Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect Virus?


  • This topic is locked This topic is locked

#16
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Do this instead.

-- Step 1 --

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

-- Step 2 --

Run Malwarebytes' Anti-Malware.
  • Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
  • Select the Scanner tab, select "Perform Quick Scan", then click Scan
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 3 --

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
  • Click the "Download JRE" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")

-- Step 4 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Settings
  • In the scan settings, select the following:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan spyware, adware, diallers and other riskware
    Scan Archives
    Scan E-mail databases
  • Click Save
  • Now under ScanSelect My Computer
  • This will start the scanning of your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report
  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.

  • 0

Advertisements


#17
mark smith

mark smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ok, here's the logs: Of note, that some of the suspicious things the scan
found is folder of software.

Mbam log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4342

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/23/2010 2:37:30 PM
mbam-log-2010-07-23 (14-37-30).txt

Scan type: Quick scan
Objects scanned: 141773
Time elapsed: 12 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here's kaparesky log:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, July 24, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, July 23, 2010 22:59:13
Records in database: 4226673
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 254958
Threats found: 17
Infected objects found: 152
Suspicious objects found: 1
Scan duration: 05:49:05


File name / Threat / Threats count
C:\Users\Mark\AppData\Local\Zimbra\zdesktop\store\0\3\msg\0\1021-859.msg Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Mark\Documents\Downloads\CompiledSoftware (2).zip Infected: Trojan-Downloader.MSIL.Agent.bn 29
C:\Users\Mark\Documents\Downloads\CompiledSoftware (2).zip Infected: Trojan-Downloader.MSIL.Agent.r 1
C:\Users\Mark\Documents\Downloads\CompiledSoftware (2).zip Infected: Trojan-Downloader.MSIL.Agent.bk 1
C:\Users\Mark\Documents\Downloads\CompiledSoftware (2).zip Infected: Trojan-Downloader.MSIL.Agent.bo 1
C:\Users\Mark\Documents\Downloads\CompiledSoftware (2).zip Infected: Trojan-PSW.Win32.WOW.bie 18
C:\Users\Mark\Documents\Downloads\CompiledSoftware (2).zip Infected: Trojan-Downloader.MSIL.Agent.dl 6
C:\Users\Mark\Documents\Downloads\CompiledSoftware (2).zip Infected: Trojan-Downloader.MSIL.Agent.q 8
C:\Users\Mark\Documents\Downloads\CompiledSoftware (2).zip Infected: Trojan-PSW.Win32.WOW.bjf 1
C:\Users\Mark\Documents\Downloads\CompiledSoftware (2).zip Infected: Trojan-Downloader.MSIL.Agent.s 1
C:\Users\Mark\Documents\Downloads\SalesMaterial1 (1).zip Infected: Trojan-PSW.Win32.WOW.bie 3
C:\Users\Mark\Documents\Downloads\SalesMaterial1 (1).zip Infected: Trojan-Downloader.MSIL.Agent.cg 3
C:\Users\Mark\Documents\Downloads\SourceCode1.zip Infected: Trojan-Downloader.MSIL.Agent.bn 2
C:\Users\Mark\Documents\products\SCGMv7-FreeProduct clickbank affiliate.zip Infected: Trojan-Downloader.JS.Iframe.bme 1
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\addeditproductcategory.aspx Infected: Trojan-Downloader.JS.Iframe.awb 1
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\editor\dialog\fck_flash\fck_flash_preview.html Infected: Trojan-Downloader.JS.Iframe.awb 1
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\editor\fckdebug.html Infected: Trojan-Downloader.JS.Iframe.awb 1
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\_samples\html\sample13.html Infected: Trojan-Downloader.JS.Iframe.awb 1
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\_upgrade.html Infected: Trojan-Downloader.JS.Iframe.awb 1
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\index22Jan.aspx Infected: Trojan.HTML.IFrame.cd 1
C:\Users\Mark\Documents\Templates\csstemplates.zip Infected: Trojan-Clicker.JS.Iframe.cb 2
C:\Users\Mark\Downloads\ccsp4600.exe Infected: Trojan-PSW.Win32.Fakeegold.b 1
C:\Users\Mark\Downloads\CompiledSoftware (1).zip Infected: Trojan-Downloader.MSIL.Agent.bn 29
C:\Users\Mark\Downloads\CompiledSoftware (1).zip Infected: Trojan-Downloader.MSIL.Agent.r 1
C:\Users\Mark\Downloads\CompiledSoftware (1).zip Infected: Trojan-Downloader.MSIL.Agent.bk 1
C:\Users\Mark\Downloads\CompiledSoftware (1).zip Infected: Trojan-Downloader.MSIL.Agent.bo 1
C:\Users\Mark\Downloads\CompiledSoftware (1).zip Infected: Trojan-PSW.Win32.WOW.bie 18
C:\Users\Mark\Downloads\CompiledSoftware (1).zip Infected: Trojan-Downloader.MSIL.Agent.dl 6
C:\Users\Mark\Downloads\CompiledSoftware (1).zip Infected: Trojan-Downloader.MSIL.Agent.q 8
C:\Users\Mark\Downloads\CompiledSoftware (1).zip Infected: Trojan-PSW.Win32.WOW.bjf 1
C:\Users\Mark\Downloads\CompiledSoftware (1).zip Infected: Trojan-Downloader.MSIL.Agent.s 1
C:\Users\Mark\Downloads\plr products with sales page\products_41_to_50b.zip Infected: Trojan-Clicker.JS.Iframe.cb 1
C:\_OTM\MovedFiles\07042010_130120\C_Windows\System32\drivers\etc\hosts Infected: Trojan.Win32.Qhost.myc 1

Selected area has been scanned.


Thanks,

Mark
  • 0

#18
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi Mark,

Of note, that some of the suspicious things the scan
found is folder of software.


Can you give me more details.
Can you also give me an update on the problems you are having.
  • 0

#19
mark smith

mark smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Hi Mark,

Of note, that some of the suspicious things the scan
found is folder of software.


Can you give me more details.
Can you also give me an update on the problems you are having.


Sure. The compiled software folder and the plr product with sales page folder are
both software that I purchased, that I can just move if you think they are a real
problem. Because of the type of software programs they are, they have always
scanned as potential virus, but weren't related to this present problem I don't think.

