3E0-90EEA6FA11EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B9479E84-7250-41BF-97EB-0A4C700A83B0}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C22705DB-1721-4DF1-85AE-19BD5E5C6495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6995374-86A3-4EBD-8262-45D8AB49E7C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C77D5BCE-3DDF-4D4C-BFD8-C5B0B355628F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C7E105C6-D68D-47EB-B39A-86BD7C4823B2}" = rport=139 | protocol=6 | dir=out | app=system |
"{CEBBC3FB-FF02-4FBA-BF91-F897909E0B63}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3C1A44F-57C3-4B6B-9DB0-319F5CE73513}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE9D67D7-444E-47C1-B0AE-9E693380BF15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF3F8F05-D5B4-47E5-8F35-AE51C4C5C24A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0A60A8E-CF2C-42CA-8826-20282B30FF20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F069370D-9FD1-4EFE-88A7-8E85CAD51D70}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{F4B63978-0F1F-4936-BCEC-C151A4B34322}" = lport=3389 | protocol=6 | dir=in | app=system |
"{FA084C43-8E8D-45BE-A744-A6F9AC2DE372}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065BE00A-DE4A-42D7-B855-F641E077E5FC}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{0853D5C6-7604-45D8-B4A9-A2928C2F8BBC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F059C2C-84C0-4587-B51C-2AF7FC49865A}" = protocol=1 | dir=out | [email protected],-28544 |
"{0F1FCC04-9C64-4693-886D-A9FEFDFFFDCC}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeafax.exe |
"{1376730D-A7D6-43B4-A8BF-1D2F1B2ED740}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{1E713576-061B-4249-852E-3E4BB7AFD130}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\vmp.exe |
"{1EF61D39-C314-44DF-B44D-48F0FD76278E}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{24094273-82F1-4E16-9FAD-9073C4002CE3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{240D33CA-2671-453A-A114-DFAB4305E744}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{24B020C1-D512-4E8E-B8E2-AC61923FE95E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2698D81E-1A30-4FF8-B2EB-68D72A078CF5}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{26AEBA0D-FBA9-4D1A-A241-1A2557A66258}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{2A066B28-5A06-468F-A684-16F1C06EBA16}" = protocol=58 | dir=out | [email protected],-28546 |
"{359B9F86-286B-4A26-952F-1D47E01DC292}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3ABABC4E-8773-4EA3-8F2E-59668723628F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3D195EBB-8BEC-4ADD-818E-FE2617CDCBEC}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{499E857D-558D-46D0-8079-A97F74C3D818}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{4B743AB1-45EA-4005-8428-DB41D7A1012A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C313AAF-BC55-46EC-9D27-1ABF0A49A511}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{505C5579-389F-4E8A-9D79-96D78003AD0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{517165F8-752C-4BD6-B267-68DEC92E083B}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{51F3F04D-AF88-4947-B4AC-CA98EF5F4069}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{52EEC3BE-9436-4A71-A80C-27526E9EFE03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5326E781-EBFB-434C-BFC0-19A9D1DB9E91}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohcimp.exe |
"{5ABA11CA-C448-4F17-9109-A91E9EA812C5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{5CF60E97-5C81-415C-BC60-E1D6C1F54318}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E5604B5-27A9-4C96-89FB-28E904096647}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E7681E9-9CC8-4817-B344-85586E29DCA8}" = protocol=6 | dir=in | app=d:\frostwire\frostwire.exe |
"{60675F3E-FDBF-4002-BA08-00BEA1A6FC61}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeafax.exe |
"{60DB9D01-D0AC-4840-BD5D-8971EC69606E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63FC98E7-B156-486E-A5FC-EA0FB9C06C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{65F04825-DFDF-4C76-9B1E-8F040CEE3BE8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B1F72D5-4640-48ED-A674-0C33DABDF78B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{7061BF36-F96A-4E0D-BBA2-86612CA55C07}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\vmp.exe |
"{71DF8BD8-52C2-4518-9DDC-0BA81BFE0DC7}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{76BABC28-43F7-413A-929B-848D6EF94D8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B4184A1-D6CA-445A-AC01-73083E789183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7F56BD7D-F9CF-40A9-93ED-E54895E9C879}" = protocol=1 | dir=in | [email protected],-28543 |
"{858F155E-1AB6-463A-A321-43DC85E712CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{863D3E98-581C-4C1E-8C13-56B4CF690371}" = protocol=58 | dir=in | [email protected],-28545 |
"{86E6450D-A996-4930-B4CD-37AB3F0D65CF}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8A82E588-7FD5-43DB-82BC-F62EF2CE4A3D}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohdms.exe |
"{8B76DF73-8ED5-426D-AFA5-E0DAB70E5161}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{8B7CF56C-D90A-4465-B70D-9561E05A3283}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohdms.exe |
"{8DCBE253-F94A-426E-BC58-E4208CC2D2DE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{94417C53-0D84-46E0-8520-DC3832F77487}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{949E560D-4CA0-481E-AEBF-21D911820B3F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{9602395C-0D7D-4359-B2E4-D03E4A5063B6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{98F7A6FF-B69F-4D32-A422-6E95266E8320}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9BE3AD68-54BE-4281-93CD-B2E594E12935}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{AAF4B738-1058-4E90-AC23-DD004F7CC5D5}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{AF43A0B0-3D06-455C-B806-F620DBB09DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{B68CCA07-2F72-4A96-8E4E-9F4CD2206EC0}" = dir=in | app=d:\joans itunes\itunes.exe |
"{C8B392AC-F2A9-4285-A73E-354E6899B89A}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohds.exe |
"{CA959F5B-D8D7-43B9-B887-5B5942EB3022}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE8EF11E-5883-4AFC-8234-414E10D67F22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8F49A58-3E36-46BE-86B7-94A2DF0C3983}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohcimp.exe |
"{DDCA7DAF-ED20-4ABE-86CA-E2245C93877E}" = protocol=17 | dir=in | app=d:\frostwire\frostwire.exe |
"{E14E5D7A-9971-4876-80F0-70FAF00C1C92}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1C6235C-26CC-496F-BAC1-57122295861A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1FE5CE1-CE83-44F4-A09D-A4E3E04494BC}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohds.exe |
"{E3042E8E-6AC6-4550-9730-950F3CDCFDCC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{E47ABE61-9AC7-456E-85C7-E14FFB64EC7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9984B18-D2CA-472C-821C-86190D6D3B65}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{EF62CE2A-E214-4DAE-9620-37AC7FC71A8C}" = protocol=6 | dir=out | app=system |
"{FE0412C3-C0AA-4414-8B70-4439E23675B6}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"TCP Query User{1705D028-CDEA-4558-9454-407BD859BF98}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{2959C062-9B07-44FB-9C8E-9F38B7F4CEB4}C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe |
"TCP Query User{33E528A4-146C-4E9B-ABA7-79B965F0FD28}C:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe |
"TCP Query User{3E34D1C6-EF0E-40C0-BCF7-765ABAE78C28}C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe |
"TCP Query User{4BD166A6-D57E-4B2F-A206-B037C91ECC95}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe |
"TCP Query User{54422DEF-8A29-44ED-B203-73B305F7BC52}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{565F9A4A-5925-47D3-ADCA-0E15D5329781}C:\windows\syswow64\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"TCP Query User{615711F8-464F-478B-89A6-2C5389C8B462}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe |
"TCP Query User{729AFA2C-9B96-4E52-AF34-946B83787BBA}C:\program files (x86)\look@lan\lookatlan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\look@lan\lookatlan.exe |
"TCP Query User{79947826-42AB-4D55-8038-37379B611795}C:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe |
"TCP Query User{84009FC0-5C6E-4327-829E-AC99E1CC1BD5}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe |
"TCP Query User{96F0A75E-6943-4FDA-8744-F2A9A4D039D1}C:\users\tim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\tim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{A072C793-2986-4F3C-B916-AA65BF802BC6}C:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe |
"TCP Query User{A13F71F2-2EE1-4776-B1A4-CA47BC3173C5}C:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe |
"TCP Query User{B5299967-5E93-4676-9345-4BE9EFB19B5B}C:\program files (x86)\look@lan\lookathost.exe" = protocol=6 | dir=in | app=c:\program files (x86)\look@lan\lookathost.exe |
"TCP Query User{CC281841-D5A2-4C4D-A8BF-8E5BD2628FBF}C:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe |
"TCP Query User{F2B2B188-0D0A-468C-A28F-F3611E44A759}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{F3CB22C6-A82F-4991-9B80-23FF6301431D}C:\windows\syswow64\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"UDP Query User{153C3630-6ED5-48FC-B39C-D90A31324ABA}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe |
"UDP Query User{166CEBCC-8B8C-40F1-8C2A-81541C49B465}C:\windows\syswow64\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"UDP Query User{1C232EA2-AEE4-410F-A9D8-7E4E9CF55B35}C:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe |
"UDP Query User{1DC7AD79-D164-435F-8DAF-AD6421D29DB1}C:\program files (x86)\look@lan\lookathost.exe" = protocol=17 | dir=in | app=c:\program files (x86)\look@lan\lookathost.exe |
"UDP Query User{3F09B335-C9B4-4BED-9593-8512B96AC2F9}C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe |
"UDP Query User{4D912F0D-8FD6-4204-8396-6B82D8C9994C}C:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe |
"UDP Query User{63936F24-3200-422F-B6D0-FACC985C7CA7}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe |
"UDP Query User{7635DAB8-BDAB-43AB-89FC-40E467AE152D}C:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe |
"UDP Query User{7CCA57AD-9987-4F81-8A39-E86EC52019B6}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{88F14496-D947-4814-9A08-25059705AE30}C:\windows\syswow64\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"UDP Query User{915C4D00-2B08-46BA-AF10-6D224C8309AD}C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe |
"UDP Query User{B820F5D5-3D78-4B73-8907-61C98499C46B}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe |
"UDP Query User{BA051897-7571-4DA3-9057-F6661A4A2143}C:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe |
"UDP Query User{C3569C86-72C6-4B4E-841B-CB1284FCBB04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{C50848C0-3FF1-4319-BF11-90254BA5C082}C:\program files (x86)\look@lan\lookatlan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\look@lan\lookatlan.exe |
"UDP Query User{C67AE0D8-1C33-4DF7-9E78-492B1C19C7EA}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{CD1F634B-223F-42EE-8378-CCD3234FA223}C:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe |
"UDP Query User{FC16D2FC-21D4-4895-9135-07A80A4C940E}C:\users\tim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\tim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{151CB4B7-FC63-4C72-8A21-5E87EB419DBB}" = Protector Suite QL 5.6
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4500
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Garritan Instruments for Finale 2009_is1" = Garritan Instruments for Finale 2009
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15210C5B-9E04-4BF7-B019-AE958F238333}" = Roxio Easy VHS to DVD
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B27EB8B-3AA6-438F-BCB0-719CE2C52E32}" = VAIO Content Metadata XML Interface Library
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{4314FCA1-7D0D-45E7-B115-C142466BC60A}" = VAIO Content Metadata Manager Setting
"{44B23220-E68E-4FBC-B02C-1A89AC0C8C5F}" = Roxio CinePlayer Decoder Pack
"{472080B7-D6E7-49E8-9383-FF136B8A8C34}" = JMicron JMB368 ExpressCard CF Adapter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC49A9A-6DD0-40D2-A851-527764DA8379}" = Adobe Setup
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EE2B-62BF-4DEB-B4AA-91456D245F47}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C0990649-FEC2-423A-8F37-A8952404E6CD}" = Roxio Easy VHS to DVD
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E09A5851-B293-465E-A9FE-DFC11E0F4586}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EACCC991-8E8C-4397-8854-349506741FC9}" = FileMaker Pro 11
"{EACCC991-8E8C-4397-8854-349506741FC9}_FileMaker" = FileMaker Pro 11
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FAE74C2C-298A-41BA-8BDB-F5A005F93278}" = Roxio Express Labeler
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_915239ded2552e78978d0dbab7657a5" = Add or Remove Adobe Creative Suite 3 Master Collection
"Audacity_is1" = Audacity 1.2.6
"AVerMedia H826 series driver" = AVerMedia H826 series driver 1.0.64.88
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Finale 2009" = Finale 2009
"Google Updater" = Google Updater
"HP-LaserJet 1020 series" = LaserJet 1020 series
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"InstallShield_{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"iPod to Computer Transfer" = iPod to Computer Transfer 4.8.2
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Magic DVD Copier_is1" = Magic DVD Copier Version 5.0.0
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"N360" = Norton 360
"Network MagicUninstall" = Network Magic
"PROPLUS" = Microsoft Office Professional Plus 2007
"SeaMonkey (1.1.16)" = SeaMonkey (1.1.16)
"SeaMonkey (2.0.6)" = SeaMonkey (2.0.6)
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"WavePad" = WavePad Sound Editor
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#3
RKinner