The issues i've got is a redirect from google to ads while trying to search. This
only happens intermittantly, and can't ever tell what makes it happen. Also,
I don't have control over things in my control panel. For instance, when I
try to click on change start up programs. I can get this. error message.

Of course, I can't get the add image to work in this post, but basically , it says this:

"windows defender is turned off by group policy, and that I have to contact an administrator."
it says this on multiple things when I click on things in control panel to try to change
things.

Is that enough details? Let me know if you want me to move that software off of the machine so
those don't show up when scanning.

Thanks

Mark
  • 0

#20
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\Users\Mark\AppData\Local\Zimbra\zdesktop\store\0\3\msg\0\1021-859.msg
    C:\Users\Mark\Documents\products\SCGMv7-FreeProduct clickbank affiliate.zip
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\addeditproductcategory.aspx
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\editor\dialog\fck_flash\fck_flash_preview.html
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\editor\fckdebug.html
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\_samples\html\sample13.html
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\_upgrade.html
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\index22Jan.aspx
    C:\Users\Mark\Documents\Templates\csstemplates.zip
    C:\Users\Mark\Downloads\ccsp4600.exe
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.

-- Step 2 --

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

-- Step 3 --

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, leave ONLY Sections checked. All others should be unchecked.
  • Then click the Scan button & wait for it to finish.
  • Once done, click on the Copy button to copy the log to the clipboard.
  • Open Notepad, and from the menu bar select Edit then Paste.
  • Save the file as ark.txt where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

-- Step 4 --

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#21
mark smith

mark smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Hi,

Please follow these steps.

-- Step 1 --

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\Users\Mark\AppData\Local\Zimbra\zdesktop\store\0\3\msg\0\1021-859.msg
    C:\Users\Mark\Documents\products\SCGMv7-FreeProduct clickbank affiliate.zip
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\addeditproductcategory.aspx
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\editor\dialog\fck_flash\fck_flash_preview.html
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\editor\fckdebug.html
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\_samples\html\sample13.html
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\_upgrade.html
    C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\index22Jan.aspx
    C:\Users\Mark\Documents\Templates\csstemplates.zip
    C:\Users\Mark\Downloads\ccsp4600.exe
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.

-- Step 2 --

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

-- Step 3 --

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, leave ONLY Sections checked. All others should be unchecked.
  • Then click the Scan button & wait for it to finish.
  • Once done, click on the Copy button to copy the log to the clipboard.
  • Open Notepad, and from the menu bar select Edit then Paste.
  • Save the file as ark.txt where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

-- Step 4 --

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post



OK, in order:

All processes killed
========== FILES ==========
C:\Users\Mark\AppData\Local\Zimbra\zdesktop\store\0\3\msg\0\1021-859.msg moved successfully.
C:\Users\Mark\Documents\products\SCGMv7-FreeProduct clickbank affiliate.zip moved successfully.
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\addeditproductcategory.aspx moved successfully.
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\editor\dialog\fck_flash\fck_flash_preview.html moved successfully.
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\editor\fckdebug.html moved successfully.
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\_samples\html\sample13.html moved successfully.
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\control\admin\fckeditor\_upgrade.html moved successfully.
C:\Users\Mark\Documents\projects\wine online\meadowlarkvineyards.com\index22Jan.aspx moved successfully.
C:\Users\Mark\Documents\Templates\csstemplates.zip moved successfully.
C:\Users\Mark\Downloads\ccsp4600.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mark
->Temp folder emptied: 67689899 bytes
->Temporary Internet Files folder emptied: 1142325 bytes
->Java cache emptied: 157890 bytes
->FireFox cache emptied: 42451341 bytes
->Google Chrome cache emptied: 51570904 bytes
->Flash cache emptied: 5283 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 247103 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 156.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mark
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 07252010_220037

Files\Folders moved on Reboot...
C:\Users\Mark\AppData\Local\Temp\DAT6CD6.tmp moved successfully.
C:\Users\Mark\AppData\Local\Temp\DAT6CF9.tmp moved successfully.
C:\Users\Mark\AppData\Local\Temp\STR6CD7.tmp moved successfully.
C:\Users\Mark\AppData\Local\Temp\STR6CFA.tmp moved successfully.
C:\Users\Mark\AppData\Local\Temp\STU6CD8.tmp moved successfully.
C:\Users\Mark\AppData\Local\Temp\STU6D29.tmp moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


followed by:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:11 on 25/07/2010 (Mark)
Firefox version 3.6.2 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[email protected] [03:19 10/03/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:03 11/12/2009]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [20:37 09/01/2009]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [01:16 10/01/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [02:43 25/03/2009]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [20:28 23/07/2010]

C:\Users\Mark\Application Data\Mozilla\Firefox\Profiles\0z074r8e.default\extensions\
[email protected] [16:17 24/06/2010]
[email protected] [13:21 03/07/2010]
[email protected] [03:16 31/01/2010]
[email protected] [04:41 12/07/2010]
[email protected] [14:31 18/06/2010]
[email protected] [02:08 12/06/2010]
[email protected] [02:08 12/06/2010]
{20a82645-c095-46ed-80e3-08825760534b} [17:53 27/04/2010]
{2204c510-88f3-11db-b606-0800200c9a66} [04:41 12/07/2010]
{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [18:32 11/12/2009]
{63b70e6a-ea9d-4de2-8166-d6c4308099ee} [13:21 03/07/2010]
{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83} [04:25 10/01/2010]
{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [02:08 12/06/2010]
{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} [18:24 22/04/2010]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [02:07 19/07/2010]
{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b} [11:39 18/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:26 04/01/2009]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files\Siber Systems\AI RoboForm\Firefox" [16:45 03/01/2009]

-=E.O.F=-

followed by GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-26 06:50:39
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Mark\AppData\Local\Temp\pgrdapoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[852] kernel32.dll!SetUnhandledExceptionFilter 76C1A84F 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2328] kernel32.dll!CreateThread + 1A 76C3C928 4 Bytes CALL 0008F31D C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[3644] kernel32.dll!CreateThread + 1A 76C3C928 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)

---- EOF - GMER 1.0.15 ----


Lastly, I ran root repeal. it gave me an error box, of which there wasn't anything in it, that I could see for some reason.

I clicked on the box, and another popup box came up which was blank, so I clicked on that and it closed. Here's what It had so far in the report I think:

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x0040ab12
Attempt to write to address: 0x00000004


Thanks,

Mark
  • 0

#22
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new Window should appear.
  • Make sure Scan all drives is selected and click on the Start button.
  • When it is complete a new Window will appear to indicate that the scan is finished.
  • The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

  • 0

#23
mark smith

mark smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Hi,

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new Window should appear.
  • Make sure Scan all drives is selected and click on the Start button.
  • When it is complete a new Window will appear to indicate that the scan is finished.
  • The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.



Here's the log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 556
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 628
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 672
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 684
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 716
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 768
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 800
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 808
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 932
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 992
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1120
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1176
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1188
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1276
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1304
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1320
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1352
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1500
Hidden: No
Window Visible: No

Name: C:\Windows\System32\brsvc01a.exe
PID: 1684
Hidden: No
Window Visible: No

Name: C:\Windows\System32\brss01a.exe
PID: 1700
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1744
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1768
Hidden: No
Window Visible: No

Name: C:\Windows\System32\agrsmsvc.exe
PID: 392
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PID: 488
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 584
Hidden: No
Window Visible: No

Name: C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PID: 588
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PID: 708
Hidden: No
Window Visible: No

Name: C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PID: 1468
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2008
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\ramaint.exe
PID: 604
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LogMeIn.exe
PID: 2096
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PID: 2124
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PID: 2144
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PID: 2160
Hidden: No
Window Visible: No

Name: C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PID: 2180
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PID: 2276
Hidden: No
Window Visible: No

Name: C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PID: 2428
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
PID: 2456
Hidden: No
Window Visible: No

Name: C:\Program Files\Novosoft\FilesAnywhere\BackupNetworkCoordinator.exe
PID: 2668
Hidden: No
Window Visible: No

Name: C:\Windows\System32\o2flash.exe
PID: 2712
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
PID: 2748
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2788
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PID: 2800
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PID: 2844
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PID: 2928
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PID: 2940
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2980
Hidden: No
Window Visible: No

Name: C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PID: 3016
Hidden: No
Window Visible: No

Name: C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
PID: 3052
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3108
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 3144
Hidden: No
Window Visible: No

Name: C:\Program Files\Webroot\Washer\WasherSvc.exe
PID: 3188
Hidden: No
Window Visible: No

Name: C:\Program Files\Novosoft\FilesAnywhere\hbagent.exe
PID: 3300
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PID: 3732
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 4052
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 4092
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 892
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 2384
Hidden: No
Window Visible: No

Name: C:\Windows\System32\hkcmd.exe
PID: 3896
Hidden: No
Window Visible: No

Name: C:\Windows\RtHDVCpl.exe
PID: 3376
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 2076
Hidden: No
Window Visible: No

Name: C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PID: 928
Hidden: No
Window Visible: No

Name: C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PID: 1384
Hidden: No
Window Visible: No

Name: C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PID: 2408
Hidden: No
Window Visible: No

Name: C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PID: 2572
Hidden: No
Window Visible: Yes

Name: C:\Windows\VM331_STI.EXE
PID: 1860
Hidden: No
Window Visible: No

Name: C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
PID: 3276
Hidden: No
Window Visible: No

Name: C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
PID: 3920
Hidden: No
Window Visible: No

Name: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PID: 1992
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
PID: 4060
Hidden: No
Window Visible: No

Name: C:\Program Files\Logitech\QuickCam\Quickcam.exe
PID: 1364
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 2656
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET Smart Security\egui.exe
PID: 3156
Hidden: No
Window Visible: No

Name: C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe
PID: 3812
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PID: 404
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 4112
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 4120
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 4136
Hidden: No
Window Visible: No

Name: C:\Program Files\Webroot\Washer\wwDisp.exe
PID: 4144
Hidden: No
Window Visible: No

Name: C:\Program Files\Mindjet\MindManager 8\MmDesignPartner.exe
PID: 4364
Hidden: No
Window Visible: No

Name: C:\Program Files\TechSmith\Jing\Jing.exe
PID: 4372
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 4800
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 4844
Hidden: No
Window Visible: No

Name: C:\Program Files\Hide My IP\HideMyIpSrv.exe
PID: 4860
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 5400
Hidden: No
Window Visible: No

Name: C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PID: 5424
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 5500
Hidden: No
Window Visible: No

Name: C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
PID: 5572
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PID: 5592
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 5852
Hidden: No
Window Visible: No

Name: C:\Program Files\BUFFALO\NASNAVI\nassche.exe
PID: 6096
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\igfxsrvc.exe
PID: 1336
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PID: 5452
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PID: 5640
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PID: 1804
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PID: 3576
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 6836
Hidden: No
Window Visible: No

Name: C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
PID: 6964
Hidden: No
Window Visible: No

Name: C:\Program Files\ScottradeELITE\ScottradeELITEClientUpdater.exe
PID: 2692
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 7416
Hidden: No
Window Visible: No

Name: C:\Users\Mark\Desktop\SysProt\SysProt.exe
PID: 9372
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 2368
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 8320
Hidden: No
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Mark\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 91400000
Module End: 9140B000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 82247000
Module End: 82600000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 82214000
Module End: 82247000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 8060A000
Module End: 80611000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80611000
Module End: 80681000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80681000
Module End: 80692000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80692000
Module End: 8069A000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8069A000
Module End: 806DB000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 806DB000
Module End: 807BB000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 82C0F000
Module End: 82C8B000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 82C8B000
Module End: 82C98000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 82C98000
Module End: 82CDE000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 82CDE000
Module End: 82CE7000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 82CE7000
Module End: 82CEF000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 82CEF000
Module End: 82D16000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 82D16000
Module End: 82D25000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 82D25000
Module End: 82D28000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 82D28000
Module End: 82D32000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 82D32000
Module End: 82D41000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 82D41000
Module End: 82D8B000
Hidden: No