Posted 09 October 2011 - 09:32 PM

Malware Expert

Expert
24,624 posts

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#4
tedins

Posted 10 October 2011 - 10:21 AM

Member

Topic Starter
Member
122 posts

Here is the Combofix log. Moving on to MalwareBytes

ComboFix 11-10-10.01 - Tim 10/10/2011 10:30:51.2.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4062.2396 [GMT -5:00]
Running from: d:\downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\SPL628C.tmp
c:\programdata\SPL932A.tmp
c:\programdata\SPLD3C2.tmp
c:\users\Tim\AppData\Roaming\inst.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\iun6002.exe
c:\windows\System64
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\comct332.ocx
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))
.
.
2011-10-10 15:49 . 2011-10-10 15:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABD3A28E-F82C-40CD-B3CB-9B912AFECB36}\offreg.dll
2011-10-09 23:13 . 2011-10-10 01:08 -------- d-----w- c:\users\Tim\AppData\Local\NPE
2011-10-09 19:58 . 2011-10-10 15:11 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-10-09 19:32 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-09 19:29 . 2011-10-10 15:13 -------- d-----w- c:\programdata\Norton
2011-10-09 17:52 . 2011-10-09 17:52 -------- d-----w- c:\users\Tim\AppData\Roaming\QuickScan
2011-10-09 14:25 . 2011-10-09 14:25 -------- d-----w- C:\found.000
2011-10-07 14:34 . 2011-10-07 14:33 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-07 14:28 . 2011-10-10 15:15 -------- d-----w- c:\programdata\Lavasoft
2011-10-07 13:34 . 2011-10-07 13:34 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-07 13:34 . 2011-10-07 13:34 -------- d-----w- c:\programdata\Hitman Pro
2011-10-07 12:35 . 2011-09-21 14:00 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABD3A28E-F82C-40CD-B3CB-9B912AFECB36}\mpengine.dll
2011-09-30 21:26 . 2011-09-30 21:26 -------- d-----w- c:\program files\iPod
2011-09-30 21:26 . 2011-09-30 21:28 -------- d-----w- c:\program files\iTunes
2011-09-30 19:36 . 2011-09-30 19:36 -------- d-----w- c:\users\Tim\AppData\Roaming\AVG2012
2011-09-30 19:35 . 2011-10-04 14:10 -------- d-----w- c:\programdata\AVG2012
2011-09-30 18:03 . 2011-09-30 18:03 -------- d-----w- c:\users\Tim\AppData\Roaming\Intel
2011-09-30 17:33 . 2011-09-30 17:33 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2011-09-30 17:33 . 2011-09-30 17:33 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2011-09-30 13:53 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-09-30 00:29 . 2011-09-29 06:53 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-25 15:38 . 2011-09-25 15:38 -------- d-----w- C:\Update
2011-09-25 14:48 . 2011-09-25 15:01 -------- d-----w- c:\users\Tim\AppData\Roaming\Auslogics
2011-09-19 19:07 . 2008-08-08 07:09 108032 ----a-w- c:\windows\system32\E_ILMFCA.DLL
2011-09-19 19:07 . 2007-12-07 07:01 81408 ----a-w- c:\windows\system32\E_IBCBFCA.DLL
2011-09-19 19:01 . 2006-10-20 05:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2011-09-19 19:01 . 2006-10-20 05:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2011-09-19 19:01 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2011-09-19 19:01 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2011-09-19 19:01 . 2006-10-20 05:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2011-09-19 19:01 . 2011-09-30 19:50 -------- d-----w- c:\programdata\EPSON
2011-09-19 18:59 . 2011-09-30 14:29 -------- d-----w- c:\program files (x86)\epson
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 19:39 . 2011-06-25 03:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-25 02:53 . 2011-08-25 02:53 56408 ----a-w- c:\windows\system32\drivers\stdriver64.sys
2011-07-22 05:42 . 2011-08-11 04:27 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-11 04:27 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-11 04:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-11 04:27 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-11 04:27 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-11 04:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-12 16:34 . 2011-07-12 16:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:34 . 2011-07-12 16:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-08-20 152064]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"VMpTtray.exe"="c:\program files (x86)\Sony\VAIO Media plus\VMpTtray.exe" [2008-05-25 86016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2008-06-26 16384]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"AML"="c:\program files (x86)\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Lexmark S300-S400 Series"="c:\program files (x86)\Lexmark S300-S400 Series\fm3032.exe" [2011-01-24 316072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="d:\joans itunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...5b0140a1592892" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-07-15 231888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-11-30 159744]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-11-30 679936]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-21 1048616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-29 00:45 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1390067357-682003330-1224\Scripts\Logon\0\0]
"Script"=LOGON.BAT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1390067357-682003330-1224\Scripts\Logon\1\0]
"Script"=logonhelper.bat
.
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-14 45736]
R3 AVerFx2hbtv64;AVerMedia USB Pure ATSC Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [x]
R3 DIRECTIO;DIRECTIO;H:\DirectIo.sys [x]
R3 echo1394;Onyx F Series service;c:\windows\system32\Drivers\echo1394.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\adaware\KernExplorer64.sys [x]
R3 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2010-02-19 1116656]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 167424]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2008-06-12 107808]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2008-06-08 352256]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-10-17 409600]
S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [x]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-13 133120]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-03-25 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-07 407392]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 JMCR_CFS;JMCR_CFS;c:\windows\system32\DRIVERS\jmcr_cfs.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 20:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-06-19 20:00 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-06-19 20:00 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-13 6407200]
"Skytel"="Skytel.exe" [2008-07-13 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-20 1220392]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-06-19 66824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-09 15867936]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-09 82464]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2011-01-24 148280]
"combofix"="c:\combofix\CF21096.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.atssb.org/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bzm625f8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.atssb.org
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-DU Meter - c:\program files (x86)\DU Meter\DUMeter.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Notify-psfus - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Tim\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=hex:51,66,7a,6c,4c,1d,38,12,62,ab,04,
14,3b,21,26,00,d7,5b,ae,96,a9,cb,61,e4
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6,
d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,29,eb,1d,7d,86,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2011-10-10 11:15:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-10 16:15
.
Pre-Run: 27,130,753,024 bytes free
Post-Run: 26,610,216,960 bytes free
.
- - End Of File - - 5E254A9F1569345CEF4E64EE73903090

#5
tedins

Posted 10 October 2011 - 10:32 AM

Member

Topic Starter
Member
122 posts

Here is MalwareBytes log file:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7917

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10/10/2011 11:31:06 AM
mbam-log-2011-10-10 (11-31-06).txt

Scan type: Quick scan
Objects scanned: 219994
Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6
tedins

Posted 10 October 2011 - 10:35 AM

Member

Topic Starter
Member
122 posts

TDSSKiller log:

11:34:01.0512 5044 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
11:34:02.0074 5044 ============================================================
11:34:02.0075 5044 Current date / time: 2011/10/10 11:34:02.0074
11:34:02.0075 5044 SystemInfo:
11:34:02.0075 5044
11:34:02.0075 5044 OS Version: 6.0.6002 ServicePack: 2.0
11:34:02.0075 5044 Product type: Workstation
11:34:02.0075 5044 ComputerName: TIM-PC
11:34:02.0075 5044 UserName: Tim
11:34:02.0075 5044 Windows directory: C:\Windows
11:34:02.0075 5044 System windows directory: C:\Windows
11:34:02.0075 5044 Running under WOW64
11:34:02.0075 5044 Processor architecture: Intel x64
11:34:02.0075 5044 Number of processors: 2
11:34:02.0075 5044 Page size: 0x1000
11:34:02.0075 5044 Boot type: Normal boot
11:34:02.0075 5044 ============================================================
11:34:02.0372 5044 Initialize success
11:34:14.0449 5328 ============================================================
11:34:14.0449 5328 Scan started
11:34:14.0449 5328 Mode: Manual;
11:34:14.0449 5328 ============================================================
11:34:16.0170 5328 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
11:34:16.0171 5328 61883 - ok
11:34:16.0200 5328 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
11:34:16.0204 5328 ACPI - ok
11:34:16.0226 5328 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
11:34:16.0232 5328 adp94xx - ok
11:34:16.0251 5328 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
11:34:16.0255 5328 adpahci - ok
11:34:16.0270 5328 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
11:34:16.0272 5328 adpu160m - ok
11:34:16.0288 5328 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
11:34:16.0291 5328 adpu320 - ok
11:34:16.0315 5328 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
11:34:16.0320 5328 AFD - ok
11:34:16.0335 5328 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
11:34:16.0337 5328 agp440 - ok
11:34:16.0351 5328 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
11:34:16.0353 5328 aic78xx - ok
11:34:16.0368 5328 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
11:34:16.0369 5328 aliide - ok
11:34:16.0383 5328 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
11:34:16.0384 5328 amdide - ok
11:34:16.0398 5328 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
11:34:16.0399 5328 AmdK8 - ok
11:34:16.0421 5328 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
11:34:16.0423 5328 arc - ok
11:34:16.0437 5328 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
11:34:16.0439 5328 arcsas - ok
11:34:16.0455 5328 ArcSoftKsUFilter (59d2ba1b18f14d0b49b830dc452261b0) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
11:34:16.0455 5328 ArcSoftKsUFilter - ok
11:34:16.0470 5328 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
11:34:16.0470 5328 AsyncMac - ok
11:34:16.0486 5328 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
11:34:16.0486 5328 atapi - ok
11:34:16.0508 5328 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
11:34:16.0509 5328 Avc - ok
11:34:16.0539 5328 AVerAVF2 (1b1db2ff2168742d9195e483b7d41de6) C:\Windows\system32\DRIVERS\AVerAVF2.sys
11:34:16.0547 5328 AVerAVF2 - ok
11:34:16.0565 5328 AVerFx2hbtv64 (7c62316c8c040235ee63f77fc85813ed) C:\Windows\system32\drivers\AVerFx2hbtv64.sys
11:34:16.0569 5328 AVerFx2hbtv64 - ok
11:34:16.0594 5328 Beep - ok
11:34:16.0613 5328 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
11:34:16.0614 5328 blbdrive - ok
11:34:16.0630 5328 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
11:34:16.0632 5328 bowser - ok
11:34:16.0645 5328 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
11:34:16.0646 5328 BrFiltLo - ok
11:34:16.0660 5328 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
11:34:16.0661 5328 BrFiltUp - ok
11:34:16.0679 5328 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
11:34:16.0680 5328 Brserid - ok
11:34:16.0694 5328 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
11:34:16.0695 5328 BrSerWdm - ok
11:34:16.0709 5328 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
11:34:16.0709 5328 BrUsbMdm - ok
11:34:16.0722 5328 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
11:34:16.0723 5328 BrUsbSer - ok
11:34:16.0738 5328 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
11:34:16.0739 5328 BthEnum - ok
11:34:16.0755 5328 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
11:34:16.0756 5328 BTHMODEM - ok
11:34:16.0773 5328 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
11:34:16.0774 5328 BthPan - ok
11:34:16.0800 5328 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
11:34:16.0813 5328 BTHPORT - ok
11:34:16.0829 5328 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
11:34:16.0830 5328 BTHUSB - ok
11:34:16.0846 5328 btwaudio (243661bc849eb1a7ad141680ae62886a) C:\Windows\system32\drivers\btwaudio.sys
11:34:16.0847 5328 btwaudio - ok
11:34:16.0862 5328 btwavdt (89c6567ebd92bbd2961c634604d6670f) C:\Windows\system32\drivers\btwavdt.sys
11:34:16.0863 5328 btwavdt - ok
11:34:16.0878 5328 btwl2cap (09baf40735007bde7dd95830afcefd26) C:\Windows\system32\DRIVERS\btwl2cap.sys
11:34:16.0879 5328 btwl2cap - ok
11:34:16.0893 5328 btwrchid (2bbf56e2114fabf63c3d00828fc3c86c) C:\Windows\system32\DRIVERS\btwrchid.sys
11:34:16.0893 5328 btwrchid - ok
11:34:16.0898 5328 catchme - ok
11:34:16.0919 5328 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
11:34:16.0921 5328 CAXHWAZL - ok
11:34:16.0936 5328 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
11:34:16.0938 5328 cdfs - ok
11:34:16.0952 5328 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
11:34:16.0954 5328 cdrom - ok
11:34:16.0971 5328 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
11:34:16.0971 5328 circlass - ok
11:34:16.0990 5328 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
11:34:16.0995 5328 CLFS - ok
11:34:17.0015 5328 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
11:34:17.0015 5328 CmBatt - ok
11:34:17.0029 5328 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
11:34:17.0030 5328 cmdide - ok
11:34:17.0044 5328 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
11:34:17.0045 5328 Compbatt - ok
11:34:17.0061 5328 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
11:34:17.0061 5328 crcdisk - ok
11:34:17.0087 5328 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
11:34:17.0093 5328 CSC - ok
11:34:17.0113 5328 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
11:34:17.0115 5328 DfsC - ok
11:34:17.0122 5328 DIRECTIO - ok
11:34:17.0139 5328 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
11:34:17.0140 5328 disk - ok
11:34:17.0155 5328 DMICall - ok
11:34:17.0176 5328 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
11:34:17.0177 5328 drmkaud - ok
11:34:17.0204 5328 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
11:34:17.0219 5328 DXGKrnl - ok
11:34:17.0234 5328 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:34:17.0235 5328 E1G60 - ok
11:34:17.0254 5328 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
11:34:17.0256 5328 Ecache - ok
11:34:17.0270 5328 echo1394 - ok
11:34:17.0298 5328 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
11:34:17.0303 5328 elxstor - ok
11:34:17.0322 5328 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
11:34:17.0322 5328 ErrDev - ok
11:34:17.0347 5328 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
11:34:17.0350 5328 exfat - ok
11:34:17.0366 5328 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
11:34:17.0369 5328 fastfat - ok
11:34:17.0384 5328 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
11:34:17.0385 5328 fdc - ok
11:34:17.0404 5328 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
11:34:17.0406 5328 FileInfo - ok
11:34:17.0420 5328 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
11:34:17.0421 5328 Filetrace - ok
11:34:17.0438 5328 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:34:17.0439 5328 flpydisk - ok
11:34:17.0460 5328 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
11:34:17.0463 5328 FltMgr - ok
11:34:17.0481 5328 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
11:34:17.0481 5328 Fs_Rec - ok
11:34:17.0498 5328 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
11:34:17.0501 5328 fvevol - ok
11:34:17.0515 5328 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
11:34:17.0516 5328 gagp30kx - ok
11:34:17.0530 5328 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:34:17.0531 5328 GEARAspiWDM - ok
11:34:17.0554 5328 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
11:34:17.0561 5328 HdAudAddService - ok
11:34:17.0589 5328 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:34:17.0607 5328 HDAudBus - ok
11:34:17.0621 5328 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
11:34:17.0622 5328 HidBth - ok
11:34:17.0636 5328 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
11:34:17.0637 5328 HidIr - ok
11:34:17.0653 5328 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
11:34:17.0654 5328 HidUsb - ok
11:34:17.0673 5328 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
11:34:17.0674 5328 HpCISSs - ok
11:34:17.0694 5328 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:34:17.0698 5328 HSFHWAZL - ok
11:34:17.0733 5328 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
11:34:17.0744 5328 HSF_DPV - ok
11:34:17.0771 5328 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
11:34:17.0782 5328 HTTP - ok
11:34:17.0795 5328 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
11:34:17.0796 5328 i2omp - ok
11:34:17.0812 5328 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
11:34:17.0813 5328 i8042prt - ok
11:34:17.0835 5328 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
11:34:17.0838 5328 iaStor - ok
11:34:17.0855 5328 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
11:34:17.0859 5328 iaStorV - ok
11:34:17.0874 5328 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
11:34:17.0875 5328 iirsp - ok
11:34:17.0915 5328 IntcAzAudAddService (e6ad224a57cfc3dbf4ea10c801a09630) C:\Windows\system32\drivers\RTKVHD64.sys
11:34:17.0927 5328 IntcAzAudAddService - ok
11:34:17.0946 5328 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
11:34:17.0947 5328 intelide - ok
11:34:17.0963 5328 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
11:34:17.0964 5328 intelppm - ok
11:34:17.0982 5328 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:34:17.0984 5328 IpFilterDriver - ok
11:34:17.0998 5328 IpInIp - ok
11:34:18.0017 5328 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
11:34:18.0018 5328 IPMIDRV - ok
11:34:18.0036 5328 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
11:34:18.0038 5328 IPNAT - ok
11:34:18.0059 5328 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
11:34:18.0062 5328 IRENUM - ok
11:34:18.0080 5328 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
11:34:18.0081 5328 isapnp - ok
11:34:18.0099 5328 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
11:34:18.0102 5328 iScsiPrt - ok
11:34:18.0115 5328 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
11:34:18.0116 5328 iteatapi - ok
11:34:18.0132 5328 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
11:34:18.0133 5328 iteraid - ok
11:34:18.0164 5328 JMCR_CFS (35a1646897a9113f563634cb33b15f23) C:\Windows\system32\DRIVERS\jmcr_cfs.sys
11:34:18.0165 5328 JMCR_CFS - ok
11:34:18.0180 5328 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
11:34:18.0181 5328 kbdclass - ok
11:34:18.0197 5328 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
11:34:18.0198 5328 kbdhid - ok
11:34:18.0223 5328 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
11:34:18.0234 5328 KSecDD - ok
11:34:18.0249 5328 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
11:34:18.0250 5328 ksthunk - ok
11:34:18.0262 5328 Lavasoft Kernexplorer - ok
11:34:18.0282 5328 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
11:34:18.0283 5328 lltdio - ok
11:34:18.0306 5328 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
11:34:18.0308 5328 LSI_FC - ok
11:34:18.0323 5328 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
11:34:18.0325 5328 LSI_SAS - ok
11:34:18.0341 5328 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
11:34:18.0343 5328 LSI_SCSI - ok
11:34:18.0359 5328 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
11:34:18.0361 5328 luafv - ok
11:34:18.0382 5328 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:34:18.0383 5328 mdmxsdk - ok
11:34:18.0399 5328 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
11:34:18.0400 5328 megasas - ok
11:34:18.0422 5328 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
11:34:18.0430 5328 MegaSR - ok
11:34:18.0447 5328 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
11:34:18.0448 5328 Modem - ok
11:34:18.0463 5328 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
11:34:18.0464 5328 monitor - ok
11:34:18.0477 5328 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
11:34:18.0480 5328 mouclass - ok
11:34:18.0497 5328 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
11:34:18.0498 5328 mouhid - ok
11:34:18.0516 5328 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
11:34:18.0519 5328 MountMgr - ok
11:34:18.0534 5328 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
11:34:18.0536 5328 mpio - ok
11:34:18.0550 5328 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
11:34:18.0551 5328 mpsdrv - ok
11:34:18.0567 5328 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
11:34:18.0568 5328 Mraid35x - ok
11:34:18.0583 5328 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
11:34:18.0585 5328 MRxDAV - ok
11:34:18.0600 5328 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:34:18.0602 5328 mrxsmb - ok
11:34:18.0619 5328 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:34:18.0623 5328 mrxsmb10 - ok
11:34:18.0638 5328 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:34:18.0640 5328 mrxsmb20 - ok
11:34:18.0653 5328 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
11:34:18.0654 5328 msahci - ok
11:34:18.0671 5328 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
11:34:18.0673 5328 msdsm - ok
11:34:18.0692 5328 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
11:34:18.0693 5328 Msfs - ok
11:34:18.0708 5328 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
11:34:18.0709 5328 msisadrv - ok
11:34:18.0728 5328 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
11:34:18.0730 5328 MSKSSRV - ok
11:34:18.0743 5328 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
11:34:18.0744 5328 MSPCLOCK - ok
11:34:18.0760 5328 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
11:34:18.0760 5328 MSPQM - ok
11:34:18.0780 5328 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
11:34:18.0784 5328 MsRPC - ok
11:34:18.0800 5328 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