Module Name: C:\Windows\system32\drivers\intelide.sys
Service Name: intelide
Module Base: 82D8B000
Module End: 82D92000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 82D92000
Module End: 82DA0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pcmcia.sys
Service Name: pcmcia
Module Base: 82DA0000
Module End: 82DCD000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 82DCD000
Module End: 82DDD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\iaStor.sys
Service Name: iaStor
Module Base: 82E0C000
Module End: 82ECA000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 82ECA000
Module End: 82ED2000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 82ED2000
Module End: 82EF0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\o2sd.sys
Service Name: O2SDRDR
Module Base: 82EF0000
Module End: 82EF9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SCSIPORT.SYS
Service Name: ---
Module Base: 82EF9000
Module End: 82F1F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\o2media.sys
Service Name: O2MDRDR
Module Base: 82F1F000
Module End: 82F28000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 82F28000
Module End: 82F5A000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 82F5A000
Module End: 82F6A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 82F6A000
Module End: 82F74000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 82F74000
Module End: 82FE5000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 8A601000
Module End: 8A70C000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 8A737000
Module End: 8A772000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8A808000
Module End: 8A8F2000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 8A8F2000
Module End: 8A90D000
Hidden: No

Module Name: C:\Windows\system32\drivers\FBIOSDRV.SYS
Service Name: FBIOSDRV
Module Base: 8A90D000
Module End: 8A910000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 8AA00000
Module End: 8AB10000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8AB10000
Module End: 8AB49000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 8AB49000
Module End: 8AB51000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8AB51000
Module End: 8AB60000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 8AB60000
Module End: 8AB87000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\FJGSDisk.sys
Service Name: disk
Module Base: 8AB87000
Module End: 8AB8A000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: ---
Module Base: 8AB8A000
Module End: 8AB9B000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 8AB9B000
Module End: 8ABBC000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 8ABBC000
Module End: 8ABC5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 8ABE5000
Module End: 8ABF0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 8ABF0000
Module End: 8ABF9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 8A910000
Module End: 8A91F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\igdkmd32.sys
Service Name: ialm
Module Base: 8F00C000
Module End: 8F643000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8F643000
Module End: 8F6E4000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8F6E4000
Module End: 8F6F0000
Hidden: No

Module Name: C:\Windows\System32\drivers\swmsflt.sys
Service Name: swmsflt
Module Base: 8F6F0000
Module End: 8F6F5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 8F6F5000
Module End: 8F700000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8F700000
Module End: 8F73E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8F73E000
Module End: 8F74D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8F74D000
Module End: 8F7DA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\yk60x86.sys
Service Name: yukonwlh
Module Base: 8A91F000
Module End: 8A967000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\athr.sys
Service Name: athr
Module Base: 8F80F000
Module End: 8F934000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 8F934000
Module End: 8F944000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 8F944000
Module End: 8F952000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\FUJ02B1.sys
Service Name: FUJ02B1
Module Base: 8F952000
Module End: 8F954000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 8F954000
Module End: 8F967000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8F967000
Module End: 8F972000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: 8F972000
Module End: 8F99F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8F99F000
Module End: 8F9A1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8F9A1000
Module End: 8F9AC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8F9AC000
Module End: 8F9C4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: 8F9C4000
Module End: 8F9CA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\FUJ02E3.sys
Service Name: FUJ02E3
Module Base: 8F9CA000
Module End: 8F9CC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 8F9CC000
Module End: 8F9D0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lmimirr.sys
Service Name: lmimirr
Module Base: 8F9D0000
Module End: 8F9D1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: 8F9D1000
Module End: 8F9F2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\dfmirage.sys
Service Name: dfmirage
Module Base: 8F9F2000
Module End: 8F9F9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\dne2000.sys
Service Name: DNE
Module Base: 8F7DA000
Module End: 8F7F8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Epfwndis.sys
Service Name: Epfwndis
Module Base: 8F800000
Module End: 8F80B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8A967000
Module End: 8A996000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 8A996000
Module End: 8A9D7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8F000000
Module End: 8F00B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\RootMdm.sys
Service Name: ROOTMODEM
Module Base: 8F7F8000
Module End: 8F800000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8A9D7000
Module End: 8A9E4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8A9E4000
Module End: 8A9FB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8A772000
Module End: 8A77D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8A77D000
Module End: 8A7A0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8A7A0000
Module End: 8A7AF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8A7AF000
Module End: 8A7C3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8A7C3000
Module End: 8A7D8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swivspnt.sys
Service Name: swivsp
Module Base: 8F9F9000
Module End: 8F9FE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8A7D8000
Module End: 8A7E8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8F9FE000
Module End: 8FA00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 807BB000
Module End: 807E5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8A7E8000
Module End: 8A7F2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8A7F2000
Module End: 8A7FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8FE07000
Module End: 8FE3C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8FE3C000
Module End: 8FE4D000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 9000F000
Module End: 901ED000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8FE56000
Module End: 8FE83000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8FE83000
Module End: 8FEA8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\AGRSM.sys
Service Name: AgereSoftModem
Module Base: 8FEA8000
Module End: 8FFCE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 90000000
Module End: 90007000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ehdrv.sys
Service Name: ehdrv
Module Base: 8FFCE000
Module End: 8FFEB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 90007000
Module End: 9000E000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8FFF4000
Module End: 90000000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8FE4D000
Module End: 8FE55000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8FFEB000
Module End: 8FFF3000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 82FF0000
Module End: 82FFE000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 82E00000
Module End: 82E09000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 82DDD000
Module End: 82DF3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 807E5000
Module End: 807F9000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 90607000
Module End: 9064F000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 9064F000
Module End: 90681000
Hidden: No

Module Name: C:\Windows\system32\drivers\ws2ifsl.sys
Service Name: ws2ifsl
Module Base: 90681000
Module End: 9068A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 9068A000
Module End: 906A0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 906A0000
Module End: 906AE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 906AE000
Module End: 906C1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 906C1000
Module End: 906FD000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 906FD000
Module End: 90707000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 90707000
Module End: 9071E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 9071E000
Module End: 90735000
Hidden: No

Module Name: C:\Windows\system32\drivers\LVUSBSta.sys
Service Name: LVUSBSta
Module Base: 90735000
Module End: 9073E000
Hidden: No