11:34:18.0801 5328 mssmbios - ok
11:34:18.0819 5328 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
11:34:18.0819 5328 MSTEE - ok
11:34:18.0836 5328 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
11:34:18.0837 5328 Mup - ok
11:34:18.0858 5328 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
11:34:18.0860 5328 NativeWifiP - ok
11:34:18.0887 5328 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
11:34:18.0901 5328 NDIS - ok
11:34:18.0914 5328 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
11:34:18.0915 5328 NdisTapi - ok
11:34:18.0930 5328 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
11:34:18.0931 5328 Ndisuio - ok
11:34:18.0948 5328 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
11:34:18.0950 5328 NdisWan - ok
11:34:18.0965 5328 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
11:34:18.0966 5328 NDProxy - ok
11:34:18.0981 5328 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
11:34:18.0983 5328 NetBIOS - ok
11:34:19.0000 5328 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
11:34:19.0003 5328 netbt - ok
11:34:19.0094 5328 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
11:34:19.0185 5328 NETw5v64 - ok
11:34:19.0200 5328 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
11:34:19.0201 5328 nfrd960 - ok
11:34:19.0220 5328 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
11:34:19.0221 5328 Npfs - ok
11:34:19.0236 5328 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
11:34:19.0237 5328 nsiproxy - ok
11:34:19.0275 5328 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
11:34:19.0305 5328 Ntfs - ok
11:34:19.0318 5328 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
11:34:19.0319 5328 Null - ok
11:34:19.0336 5328 NVHDA (29a70ad61fb913b4e6c587924b23b62c) C:\Windows\system32\drivers\nvhda64v.sys
11:34:19.0337 5328 NVHDA - ok
11:34:19.0527 5328 nvlddmkm (45ace5d0f8ca2685e1fada8f90eb048f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:34:19.0631 5328 nvlddmkm - ok
11:34:19.0650 5328 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
11:34:19.0652 5328 nvraid - ok
11:34:19.0667 5328 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
11:34:19.0669 5328 nvstor - ok
11:34:19.0686 5328 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
11:34:19.0688 5328 nv_agp - ok
11:34:19.0703 5328 NwlnkFlt - ok
11:34:19.0718 5328 NwlnkFwd - ok
11:34:19.0738 5328 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
11:34:19.0739 5328 ohci1394 - ok
11:34:19.0768 5328 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
11:34:19.0770 5328 Parport - ok
11:34:19.0785 5328 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
11:34:19.0787 5328 partmgr - ok
11:34:19.0806 5328 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
11:34:19.0809 5328 pci - ok
11:34:19.0824 5328 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
11:34:19.0825 5328 pciide - ok
11:34:19.0844 5328 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
11:34:19.0847 5328 pcmcia - ok
11:34:19.0863 5328 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
11:34:19.0864 5328 pcouffin - ok
11:34:19.0889 5328 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
11:34:19.0904 5328 PEAUTH - ok
11:34:19.0932 5328 pnarp (f1965ae69fdb4c6d9ffeceb2c12f7898) C:\Windows\system32\DRIVERS\pnarp.sys
11:34:19.0933 5328 pnarp - ok
11:34:19.0957 5328 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
11:34:19.0959 5328 PptpMiniport - ok
11:34:19.0972 5328 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
11:34:19.0973 5328 Processor - ok
11:34:19.0991 5328 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
11:34:19.0992 5328 PSched - ok
11:34:20.0006 5328 purendis (ec7333fc339fc6a1f9bb3e50ad9b13c6) C:\Windows\system32\DRIVERS\purendis.sys
11:34:20.0007 5328 purendis - ok
11:34:20.0021 5328 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:34:20.0022 5328 PxHlpa64 - ok
11:34:20.0055 5328 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
11:34:20.0079 5328 ql2300 - ok
11:34:20.0094 5328 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
11:34:20.0096 5328 ql40xx - ok
11:34:20.0113 5328 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
11:34:20.0114 5328 QWAVEdrv - ok
11:34:20.0129 5328 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
11:34:20.0129 5328 RasAcd - ok
11:34:20.0149 5328 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:34:20.0151 5328 Rasl2tp - ok
11:34:20.0170 5328 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
11:34:20.0171 5328 RasPppoe - ok
11:34:20.0185 5328 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
11:34:20.0186 5328 RasSstp - ok
11:34:20.0204 5328 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
11:34:20.0208 5328 rdbss - ok
11:34:20.0222 5328 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:34:20.0223 5328 RDPCDD - ok
11:34:20.0244 5328 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
11:34:20.0248 5328 rdpdr - ok
11:34:20.0263 5328 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
11:34:20.0263 5328 RDPENCDD - ok
11:34:20.0286 5328 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
11:34:20.0288 5328 RDPWD - ok
11:34:20.0301 5328 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
11:34:20.0302 5328 regi - ok
11:34:20.0326 5328 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
11:34:20.0329 5328 RFCOMM - ok
11:34:20.0343 5328 rimsptsk (d345ae15fa0ad4bd8d647c5509714858) C:\Windows\system32\DRIVERS\rimssn64.sys
11:34:20.0344 5328 rimsptsk - ok
11:34:20.0358 5328 risdptsk (c45cd294458fed92e9cc1c68768e9356) C:\Windows\system32\DRIVERS\risdsn64.sys
11:34:20.0359 5328 risdptsk - ok
11:34:20.0381 5328 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
11:34:20.0383 5328 rspndr - ok
11:34:20.0404 5328 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
11:34:20.0406 5328 sbp2port - ok
11:34:20.0429 5328 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
11:34:20.0431 5328 sdbus - ok
11:34:20.0447 5328 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:34:20.0448 5328 secdrv - ok
11:34:20.0468 5328 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
11:34:20.0469 5328 Serenum - ok
11:34:20.0485 5328 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
11:34:20.0486 5328 Serial - ok
11:34:20.0501 5328 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
11:34:20.0502 5328 sermouse - ok
11:34:20.0524 5328 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
11:34:20.0524 5328 SFEP - ok
11:34:20.0539 5328 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
11:34:20.0540 5328 sffdisk - ok
11:34:20.0554 5328 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
11:34:20.0555 5328 sffp_mmc - ok
11:34:20.0570 5328 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
11:34:20.0570 5328 sffp_sd - ok
11:34:20.0585 5328 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
11:34:20.0586 5328 sfloppy - ok
11:34:20.0605 5328 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
11:34:20.0606 5328 SiSRaid2 - ok
11:34:20.0620 5328 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
11:34:20.0622 5328 SiSRaid4 - ok
11:34:20.0640 5328 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
11:34:20.0642 5328 Smb - ok
11:34:20.0666 5328 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
11:34:20.0668 5328 spldr - ok
11:34:20.0695 5328 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
11:34:20.0702 5328 srv - ok
11:34:20.0721 5328 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
11:34:20.0723 5328 srv2 - ok
11:34:20.0739 5328 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
11:34:20.0741 5328 srvnet - ok
11:34:20.0760 5328 stdriver (50aadc94ba90dc3de1ae0020c877baae) C:\Windows\system32\DRIVERS\stdriver64.sys
11:34:20.0761 5328 stdriver - ok
11:34:20.0780 5328 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
11:34:20.0781 5328 swenum - ok
11:34:20.0799 5328 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
11:34:20.0801 5328 Symc8xx - ok
11:34:20.0815 5328 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
11:34:20.0816 5328 Sym_hi - ok
11:34:20.0832 5328 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
11:34:20.0835 5328 Sym_u3 - ok
11:34:20.0856 5328 SynTP (465e1231adf3cb6e0be5372c0fa83462) C:\Windows\system32\DRIVERS\SynTP.sys
11:34:20.0861 5328 SynTP - ok
11:34:20.0910 5328 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
11:34:20.0940 5328 Tcpip - ok
11:34:20.0976 5328 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
11:34:20.0986 5328 Tcpip6 - ok
11:34:21.0000 5328 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
11:34:21.0002 5328 tcpipreg - ok
11:34:21.0016 5328 TcUsb (cbd13e809e81b07116c8d51aa199f69b) C:\Windows\system32\Drivers\tcusb.sys
11:34:21.0019 5328 TcUsb - ok
11:34:21.0032 5328 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
11:34:21.0033 5328 TDPIPE - ok
11:34:21.0048 5328 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
11:34:21.0049 5328 TDTCP - ok
11:34:21.0065 5328 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
11:34:21.0067 5328 tdx - ok
11:34:21.0082 5328 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
11:34:21.0084 5328 TermDD - ok
11:34:21.0110 5328 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:34:21.0111 5328 tssecsrv - ok
11:34:21.0126 5328 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
11:34:21.0127 5328 tunmp - ok
11:34:21.0142 5328 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
11:34:21.0143 5328 tunnel - ok
11:34:21.0158 5328 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
11:34:21.0159 5328 uagp35 - ok
11:34:21.0178 5328 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
11:34:21.0182 5328 udfs - ok
11:34:21.0204 5328 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
11:34:21.0205 5328 uliagpkx - ok
11:34:21.0224 5328 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
11:34:21.0228 5328 uliahci - ok
11:34:21.0244 5328 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
11:34:21.0247 5328 UlSata - ok
11:34:21.0262 5328 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
11:34:21.0265 5328 ulsata2 - ok
11:34:21.0279 5328 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
11:34:21.0280 5328 umbus - ok
11:34:21.0315 5328 USB28xxBGA (1e1786e15f91183be26732e89adc1817) C:\Windows\system32\DRIVERS\emBDA64.sys
11:34:21.0328 5328 USB28xxBGA - ok
11:34:21.0353 5328 USB28xxOEM (e97f0e00adbc1bcef691c71dbee77041) C:\Windows\system32\DRIVERS\emOEM64.sys
11:34:21.0367 5328 USB28xxOEM - ok
11:34:21.0383 5328 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:34:21.0384 5328 USBAAPL64 - ok
11:34:21.0401 5328 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
11:34:21.0405 5328 usbaudio - ok
11:34:21.0422 5328 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
11:34:21.0423 5328 usbccgp - ok
11:34:21.0438 5328 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
11:34:21.0440 5328 usbcir - ok
11:34:21.0454 5328 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
11:34:21.0455 5328 usbehci - ok
11:34:21.0474 5328 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
11:34:21.0478 5328 usbhub - ok
11:34:21.0491 5328 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
11:34:21.0492 5328 usbohci - ok
11:34:21.0507 5328 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
11:34:21.0508 5328 usbprint - ok
11:34:21.0523 5328 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
11:34:21.0524 5328 usbscan - ok
11:34:21.0539 5328 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:34:21.0540 5328 USBSTOR - ok
11:34:21.0554 5328 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
11:34:21.0555 5328 usbuhci - ok
11:34:21.0573 5328 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
11:34:21.0575 5328 usbvideo - ok
11:34:21.0609 5328 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
11:34:21.0610 5328 vga - ok
11:34:21.0625 5328 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
11:34:21.0626 5328 VgaSave - ok
11:34:21.0640 5328 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
11:34:21.0641 5328 viaide - ok
11:34:21.0656 5328 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
11:34:21.0658 5328 volmgr - ok
11:34:21.0677 5328 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
11:34:21.0683 5328 volmgrx - ok
11:34:21.0701 5328 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
11:34:21.0704 5328 volsnap - ok
11:34:21.0722 5328 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
11:34:21.0724 5328 vsmraid - ok
11:34:21.0747 5328 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
11:34:21.0747 5328 WacomPen - ok
11:34:21.0763 5328 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
11:34:21.0765 5328 Wanarp - ok
11:34:21.0769 5328 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
11:34:21.0771 5328 Wanarpv6 - ok
11:34:21.0794 5328 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
11:34:21.0795 5328 Wd - ok
11:34:21.0823 5328 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
11:34:21.0841 5328 Wdf01000 - ok
11:34:21.0871 5328 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
11:34:21.0873 5328 WimFltr - ok
11:34:21.0899 5328 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
11:34:21.0913 5328 winachsf - ok
11:34:21.0943 5328 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
11:34:21.0944 5328 WmiAcpi - ok
11:34:21.0972 5328 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
11:34:21.0973 5328 WpdUsb - ok
11:34:21.0988 5328 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
11:34:21.0989 5328 ws2ifsl - ok
11:34:22.0012 5328 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:34:22.0014 5328 WUDFRd - ok
11:34:22.0029 5328 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
11:34:22.0029 5328 XAudio - ok
11:34:22.0056 5328 yukonx64 (3c5b0410faba5b1014eefeee77e1296a) C:\Windows\system32\DRIVERS\yk60x64.sys
11:34:22.0059 5328 yukonx64 - ok
11:34:22.0072 5328 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:34:22.0077 5328 \Device\Harddisk0\DR0 - ok
11:34:22.0081 5328 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:34:22.0086 5328 \Device\Harddisk1\DR1 - ok
11:34:22.0089 5328 Boot (0x1200) (3767ef98aa3b26765d91e26f3351930c) \Device\Harddisk0\DR0\Partition0
11:34:22.0090 5328 \Device\Harddisk0\DR0\Partition0 - ok
11:34:22.0094 5328 Boot (0x1200) (a70fe0b0c7e7c300265f9c9732629f9a) \Device\Harddisk1\DR1\Partition0
11:34:22.0095 5328 \Device\Harddisk1\DR1\Partition0 - ok
11:34:22.0095 5328 ============================================================
11:34:22.0096 5328 Scan finished
11:34:22.0096 5328 ============================================================
11:34:22.0105 3052 Detected object count: 0
11:34:22.0105 3052 Actual detected object count: 0
11:34:40.0656 6384 Deinitialize success