Module Name: C:\Windows\System32\Drivers\vm331avs.sys
Service Name: vm331avs
Module Base: 9140B000
Module End: 914F1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\STREAM.SYS
Service Name: ---
Module Base: 914F1000
Module End: 914FE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 914FE000
Module End: 9150B000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 9150B000
Module End: 91516000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 91516000
Module End: 9151E000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 9151E000
Module End: 91528000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 91528000
Module End: 91537000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 91537000
Module End: 91552000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\eamon.sys
Service Name: eamon
Module Base: 9073E000
Module End: 907FA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\epfw.sys
Service Name: epfw
Module Base: 91552000
Module End: 91575000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: AC003000
Module End: AC0B3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: AC0B3000
Module End: AC0C3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: AC0C3000
Module End: AC0ED000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: AC0ED000
Module End: AC0F7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: AC0F7000
Module End: AC10A000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: AC10A000
Module End: AC177000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: AC177000
Module End: AC194000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: AC194000
Module End: AC1AD000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: AC1AD000
Module End: AC1C2000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: AC1C2000
Module End: AC1E3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 9157D000
Module End: 9159C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 9159C000
Module End: 915D5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: AC1E3000
Module End: AC1FB000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 915D5000
Module End: 915FC000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: AE40A000
Module End: AE458000
Hidden: No

Module Name: \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
Service Name: CVPNDRVA
Module Base: AE470000
Module End: AE500000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\epfwwfp.sys
Service Name: epfwwfp
Module Base: AE500000
Module End: AE50E000
Hidden: No

Module Name: \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
Service Name: LMIInfo
Module Base: AE50E000
Module End: AE510000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
Service Name: LMIRfsDriver
Module Base: AE510000
Module End: AE51A000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: AE51A000
Module End: AE5F8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: AE400000
Module End: AE40A000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: AE458000
Module End: AE464000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 8ABC5000
Module End: 8ABDB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\LVPr2Mon.sys
Service Name: LVPr2Mon
Module Base: AE464000
Module End: AE469000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 901F6000
Module End: 901FD000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 82FE5000
Module End: 82FF0000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: DRSMITH.DFWOFFICE.COM:51504
Remote Address: LS-WTGL67F:HTTP
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: ESTABLISHED

Local Address: DRSMITH.DFWOFFICE.COM:51488
Remote Address: OFFICE-PC:NETBIOS-SSN
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DRSMITH.DFWOFFICE.COM:51487
Remote Address: OFFICE-PC:NETBIOS-SSN
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DRSMITH.DFWOFFICE.COM:51485
Remote Address: LS-WTGL67F:MICROSOFT-DS
Type: TCP
Process: System
State: ESTABLISHED

Local Address: DRSMITH.DFWOFFICE.COM:51141
Remote Address: LS-WTGL67F:MICROSOFT-DS
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DRSMITH.DFWOFFICE.COM:50595
Remote Address: APP03.LOGMEINRESCUE-ENTERPRISE.COM:HTTPS
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: ESTABLISHED

Local Address: DRSMITH.DFWOFFICE.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DRSMITH:62514
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
State: LISTENING

Local Address: DRSMITH:49481
Remote Address: LOCALHOST:5226
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
State: ESTABLISHED

Local Address: DRSMITH:49193
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: DRSMITH:49185
Remote Address: LOCALHOST:2002
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
State: ESTABLISHED

Local Address: DRSMITH:49166
Remote Address: LOCALHOST:1655
Type: TCP
Process: C:\Program Files\Novosoft\FilesAnywhere\hbagent.exe
State: ESTABLISHED

Local Address: DRSMITH:49165
Remote Address: LOCALHOST:1655
Type: TCP
Process: C:\Program Files\Novosoft\FilesAnywhere\hbagent.exe
State: ESTABLISHED

Local Address: DRSMITH:49164
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Novosoft\FilesAnywhere\hbagent.exe
State: LISTENING

Local Address: DRSMITH:49163
Remote Address: LOCALHOST:49162
Type: TCP
Process: C:\Program Files\Novosoft\FilesAnywhere\hbagent.exe
State: ESTABLISHED

Local Address: DRSMITH:49162
Remote Address: LOCALHOST:49163
Type: TCP
Process: C:\Program Files\Novosoft\FilesAnywhere\hbagent.exe
State: ESTABLISHED

Local Address: DRSMITH:49159
Remote Address: LOCALHOST:49158
Type: TCP
Process: C:\Program Files\Novosoft\FilesAnywhere\BackupNetworkCoordinator.exe
State: ESTABLISHED

Local Address: DRSMITH:49158
Remote Address: LOCALHOST:49159
Type: TCP
Process: C:\Program Files\Novosoft\FilesAnywhere\BackupNetworkCoordinator.exe
State: ESTABLISHED

Local Address: DRSMITH:27015
Remote Address: LOCALHOST:49193
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: DRSMITH:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: LISTENING

Local Address: DRSMITH:12348
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Hide My IP\HideMyIpSrv.exe
State: LISTENING

Local Address: DRSMITH:12346
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Hide My IP\HideMyIpSrv.exe
State: LISTENING

Local Address: DRSMITH:12344
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Hide My IP\HideMyIpSrv.exe
State: LISTENING

Local Address: DRSMITH:8118
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
State: LISTENING

Local Address: DRSMITH:8005
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: LISTENING

Local Address: DRSMITH:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: DRSMITH:5226
Remote Address: LOCALHOST:49481
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: ESTABLISHED

Local Address: DRSMITH:2002
Remote Address: LOCALHOST:49185
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: ESTABLISHED

Local Address: DRSMITH:1655
Remote Address: LOCALHOST:49166
Type: TCP
Process: C:\Program Files\Novosoft\FilesAnywhere\BackupNetworkCoordinator.exe
State: ESTABLISHED

Local Address: DRSMITH:1655
Remote Address: LOCALHOST:49165
Type: TCP
Process: C:\Program Files\Novosoft\FilesAnywhere\BackupNetworkCoordinator.exe
State: ESTABLISHED

Local Address: 10.10.102.252:50115
Remote Address: YX-IN-F113.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
State: CLOSE_WAIT

Local Address: DRSMITH:49172
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: DRSMITH:49161
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: DRSMITH:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\spoolsv.exe
State: LISTENING

Local Address: DRSMITH:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: DRSMITH:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: DRSMITH:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: DRSMITH:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: DRSMITH:8019
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
State: LISTENING

Local Address: DRSMITH:8008
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: LISTENING

Local Address: DRSMITH:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DRSMITH:5226
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: LISTENING

Local Address: DRSMITH:5225
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: LISTENING

Local Address: DRSMITH:2002
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: LISTENING

Local Address: DRSMITH:1655
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Novosoft\FilesAnywhere\BackupNetworkCoordinator.exe
State: LISTENING

Local Address: DRSMITH:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DRSMITH:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: DRSMITH.DFWOFFICE.COM:63181
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DRSMITH.DFWOFFICE.COM:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: DRSMITH.DFWOFFICE.COM:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DRSMITH.DFWOFFICE.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DRSMITH.DFWOFFICE.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DRSMITH:63182
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DRSMITH:62514
Remote Address: NA
Type: UDP
Process: C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
State: NA

Local Address: DRSMITH:50858
Remote Address: NA
Type: UDP
Process: C:\Program Files\Webroot\Washer\wwDisp.exe
State: NA

Local Address: DRSMITH:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DRSMITH:52191
Remote Address: NA
Type: UDP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: NA

Local Address: DRSMITH:49155
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DRSMITH:49153
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: DRSMITH:49152
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\spoolsv.exe
State: NA

Local Address: DRSMITH:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DRSMITH:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DRSMITH:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DRSMITH:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DRSMITH:MS-SQL-M
Remote Address: NA
Type: UDP
Process: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
State: NA

Local Address: DRSMITH:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DRSMITH:162
Remote Address: NA
Type: UDP
Process: C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
State: NA

Local Address: DRSMITH:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\_restore{B03471AF-A6C2-4FA2-9425-A940B9A412FC}
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied


Thanks,

Mark
  • 0

#24
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A black window will open on your desktop
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in your reply.

  • 0

#25
mark smith

mark smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Hi,

Please download MBRCheck.exe to your desktop.

  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A black window will open on your desktop
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in your reply.



Here we go:

MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Unknown MBR code





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Done! Press ENTER to exit...
  • 0

Advertisements


#26
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

  • Run MBRCheck again.
  • When prompted, enter Y for more options
  • Then enter 1 to dump the MBR of a physical disk to file
  • When you are prompted Enter the physical disk number to fix (0-99, -1 to cancel):, enter 0.
  • Name the dumped file as Dump.dat
  • Enter -1 to exit

A log file named "dump.dat" will be located in the same folder as MBRCheck was saved. Please zip it up and attach in your next reply.
  • 0

#27
mark smith

mark smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Hi,

  • Run MBRCheck again.
  • When prompted, enter Y for more options
  • Then enter 1 to dump the MBR of a physical disk to file
  • When you are prompted Enter the physical disk number to fix (0-99, -1 to cancel):, enter 0.
  • Name the dumped file as Dump.dat
  • Enter -1 to exit

A log file named "dump.dat" will be located in the same folder as MBRCheck was saved. Please zip it up and attach in your next reply.


Here you go!!

Thanks

Attached Files

  • Attached File  dump.zip   500bytes   78 downloads

  • 0

#28
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Run OTL

  • Under the Custom Scans/Fixes box paste this in the following.


    netsvcs
    drivers32 /all
    activex
    msconfig
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles /all
    %systemroot%\system32\drivers\*.sys /90 /md5
    %systemroot%\Tasks\*.job
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Under Extra Registry select Use Safelist
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

#29
mark smith

mark smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here's OTL.txt:

OTL logfile created on: 7/27/2010 2:47:53 PM - Run 4
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.38 Gb Total Space | 77.02 Gb Free Space | 33.43% Space Free | Partition Type: NTFS
Drive D: | 1023.99 Mb Total Space | 987.05 Mb Free Space | 96.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRSMITH
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Users\Mark\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mview.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mui.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2msessioncontrol.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mQandA.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mpolling.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mfeedback.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mchat.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe (Memeo Inc.)
PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\Siber Systems\GoodSync\GoodSync.exe ()
PRC - C:\Program Files\Novosoft\FilesAnywhere\hbagent.exe (Novosoft LLC)
PRC - C:\Program Files\Novosoft\FilesAnywhere\BackupNetworkCoordinator.exe (Novosoft LLC)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Hide My IP\HideMyIpSrv.exe ()
PRC - C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe (Livescribe)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
PRC - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
PRC - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe (Digital Business Processes)
PRC - C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
PRC - C:\Program Files\ScottradeELITE\ScottradeELITEClientUpdater.exe (TODO: <Company name>)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
PRC - C:\Windows\VM331_STI.EXE (Vimicro)
PRC - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe ()
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
PRC - C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
PRC - C:\Windows\System32\brss01a.exe (brother Industries Ltd)
PRC - C:\Windows\System32\o2flash.exe (O2Micro International)
PRC - C:\Windows\System32\brsvc01a.exe (brother Industries Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\Mark\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\temp\logishrd\LVPrcInj01.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Handy Backup Service for Mark) -- C:\Program Files\Novosoft\FilesAnywhere\hbagent.exe (Novosoft LLC)
SRV - (NovosoftBackupNetworkCoordinator) -- C:\Program Files\Novosoft\FilesAnywhere\BackupNetworkCoordinator.exe (Novosoft LLC)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP\HideMyIpSrv.exe ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (MSSQL$NR2007) SQL Server (NR2007) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (PenCommService) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe (Livescribe)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (NasPmService) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
SRV - (NeatReceipts Database Controller) -- C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe (Digital Business Processes)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UpdateNaviInstallService) -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe (FUJITSU LIMITED)
SRV - (O2Flash) -- C:\Windows\System32\o2flash.exe (O2Micro International)
SRV - (Brother XP spl Service) -- C:\Windows\System32\brsvc01a.exe (brother Industries Ltd)