#7
tedins

Posted 10 October 2011 - 10:43 AM

Member

Topic Starter
Member
122 posts

Log file for aswMBR - The FIX button was NOT enabled

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-10 11:40:58
-----------------------------
11:40:58.642 OS Version: Windows x64 6.0.6002 Service Pack 2
11:40:58.643 Number of processors: 2 586 0x1706
11:40:58.643 ComputerName: TIM-PC UserName: Tim
11:40:59.333 Initialize success
11:41:38.240 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
11:41:38.242 Disk 0 Vendor: Intel___ 1.0. Size: 122110MB BusType: 8
11:41:38.245 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
11:41:38.247 Disk 1 Vendor: FUJITSU_ 0041 Size: 476940MB BusType: 3
11:41:38.250 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000069
11:41:38.253 Disk 2 Vendor: RICOH 01 Size: 476940MB BusType: 0
11:41:38.256 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000006a
11:41:38.259 Disk 3 Vendor: RICOH 02 Size: 476940MB BusType: 0
11:41:38.262 Disk 4 \Device\Harddisk4\DR4 -> \Device\Scsi\JMCR_CFS1Port1Path0Target0Lun0
11:41:38.265 Disk 4 Vendor: JMCR Size: 476940MB BusType: 0
11:41:38.269 Disk 0 MBR read successfully
11:41:38.273 Disk 0 MBR scan
11:41:38.277 Disk 0 Windows VISTA default MBR code
11:41:38.281 Service scanning
11:41:39.504 Modules scanning
11:41:39.509 Scan finished successfully
11:41:57.157 Disk 0 MBR has been saved successfully to "C:\Users\Tim\Desktop\MBR.dat"
11:41:57.162 The log file has been saved successfully to "C:\Users\Tim\Desktop\aswMBR.txt"

#8
tedins

Posted 10 October 2011 - 11:00 AM

Member

Topic Starter
Member
122 posts

Here is the OTL logfile

OTL logfile created on: 10/10/2011 11:47:45 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Tim\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 47.90% Memory free
8.12 Gb Paging File | 5.65 Gb Available in Paging File | 69.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108.18 Gb Total Space | 24.20 Gb Free Space | 22.37% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 406.40 Gb Free Space | 87.26% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/10 11:46:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2011/08/19 01:07:38 | 000,421,736 | ---- | M] (Apple Inc.) -- D:\Joans Itunes\iTunesHelper.exe
PRC - [2011/01/23 20:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2011/01/23 20:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/17 07:34:39 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008/07/28 19:45:42 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/28 19:45:42 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/07/21 15:10:06 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/06/21 03:53:53 | 000,679,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2008/06/20 10:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/19 10:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/06/13 03:34:02 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2008/06/12 01:13:24 | 000,337,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/06/08 01:41:22 | 000,352,256 | ---- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008/05/24 21:01:16 | 000,086,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe
PRC - [2008/05/22 16:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/05/20 21:05:40 | 000,353,568 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
PRC - [2008/05/20 21:05:40 | 000,103,712 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
PRC - [2008/05/20 21:05:40 | 000,062,752 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
PRC - [2008/05/20 15:48:32 | 000,024,576 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/03 22:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/03/25 16:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/11 10:27:18 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/11 10:26:59 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/11 10:24:12 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/06/22 03:25:46 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/01/23 20:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2011/01/23 20:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/09/05 00:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsm.dll
MOD - [2008/07/28 19:45:44 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2008/06/13 03:34:02 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/14 15:45:36 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2010/04/14 15:45:30 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:64bit: - [2008/09/29 16:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2008/08/06 20:06:48 | 000,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/06/12 01:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2008/06/12 01:10:46 | 000,107,808 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/04/30 22:20:42 | 001,371,136 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 21:42:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/04/25 07:08:03 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/06/25 22:17:18 | 000,567,024 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2010/04/14 15:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeacoms.exe -- (lxea_device)
SRV - [2010/02/19 07:44:44 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe -- (RoxMediaDBVHS)
SRV - [2009/11/03 16:54:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/17 07:34:39 | 000,409,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008/07/28 19:45:42 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/07/12 22:40:36 | 000,133,120 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/06/20 10:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/19 10:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/06/08 01:41:22 | 000,352,256 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008/05/22 16:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/05/22 16:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/05/20 21:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/20 21:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/20 21:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/05/20 03:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 03:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 03:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/03/25 16:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/12 22:59:54 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 09:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/24 21:53:49 | 000,056,408 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stdriver64.sys -- (stdriver)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/26 16:45:28 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 15:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 15:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/19 17:36:38 | 000,754,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009/06/19 17:36:16 | 000,673,272 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/08/09 09:34:31 | 000,021,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/08/09 09:34:29 | 000,132,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/08/09 09:34:29 | 000,095,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/08/09 09:33:05 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/08/09 08:10:58 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/07/17 08:54:22 | 000,064,512 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/07/14 20:17:16 | 000,315,648 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerFx2hbtv64.sys -- (AVerFx2hbtv64)
DRV:64bit: - [2008/07/11 22:32:13 | 001,027,968 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2008/07/01 23:13:36 | 000,073,104 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr_cfs.sys -- (JMCR_CFS)
DRV:64bit: - [2008/06/25 07:33:12 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/27 13:10:52 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/20 07:11:21 | 000,321,072 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/05/16 12:38:11 | 000,062,480 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2008/04/29 07:06:57 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/28 08:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/04/25 07:08:09 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/04/25 07:08:03 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/04/25 07:07:54 | 001,511,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/04/25 07:07:54 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/04/25 07:07:49 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/04/25 07:07:49 | 000,300,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/03/10 05:45:53 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SFEP.sys -- (SFEP)
DRV:64bit: - [2008/01/30 19:33:30 | 000,019,456 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/01/20 21:46:34 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 21:46:34 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:05 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:05 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 21:46:02 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/04/16 22:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2008/07/11 18:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\DMICall.sys -- (DMICall)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atssb.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.atssb.org"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Joans Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.16\Extensions\\Components: C:\Program Files (x86)\mozilla.org\SeaMonkey\Components [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.16\Extensions\\Plugins: C:\Program Files (x86)\mozilla.org\SeaMonkey\Plugins [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.16\Extensions\\Components: C:\Program Files (x86)\mozilla.org\SeaMonkey\Components [2011/09/30 16:17:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey 1.1.16\Extensions\\Plugins: C:\Program Files (x86)\mozilla.org\SeaMonkey\Plugins [2011/09/30 16:17:33 | 000,000,000 | ---D | M]

[2011/09/25 12:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
[2011/10/09 12:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bzm625f8.default\extensions
[2010/07/10 11:29:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bzm625f8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/09 12:51:50 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bzm625f8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/09/29 19:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/30 09:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/10 11:17:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/06/18 13:16:18 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2009/06/18 13:36:06 | 000,108,272 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/10 10:49:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\Joans Itunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark S300-S400 Series] C:\Program Files (x86)\Lexmark S300-S400 Series\fm3032.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [VMpTtray.exe] C:\Program Files (x86)\Sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CAMPUS.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129996A3-C74B-43B0-9742-FC7AD6FD8AFC}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B891EC-B989-4471-B8D5-660806C4993C}: DhcpNameServer = 192.168.0.1 192.168.2.1
O18:64bit: - Protocol\Handler\intu-help-qb1 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Program Files (x86)\Sony\First Experience\wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Program Files (x86)\Sony\First Experience\wallpapers\wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 11:46:37 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/10/10 11:36:43 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Tim\Desktop\aswMBR.exe
[2011/10/10 11:33:49 | 001,558,832 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tim\Desktop\tdsskiller(1).exe
[2011/10/10 11:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/10 11:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/10 11:24:30 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tim\Desktop\mbam-setup-1.51.2.1300(1).exe
[2011/10/10 10:49:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/10 09:14:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/10 09:14:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/10 09:14:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/10 09:13:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/10 09:12:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\NPE
[2011/10/09 14:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/10/09 14:32:28 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/10/09 14:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/10/09 14:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/10/09 12:52:10 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\QuickScan
[2011/10/09 09:25:19 | 000,000,000 | ---D | C] -- C:\found.000
[2011/10/07 09:34:20 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/10/07 09:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/10/07 08:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/30 16:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/09/30 16:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/30 16:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/30 16:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/30 14:36:15 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVG2012
[2011/09/30 14:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/30 13:03:06 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Intel
[2011/09/30 08:53:24 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2011/09/25 10:38:30 | 000,000,000 | ---D | C] -- C:\Update
[2011/09/25 09:48:20 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Auslogics
[2011/09/19 14:07:33 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMFCA.DLL
[2011/09/19 14:07:33 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBFCA.DLL
[2011/09/19 14:01:16 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK2.dll
[2011/09/19 14:01:16 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK.dll
[2011/09/19 14:01:15 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICEntry.dll
[2011/09/19 14:01:15 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicPrt.dll
[2011/09/19 14:01:15 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicMgr.dll
[2011/09/19 14:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/09/19 13:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011/07/22 15:26:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2011/07/22 15:26:43 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2011/07/22 15:26:43 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2011/07/22 15:26:42 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2011/07/22 15:26:42 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2011/07/22 15:26:42 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2011/07/22 15:26:42 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2011/07/22 15:26:42 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2011/07/22 15:26:42 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2011/07/22 15:26:42 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2011/07/22 15:26:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2011/07/22 15:26:42 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2010/09/26 16:45:28 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Tim\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/10/10 11:49:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/10 11:46:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/10/10 11:46:17 | 000,645,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/10 11:46:16 | 000,760,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/10 11:46:16 | 000,119,716 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/10 11:41:57 | 000,000,512 | ---- | M] () -- C:\Users\Tim\Desktop\MBR.dat
[2011/10/10 11:40:16 | 000,113,051 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/10 11:39:36 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 11:39:36 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 11:39:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/10 11:39:23 | 710,079,385 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/10 11:36:57 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Tim\Desktop\aswMBR.exe
[2011/10/10 11:33:24 | 001,558,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tim\Desktop\tdsskiller(1).exe
[2011/10/10 11:28:40 | 000,000,570 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/10 11:23:56 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tim\Desktop\mbam-setup-1.51.2.1300(1).exe
[2011/10/10 10:49:49 | 000,113,051 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/10 10:49:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/10 10:47:47 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/10 10:28:03 | 000,000,501 | ---- | M] () -- C:\Users\Tim\Desktop\ComboFix.exe - Shortcut.lnk
[2011/10/10 09:10:55 | 000,002,675 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2011/10/07 09:33:48 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/10/07 08:41:37 | 000,002,549 | ---- | M] () -- C:\Users\Tim\Desktop\HiJackThis.lnk
[2011/10/07 08:34:36 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/10/04 14:39:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/04 09:31:54 | 000,017,408 | ---- | M] () -- C:\Users\Tim\AppData\Local\WebpageIcons.db
[2011/09/30 16:28:20 | 000,001,412 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/30 16:16:59 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/09/29 19:30:00 | 000,000,912 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/29 19:30:00 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/25 09:52:17 | 000,516,921 | ---- | M] () -- C:\test.xml
[2011/09/25 09:32:33 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2011/09/19 22:04:49 | 000,000,680 | ---- | M] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/10/10 11:41:57 | 000,000,512 | ---- | C] () -- C:\Users\Tim\Desktop\MBR.dat
[2011/10/10 11:39:23 | 710,079,385 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/10 11:28:40 | 000,000,570 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/10 10:28:03 | 000,000,501 | ---- | C] () -- C:\Users\Tim\Desktop\ComboFix.exe - Shortcut.lnk
[2011/10/10 09:14:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/10 09:14:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/10 09:14:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/10 09:14:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/10 09:14:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/07 08:34:36 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/10/04 09:31:53 | 000,017,408 | ---- | C] () -- C:\Users\Tim\AppData\Local\WebpageIcons.db
[2011/09/30 16:28:20 | 000,001,412 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/30 16:16:59 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/09/25 09:52:15 | 000,516,921 | ---- | C] () -- C:\test.xml
[2011/09/25 09:32:33 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2011/09/19 14:01:16 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/09/19 14:01:15 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/09/19 14:01:15 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/09/19 14:01:15 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/09/19 14:01:15 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/09/19 14:01:15 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/09/19 14:01:15 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/09/19 14:01:15 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/09/19 14:01:15 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2011/09/19 14:01:15 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/09/19 14:01:15 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2011/09/19 14:01:15 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2011/09/19 14:01:15 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2011/09/19 14:01:15 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2011/09/19 14:01:15 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2011/09/19 14:01:15 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/09/19 14:01:15 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/09/19 14:01:15 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/09/19 14:01:15 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/09/19 14:01:15 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/09/19 14:01:15 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/09/19 14:01:15 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/07/22 15:26:43 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2011/07/22 15:26:43 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2011/07/22 15:26:43 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2011/07/22 15:26:43 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2011/07/22 15:26:43 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2011/07/22 15:26:43 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2011/07/22 15:26:43 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2011/07/22 15:26:42 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2011/07/22 15:26:42 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2011/07/22 15:17:33 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2011/07/22 15:17:33 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2011/03/05 14:53:58 | 000,000,000 | ---- | C] () -- C:\Users\Tim\AppData\Local\rx_image32.Cache
[2011/01/04 22:15:37 | 000,000,238 | ---- | C] () -- C:\Windows\dellstat.ini
[2010/12/24 12:06:27 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/11/30 20:19:28 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2010/11/30 20:19:28 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2010/11/30 20:19:27 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2010/11/30 20:19:27 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2010/11/30 20:19:27 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2010/11/18 20:50:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/22 16:34:38 | 000,000,103 | ---- | C] () -- C:\Windows\SysWow64\hptrace.ini
[2010/10/22 16:33:46 | 000,007,138 | ---- | C] () -- C:\Windows\hpdj5800.ini
[2010/09/26 16:45:28 | 000,007,859 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\pcouffin.cat
[2010/09/26 16:45:28 | 000,001,167 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\pcouffin.inf
[2010/07/15 13:12:04 | 000,000,680 | ---- | C] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat
[2010/04/17 10:48:19 | 000,211,340 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/02/07 14:02:49 | 000,024,226 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\UserTile.png
[2009/08/18 16:59:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/18 16:59:25 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/18 16:59:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/31 15:59:48 | 000,008,704 | ---- | C] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 20:40:52 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/06/11 20:40:47 | 000,118,784 | ---- | C] () -- C:\Windows\SeaMonkeyUninstall.exe
[2009/06/11 20:40:42 | 000,118,784 | ---- | C] () -- C:\Windows\GREUninstall.exe
[2009/06/11 20:40:41 | 000,008,839 | ---- | C] () -- C:\Windows\mozver.dat
[2009/04/03 17:52:54 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/13 17:56:02 | 000,397,312 | R--- | C] () -- C:\Windows\SysWow64\zshp1020.exe
[2009/03/13 17:56:02 | 000,106,496 | R--- | C] () -- C:\Windows\SysWow64\vshp1020.dll
[2009/02/18 10:20:26 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/04 17:00:47 | 000,000,226 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\wklnhst.dat
[2009/02/04 13:43:57 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/09/03 08:50:23 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/09/03 08:24:19 | 000,713,340 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/08/20 16:39:48 | 000,113,051 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/08/20 16:39:10 | 000,113,051 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/08/20 16:02:52 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:411E1BE2