========== Driver Services (SafeList) ==========

DRV - (uti1nji2) -- C:\Windows\System32\drivers\uti1nji2.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (Epfwndis) -- C:\Windows\System32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\Windows\System32\drivers\eamon.sys (ESET)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (dfmirage) -- C:\Windows\System32\drivers\dfmirage.sys (DemoForge, LLC)
DRV - (PulseUsb) -- C:\Windows\System32\drivers\PulseUsb.sys (Windows ® Codename Longhorn DDK provider)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LVUVC) Logitech QuickCam Fusion(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (csco21) -- C:\Windows\System32\drivers\csco21v.sys (Cisco.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (mf) -- C:\Windows\System32\drivers\mf.sys (Microsoft Corporation)
DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()
DRV - (FJGSDisk) -- C:\Windows\system32\DRIVERS\FJGSDisk.sys (FUJITSU LIMITED)
DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrSSweep.sys (Webroot Software Inc (www.webroot.com))
DRV - (vm331avs) -- C:\Windows\System32\drivers\vm331avs.sys (Vimicro Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (USBAVCap) -- C:\Windows\System32\drivers\USBAVCap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (ACGPRS) -- C:\Windows\System32\drivers\acgprs.sys (Sierra Wireless Inc.)
DRV - (swivsp) -- C:\Windows\System32\drivers\swivspnt.sys (Sierra Wireless Inc.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (FUJ02E3) -- C:\Windows\System32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (FUJ02B1) -- C:\Windows\System32\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (FBIOSDRV) -- C:\Windows\system32\drivers\FBIOSDRV.SYS (FUJITSU LIMITED)
DRV - (HPPLSBULK) -- C:\Windows\System32\drivers\hpplsbulk.sys (Hewlett Packard)
DRV - (ADVNTDRV) -- C:\Windows\System32\drivers\ADVNTDRV.SYS (FUJITSU LIMITED.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {63b70e6a-ea9d-4de2-8166-d6c4308099ee}:2.0.1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.7
FF - prefs.js..extensions.enabledItems: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}:1.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.18
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.8
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}:1.1.6
FF - prefs.js..extensions.enabledItems: {2204c510-88f3-11db-b606-0800200c9a66}:1.7.113
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/01/03 11:45:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/20 23:00:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 15:28:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/08/12 11:55:26 | 000,000,000 | ---D | M]

[2009/12/11 13:04:59 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions
[2009/09/09 21:12:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2009/07/15 10:18:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/08/10 22:30:06 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/07/27 13:41:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions
[2010/04/27 12:53:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/11 23:41:17 | 000,000,000 | ---D | M] (Elasticfox) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\{2204c510-88f3-11db-b606-0800200c9a66}
[2009/12/11 13:32:55 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/07/03 08:21:21 | 000,000,000 | ---D | M] (Affiliate Espionage) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\{63b70e6a-ea9d-4de2-8166-d6c4308099ee}
[2010/01/09 23:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
[2010/06/11 21:08:18 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/04/22 13:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/07/18 21:07:24 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/18 06:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
[2010/06/24 11:17:38 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\[email protected]
[2010/07/03 08:21:39 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\[email protected]
[2010/01/30 22:16:39 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\[email protected]
[2010/07/11 23:41:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\[email protected]
[2010/06/18 09:31:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\[email protected]
[2010/06/11 21:08:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\[email protected]
[2010/06/11 21:08:25 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\0z074r8e.default\extensions\[email protected]
[2010/07/27 13:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 15:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/03/09 22:19:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/03/05 16:17:53 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/07/23 15:27:51 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/06/30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/07/20 20:41:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (ImageShack Toolbar) - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [331BigDog] C:\Windows\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LDTray] C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe ()
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [StatsJunkyApp] C:\Program Files\StatsJunky\StatsJunky.exe (Sublime Technologies, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Handy Backup] C:\Program Files\Novosoft\FilesAnywhere\hbagent.exe (Novosoft LLC)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [LDTray] C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MmDesignPartner.exe] C:\Program Files\Mindjet\MindManager 8\MmDesignPartner.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SEO Elite] C:\Program Files\SEO Elite 4\SEO Elite 4.exe (Bryxen Software)
O4 - HKCU..\Run: [Soonr] C:\Program Files\Soonr\Soonr Desktop Client\SoonrClient.exe (Soonr, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKCU..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe (Webroot Software, Inc.)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe ()
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Post Image to Blog - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Tag This Image - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: Transload Image to ImageShack - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: Upload All Images to ImageShack - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: Upload Image to ImageShack - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O15 - HKCU\..Trusted Domains: soonr.com ([vip] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soonr.com ([www.vip] http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...0/uploader2.cab (UploadListView Class)
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} http://toolbar.image...hackToolbar.cab (ImageShack Toolbar)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {975F9329-0F5F-48D2-ADF8-AEFB19DEFB5F} https://meeting.zoho...login/Agent.jsp (ZohoMeeting Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://midasplus.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: BM https://10.28.92.19/...huremachine.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/18 21:41:58 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{48ddbf62-4be9-11de-83cf-001742918c16}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{48ddbf62-4be9-11de-83cf-001742918c16}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/01/03 15:21:13 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/27 14:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2010/07/27 14:30:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\{C0B133B8-33F7-401B-A331-5780D8F885A9}
[2010/07/26 14:48:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\SysProt
[2010/07/26 09:36:03 | 000,472,064 | ---- | C] ( ) -- C:\Users\Mark\Desktop\RootRepeal.exe
[2010/07/25 22:11:21 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\GooredFix Backups
[2010/07/23 15:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/23 15:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/23 15:28:16 | 000,423,656 | ---- | C] (Oracle) -- C:\Windows\System32\deployJava1.dll
[2010/07/23 15:28:16 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\System32\javaws.exe
[2010/07/23 15:28:16 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\javaw.exe
[2010/07/23 15:28:16 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\java.exe
[2010/07/22 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\avz4
[2010/07/22 14:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/07/20 20:47:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/20 17:34:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/20 17:34:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp
[2010/07/20 17:20:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/07/20 17:20:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/19 14:13:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/19 14:13:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/19 14:13:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/19 14:13:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/19 12:41:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/19 12:39:03 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2010/07/18 21:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/07/18 21:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/17 07:59:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/07/17 07:56:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010/07/17 07:56:36 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010/07/17 07:56:36 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010/07/17 07:56:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010/07/17 07:56:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010/07/17 07:56:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010/07/17 07:56:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010/07/17 07:56:32 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010/07/17 07:56:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010/07/17 07:56:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010/07/17 07:56:32 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010/07/17 07:56:25 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010/07/17 07:56:25 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010/07/17 07:56:25 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010/07/17 07:56:24 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010/07/17 07:56:24 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010/07/15 19:47:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Template
[2010/07/13 18:27:18 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\web2mayhem
[2010/07/12 20:16:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\AIMLogger
[2010/07/05 22:43:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\outsourcing templates
[2010/07/04 13:22:44 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Virus Malware removal
[2010/07/04 13:01:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/02 16:10:26 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/07/02 16:10:26 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/07/02 16:10:26 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/30 20:07:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\StreamTorrent
[2010/06/29 20:45:50 | 000,000,000 | ---D | C] -- C:\Windows\Stock Assault 2.0 Demo
[2010/06/28 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\epic traffic systems