< End of report >

#9
tedins

Posted 10 October 2011 - 11:01 AM

Member

Topic Starter
Member
122 posts

And finally, the Extras log from OTL:

OTL Extras logfile created on: 10/10/2011 11:47:45 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Tim\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 47.90% Memory free
8.12 Gb Paging File | 5.65 Gb Available in Paging File | 69.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 108.18 Gb Total Space | 24.20 Gb Free Space | 22.37% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 406.40 Gb Free Space | 87.26% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = C3 41 B2 C9 A2 68 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6542EA-C236-46A2-BDC0-DAF9D41C507E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{19FAA935-9B3D-44BC-B2D8-010F3CE55F84}" = rport=138 | protocol=17 | dir=out | app=system |
"{1AAAE430-7C02-4747-87F3-24A144983237}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{2013899E-9EB9-4078-AD33-EDE859C19ED3}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{21ED4E7F-E2DB-4C56-8934-74222F9105E3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{27F87E52-1BFF-4CDA-A5C7-5268232CE1E2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33CB7420-A6ED-4337-B6FA-81A6474B73DB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3DA9E6E7-42A2-4247-952D-DEC80F39005F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4895CB14-2DFD-4D28-9AE3-5B8E817C3DA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B80D2F7-CC2D-4A27-81A1-BFFB0E8FCF58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4FE82F70-E87C-41E5-8757-0B695F825525}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51B8C9C6-AD20-4103-833D-8AC4F2685783}" = lport=137 | protocol=17 | dir=in | app=system |
"{59343717-8741-45CC-AEB2-AB43E16AC6A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{5AAB6D1A-17AD-4C68-BB88-F6062BAE5D27}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{5CBA5DB4-AC28-4489-9EB1-FC70EC14A2C6}" = rport=445 | protocol=6 | dir=out | app=system |
"{65EEC2C2-6C5F-4A20-B85D-39E96B232E5A}" = lport=139 | protocol=6 | dir=in | app=system |
"{6674AB1D-9FCC-4E32-99B4-0D113F5AF375}" = rport=137 | protocol=17 | dir=out | app=system |
"{67A3DA8F-342F-46C9-8008-D63562982709}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{712484A1-02FB-44AC-9FE9-D69FBDC3C854}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{738F1E7C-BAE7-48B1-8AF1-4F9843483B6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{827A68D8-BBB1-4AC0-9254-7CD2189EF2F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84C945AF-A307-4447-8CCB-56F8A1C58A5D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8D7535CA-243C-4471-B769-75EB3173FEF9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A1411F3D-26DE-4B87-9B8B-AF329DFB91B3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B100EF37-506A-4BE1-BAF7-6B15BB9F0ACC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B3CEB5F1-71CE-49B4-A245-AFBB5FFCB807}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B57B5DC5-5419-453B-87E0-3AD37A83A453}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8F41A1B-E067-4ED7-A3E0-90EEA6FA11EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B9479E84-7250-41BF-97EB-0A4C700A83B0}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C22705DB-1721-4DF1-85AE-19BD5E5C6495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6995374-86A3-4EBD-8262-45D8AB49E7C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C77D5BCE-3DDF-4D4C-BFD8-C5B0B355628F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C7E105C6-D68D-47EB-B39A-86BD7C4823B2}" = rport=139 | protocol=6 | dir=out | app=system |
"{CEBBC3FB-FF02-4FBA-BF91-F897909E0B63}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3C1A44F-57C3-4B6B-9DB0-319F5CE73513}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE9D67D7-444E-47C1-B0AE-9E693380BF15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF3F8F05-D5B4-47E5-8F35-AE51C4C5C24A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0A60A8E-CF2C-42CA-8826-20282B30FF20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F069370D-9FD1-4EFE-88A7-8E85CAD51D70}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{F4B63978-0F1F-4936-BCEC-C151A4B34322}" = lport=3389 | protocol=6 | dir=in | app=system |
"{FA084C43-8E8D-45BE-A744-A6F9AC2DE372}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065BE00A-DE4A-42D7-B855-F641E077E5FC}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{0853D5C6-7604-45D8-B4A9-A2928C2F8BBC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F059C2C-84C0-4587-B51C-2AF7FC49865A}" = protocol=1 | dir=out | [email protected],-28544 |
"{0F1FCC04-9C64-4693-886D-A9FEFDFFFDCC}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeafax.exe |
"{1376730D-A7D6-43B4-A8BF-1D2F1B2ED740}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{1E713576-061B-4249-852E-3E4BB7AFD130}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\vmp.exe |
"{1EF61D39-C314-44DF-B44D-48F0FD76278E}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{24094273-82F1-4E16-9FAD-9073C4002CE3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{240D33CA-2671-453A-A114-DFAB4305E744}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{24B020C1-D512-4E8E-B8E2-AC61923FE95E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2698D81E-1A30-4FF8-B2EB-68D72A078CF5}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{26AEBA0D-FBA9-4D1A-A241-1A2557A66258}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{2A066B28-5A06-468F-A684-16F1C06EBA16}" = protocol=58 | dir=out | [email protected],-28546 |
"{359B9F86-286B-4A26-952F-1D47E01DC292}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3ABABC4E-8773-4EA3-8F2E-59668723628F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3D195EBB-8BEC-4ADD-818E-FE2617CDCBEC}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{499E857D-558D-46D0-8079-A97F74C3D818}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{4B743AB1-45EA-4005-8428-DB41D7A1012A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C313AAF-BC55-46EC-9D27-1ABF0A49A511}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{505C5579-389F-4E8A-9D79-96D78003AD0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{517165F8-752C-4BD6-B267-68DEC92E083B}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{51F3F04D-AF88-4947-B4AC-CA98EF5F4069}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{52EEC3BE-9436-4A71-A80C-27526E9EFE03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5326E781-EBFB-434C-BFC0-19A9D1DB9E91}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohcimp.exe |
"{5ABA11CA-C448-4F17-9109-A91E9EA812C5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{5CF60E97-5C81-415C-BC60-E1D6C1F54318}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E5604B5-27A9-4C96-89FB-28E904096647}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E7681E9-9CC8-4817-B344-85586E29DCA8}" = protocol=6 | dir=in | app=d:\frostwire\frostwire.exe |
"{60675F3E-FDBF-4002-BA08-00BEA1A6FC61}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark s300-s400 series\lxeafax.exe |
"{60DB9D01-D0AC-4840-BD5D-8971EC69606E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63FC98E7-B156-486E-A5FC-EA0FB9C06C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{65F04825-DFDF-4C76-9B1E-8F040CEE3BE8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B1F72D5-4640-48ED-A674-0C33DABDF78B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{7061BF36-F96A-4E0D-BBA2-86612CA55C07}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\vmp.exe |
"{71DF8BD8-52C2-4518-9DDC-0BA81BFE0DC7}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{76BABC28-43F7-413A-929B-848D6EF94D8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B4184A1-D6CA-445A-AC01-73083E789183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7F56BD7D-F9CF-40A9-93ED-E54895E9C879}" = protocol=1 | dir=in | [email protected],-28543 |
"{858F155E-1AB6-463A-A321-43DC85E712CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{863D3E98-581C-4C1E-8C13-56B4CF690371}" = protocol=58 | dir=in | [email protected],-28545 |
"{86E6450D-A996-4930-B4CD-37AB3F0D65CF}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8A82E588-7FD5-43DB-82BC-F62EF2CE4A3D}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohdms.exe |
"{8B76DF73-8ED5-426D-AFA5-E0DAB70E5161}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{8B7CF56C-D90A-4465-B70D-9561E05A3283}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohdms.exe |
"{8DCBE253-F94A-426E-BC58-E4208CC2D2DE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{94417C53-0D84-46E0-8520-DC3832F77487}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{949E560D-4CA0-481E-AEBF-21D911820B3F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{9602395C-0D7D-4359-B2E4-D03E4A5063B6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{98F7A6FF-B69F-4D32-A422-6E95266E8320}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9BE3AD68-54BE-4281-93CD-B2E594E12935}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{AAF4B738-1058-4E90-AC23-DD004F7CC5D5}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{AF43A0B0-3D06-455C-B806-F620DBB09DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{B68CCA07-2F72-4A96-8E4E-9F4CD2206EC0}" = dir=in | app=d:\joans itunes\itunes.exe |
"{C8B392AC-F2A9-4285-A73E-354E6899B89A}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohds.exe |
"{CA959F5B-D8D7-43B9-B887-5B5942EB3022}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE8EF11E-5883-4AFC-8234-414E10D67F22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8F49A58-3E36-46BE-86B7-94A2DF0C3983}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohcimp.exe |
"{DDCA7DAF-ED20-4ABE-86CA-E2245C93877E}" = protocol=17 | dir=in | app=d:\frostwire\frostwire.exe |
"{E14E5D7A-9971-4876-80F0-70FAF00C1C92}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1C6235C-26CC-496F-BAC1-57122295861A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1FE5CE1-CE83-44F4-A09D-A4E3E04494BC}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\sohds.exe |
"{E3042E8E-6AC6-4550-9730-950F3CDCFDCC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{E47ABE61-9AC7-456E-85C7-E14FFB64EC7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9984B18-D2CA-472C-821C-86190D6D3B65}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{EF62CE2A-E214-4DAE-9620-37AC7FC71A8C}" = protocol=6 | dir=out | app=system |
"{FE0412C3-C0AA-4414-8B70-4439E23675B6}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"TCP Query User{1705D028-CDEA-4558-9454-407BD859BF98}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{2959C062-9B07-44FB-9C8E-9F38B7F4CEB4}C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe |
"TCP Query User{33E528A4-146C-4E9B-ABA7-79B965F0FD28}C:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe |
"TCP Query User{3E34D1C6-EF0E-40C0-BCF7-765ABAE78C28}C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe |
"TCP Query User{4BD166A6-D57E-4B2F-A206-B037C91ECC95}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe |
"TCP Query User{54422DEF-8A29-44ED-B203-73B305F7BC52}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{565F9A4A-5925-47D3-ADCA-0E15D5329781}C:\windows\syswow64\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"TCP Query User{615711F8-464F-478B-89A6-2C5389C8B462}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe |
"TCP Query User{729AFA2C-9B96-4E52-AF34-946B83787BBA}C:\program files (x86)\look@lan\lookatlan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\look@lan\lookatlan.exe |
"TCP Query User{79947826-42AB-4D55-8038-37379B611795}C:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe |
"TCP Query User{84009FC0-5C6E-4327-829E-AC99E1CC1BD5}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe |
"TCP Query User{96F0A75E-6943-4FDA-8744-F2A9A4D039D1}C:\users\tim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\tim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{A072C793-2986-4F3C-B916-AA65BF802BC6}C:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe |
"TCP Query User{A13F71F2-2EE1-4776-B1A4-CA47BC3173C5}C:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe |
"TCP Query User{B5299967-5E93-4676-9345-4BE9EFB19B5B}C:\program files (x86)\look@lan\lookathost.exe" = protocol=6 | dir=in | app=c:\program files (x86)\look@lan\lookathost.exe |
"TCP Query User{CC281841-D5A2-4C4D-A8BF-8E5BD2628FBF}C:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe |
"TCP Query User{F2B2B188-0D0A-468C-A28F-F3611E44A759}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{F3CB22C6-A82F-4991-9B80-23FF6301431D}C:\windows\syswow64\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"UDP Query User{153C3630-6ED5-48FC-B39C-D90A31324ABA}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe |
"UDP Query User{166CEBCC-8B8C-40F1-8C2A-81541C49B465}C:\windows\syswow64\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"UDP Query User{1C232EA2-AEE4-410F-A9D8-7E4E9CF55B35}C:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe |
"UDP Query User{1DC7AD79-D164-435F-8DAF-AD6421D29DB1}C:\program files (x86)\look@lan\lookathost.exe" = protocol=17 | dir=in | app=c:\program files (x86)\look@lan\lookathost.exe |
"UDP Query User{3F09B335-C9B4-4BED-9593-8512B96AC2F9}C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe |
"UDP Query User{4D912F0D-8FD6-4204-8396-6B82D8C9994C}C:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver mx 2004\dreamweaver.exe |
"UDP Query User{63936F24-3200-422F-B6D0-FACC985C7CA7}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe |
"UDP Query User{7635DAB8-BDAB-43AB-89FC-40E467AE152D}C:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe |
"UDP Query User{7CCA57AD-9987-4F81-8A39-E86EC52019B6}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{88F14496-D947-4814-9A08-25059705AE30}C:\windows\syswow64\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"UDP Query User{915C4D00-2B08-46BA-AF10-6D224C8309AD}C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe |
"UDP Query User{B820F5D5-3D78-4B73-8907-61C98499C46B}C:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 11\filemaker pro.exe |
"UDP Query User{BA051897-7571-4DA3-9057-F6661A4A2143}C:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\xdbc support\bin\ddfmsoc.exe |
"UDP Query User{C3569C86-72C6-4B4E-841B-CB1284FCBB04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{C50848C0-3FF1-4319-BF11-90254BA5C082}C:\program files (x86)\look@lan\lookatlan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\look@lan\lookatlan.exe |
"UDP Query User{C67AE0D8-1C33-4DF7-9E78-492B1C19C7EA}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{CD1F634B-223F-42EE-8378-CCD3234FA223}C:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 10\extensions\web support\fm web publishing.exe |
"UDP Query User{FC16D2FC-21D4-4895-9135-07A80A4C940E}C:\users\tim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\tim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{151CB4B7-FC63-4C72-8A21-5E87EB419DBB}" = Protector Suite QL 5.6
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4500
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Garritan Instruments for Finale 2009_is1" = Garritan Instruments for Finale 2009
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15210C5B-9E04-4BF7-B019-AE958F238333}" = Roxio Easy VHS to DVD
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B27EB8B-3AA6-438F-BCB0-719CE2C52E32}" = VAIO Content Metadata XML Interface Library
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{4314FCA1-7D0D-45E7-B115-C142466BC60A}" = VAIO Content Metadata Manager Setting
"{44B23220-E68E-4FBC-B02C-1A89AC0C8C5F}" = Roxio CinePlayer Decoder Pack
"{472080B7-D6E7-49E8-9383-FF136B8A8C34}" = JMicron JMB368 ExpressCard CF Adapter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC49A9A-6DD0-40D2-A851-527764DA8379}" = Adobe Setup
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EE2B-62BF-4DEB-B4AA-91456D245F47}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C0990649-FEC2-423A-8F37-A8952404E6CD}" = Roxio Easy VHS to DVD
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E09A5851-B293-465E-A9FE-DFC11E0F4586}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EACCC991-8E8C-4397-8854-349506741FC9}" = FileMaker Pro 11
"{EACCC991-8E8C-4397-8854-349506741FC9}_FileMaker" = FileMaker Pro 11
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FAE74C2C-298A-41BA-8BDB-F5A005F93278}" = Roxio Express Labeler
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_915239ded2552e78978d0dbab7657a5" = Add or Remove Adobe Creative Suite 3 Master Collection
"Audacity_is1" = Audacity 1.2.6
"AVerMedia H826 series driver" = AVerMedia H826 series driver 1.0.64.88
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Finale 2009" = Finale 2009
"Google Updater" = Google Updater
"HP-LaserJet 1020 series" = LaserJet 1020 series
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"InstallShield_{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer Media Center
"iPod to Computer Transfer" = iPod to Computer Transfer 4.8.2
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Magic DVD Copier_is1" = Magic DVD Copier Version 5.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Network MagicUninstall" = Network Magic
"PROPLUS" = Microsoft Office Professional Plus 2007
"SeaMonkey (1.1.16)" = SeaMonkey (1.1.16)
"SeaMonkey (2.0.6)" = SeaMonkey (2.0.6)
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"WavePad" = WavePad Sound Editor
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2011 11:17:32 AM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/10/2011 11:17:32 AM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/10/2011 11:17:32 AM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/10/2011 11:17:32 AM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/10/2011 11:49:23 AM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = WinMgmt | ID = 10
Description =

Error - 10/10/2011 11:49:29 AM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 10/10/2011 11:49:35 AM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 10/10/2011 12:39:48 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 10/10/2011 12:40:00 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = WinMgmt | ID = 10
Description =

Error - 10/10/2011 12:40:07 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

[ Media Center Events ]
Error - 1/15/2011 11:17:30 AM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5220.1129)

Error - 1/16/2011 04:03:30 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (5760.1128)

Error - 1/16/2011 04:03:30 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5760.1129)

Error - 1/16/2011 04:03:59 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (5760.1128)

Error - 1/16/2011 04:03:59 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5760.1129)

Error - 6/20/2011 04:28:04 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (1488.1128)

Error - 6/20/2011 04:28:04 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (1488.1129)

Error - 6/20/2011 04:28:33 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (1488.1128)

Error - 6/20/2011 04:28:33 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (1488.1129)

Error - 9/24/2011 09:57:11 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = MCUpdate | ID = 0
Description = Failed to retrieve Directory (Error: The operation has timed out)
(7260.1114)

[ System Events ]
Error - 10/10/2011 11:49:48 AM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2011 11:52:01 AM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = TermService | ID = 1067
Description =

Error - 10/10/2011 12:39:30 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:37:50 AM on 10/10/2011 was unexpected.

Error - 10/10/2011 12:39:21 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/10/2011 12:39:47 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain CAMPUS due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 10/10/2011 12:40:00 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = Service Control Manager | ID = 7009
Description =

Error - 10/10/2011 12:40:00 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2011 12:40:05 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = Service Control Manager | ID = 7026
Description =

Error - 10/10/2011 12:40:06 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 10/10/2011 12:42:39 PM | Computer Name = Tim-PC.CAMPUS.LOCAL | Source = TermService | ID = 1067
Description =

< End of report >

#10
RKinner

Posted 10 October 2011 - 11:57 AM

Malware Expert

Expert
24,624 posts

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
[2010/07/10 11:17:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun\Autorun.exe
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:411E1BE2

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. If it hangs then try it again without this line:
[RESETHOSTS]

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron

#11
RKinner

Posted 10 October 2011 - 12:01 PM

Malware Expert

Expert
24,624 posts

Forgot to tell you to uninstall
Java™ 6 Update 20
Java™ SE Runtime Environment 6
if they are still there after you install the latest Java.

Are you still seeing signs of tidserv?

Ron

#12
tedins

Posted 10 October 2011 - 02:12 PM

Member

Topic Starter
Member
122 posts

Is there a way to undo those changes? It seems to have disabled all networking capabilities, and system restore is turned off for a prior virus scan.

#13
RKinner

Posted 10 October 2011 - 02:41 PM

Malware Expert

Expert
24,624 posts

See if this helps:

Start, All Programs, Accessories, Command Prompt Vista or Win 7 must right click and Run As Administrator. Type with an Enter after each line in the code box:


ipconfig /flushdns

netsh  winsock  reset catalog

netsh  int ip reset  reset.log

(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test.

Ron

#14
tedins

Posted 10 October 2011 - 02:56 PM

Member

Topic Starter
Member
122 posts

No luck on either one. The odd thing is that the network icon in the notification area disappeared after running OTL.

#15
RKinner

Posted 10 October 2011 - 03:11 PM

Malware Expert

Expert
24,624 posts

Go back into Device manager and make sure that the Network Adapters you removed came back. Right click and select Properties and make sure it says the device is working.

Then Start, (Settings,) Network Connections. On my Vista I see two Icons. One says Local Area Connection and the other says Wireless Network Connection. If you are plugged in then use the Local Area Connection. Otherwise the Wireless. Right click on it and select Diagnose and see if that finds anything. If not right click and select Properties then find the Internet Protocol TCP/IP v4 and select Properties. Make sure it is set to automatically get an IP address and DNS server address.

Now Start, Programs, Accessories, and right click on Command Prompt and select Run As Administrator.

Type with an Enter after each line:

net start dhcp

ipconfig /release

ipconfig /renew

ipconfig /all

If you get an error please copy it down and tell me what it says. Also what IP address do you get on the last one?

Ron