========== Files - Modified Within 30 Days ==========

[2010/07/27 14:46:31 | 004,718,592 | ---- | M] () -- C:\Users\Mark\NTUSER.DAT
[2010/07/27 14:35:10 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet MindManager 8.lnk
[2010/07/27 14:34:06 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3836782008-864910501-2179325550-1001UA.job
[2010/07/27 14:28:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/27 13:58:09 | 000,000,500 | ---- | M] () -- C:\Users\Mark\Desktop\dump.zip
[2010/07/27 13:56:20 | 000,000,512 | ---- | M] () -- C:\Users\Mark\Desktop\dump.dat
[2010/07/27 13:28:25 | 000,055,296 | ---- | M] () -- C:\Users\Mark\Desktop\MBRCheck.exe
[2010/07/27 13:22:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/27 12:55:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 12:55:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 12:11:37 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C888D4A1-2F47-472F-A226-158D3A3FBBE1}.job
[2010/07/27 08:01:12 | 000,072,080 | ---- | M] () -- C:\Users\Mark\g2mdlhlpx.exe
[2010/07/26 21:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/26 20:41:50 | 000,008,568 | ---- | M] () -- C:\Users\Mark\Documents\DMPN Quality Review July 2010 No Key.xlsx
[2010/07/26 20:34:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3836782008-864910501-2179325550-1001Core.job
[2010/07/26 20:10:42 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\next.job
[2010/07/26 09:36:12 | 000,472,064 | ---- | M] ( ) -- C:\Users\Mark\Desktop\RootRepeal.exe
[2010/07/26 08:50:43 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/07/26 08:49:02 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/07/26 08:48:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/26 08:48:17 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/26 08:48:15 | 264,354,443 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/25 22:01:41 | 000,524,288 | -HS- | M] () -- C:\Users\Mark\NTUSER.DAT{bfc6f1b3-dd93-11dd-914a-001742918c16}.TMContainer00000000000000000001.regtrans-ms
[2010/07/25 22:01:41 | 000,065,536 | -HS- | M] () -- C:\Users\Mark\NTUSER.DAT{bfc6f1b3-dd93-11dd-914a-001742918c16}.TM.blf
[2010/07/24 22:10:00 | 001,491,787 | ---- | M] () -- C:\Users\Mark\Documents\authoritycodes.pdf
[2010/07/24 17:13:20 | 000,002,593 | ---- | M] () -- C:\Users\Mark\Desktop\Tube Automator.lnk
[2010/07/23 15:27:49 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\System32\javaws.exe
[2010/07/23 15:27:49 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\javaw.exe
[2010/07/23 15:27:49 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\java.exe
[2010/07/23 15:27:48 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\System32\deployJava1.dll
[2010/07/23 15:15:43 | 004,386,994 | -H-- | M] () -- C:\Users\Mark\AppData\Local\IconCache.db
[2010/07/23 14:05:54 | 000,000,370 | ---- | M] () -- C:\Windows\win.ini
[2010/07/23 07:59:55 | 000,939,356 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/23 07:59:55 | 000,771,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/23 07:59:55 | 000,167,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/22 21:50:44 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\uti1nji2.sys
[2010/07/22 21:44:28 | 000,797,016 | ---- | M] () -- C:\Users\Mark\Documents\making_piles_of_cash.pdf
[2010/07/22 14:46:49 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/07/22 13:50:13 | 000,848,092 | ---- | M] () -- C:\Users\Mark\Documents\legal-handbook.zip
[2010/07/22 12:17:43 | 002,250,034 | ---- | M] () -- C:\Users\Mark\Documents\5_steps_to_10k.pdf
[2010/07/20 23:47:32 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/20 20:41:59 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/20 20:41:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/19 15:54:40 | 003,738,829 | R--- | M] () -- C:\Users\Mark\Desktop\ComboFix.exe
[2010/07/18 19:47:27 | 000,150,016 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 20:35:25 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2010/07/15 19:48:38 | 000,000,240 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\wklnhst.dat
[2010/07/15 19:48:37 | 000,014,872 | ---- | M] () -- C:\Users\Mark\Desktop\Stock trading seminar.docx
[2010/07/14 11:48:01 | 000,000,977 | ---- | M] () -- C:\Users\Mark\Documents\ChatLog Automated Algorithmic Trading 2_0 _ Harness the Power of Code_Free Automation in Your Trading 2010_07_14 11_48.rtf
[2010/07/13 12:24:11 | 000,065,769 | ---- | M] () -- C:\Users\Mark\Documents\scalp discussion 07132010.html
[2010/07/10 08:28:41 | 000,065,103 | ---- | M] () -- C:\Users\Mark\Documents\Zero_2_Hero_Secret_Budget_Guide.pdf
[2010/07/02 21:57:07 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/07/02 17:03:57 | 000,000,089 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/07/02 08:32:34 | 000,002,037 | ---- | M] () -- C:\Users\Mark\Desktop\Google Chrome.lnk
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2010/06/29 21:02:56 | 007,745,878 | ---- | M] () -- C:\Users\Mark\Documents\Package2135.zip

========== Files Created - No Company Name ==========

[2010/07/27 14:35:10 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet MindManager 8.lnk
[2010/07/27 13:58:09 | 000,000,500 | ---- | C] () -- C:\Users\Mark\Desktop\dump.zip
[2010/07/27 13:56:20 | 000,000,512 | ---- | C] () -- C:\Users\Mark\Desktop\dump.dat
[2010/07/27 13:28:32 | 000,055,296 | ---- | C] () -- C:\Users\Mark\Desktop\MBRCheck.exe
[2010/07/27 08:01:12 | 000,072,080 | ---- | C] () -- C:\Users\Mark\g2mdlhlpx.exe
[2010/07/26 20:41:49 | 000,008,568 | ---- | C] () -- C:\Users\Mark\Documents\DMPN Quality Review July 2010 No Key.xlsx
[2010/07/26 08:48:15 | 264,354,443 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/24 22:10:00 | 001,491,787 | ---- | C] () -- C:\Users\Mark\Documents\authoritycodes.pdf
[2010/07/22 21:50:30 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\uti1nji2.sys
[2010/07/22 21:44:28 | 000,797,016 | ---- | C] () -- C:\Users\Mark\Documents\making_piles_of_cash.pdf
[2010/07/22 14:46:49 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/07/22 13:50:12 | 000,848,092 | ---- | C] () -- C:\Users\Mark\Documents\legal-handbook.zip
[2010/07/22 12:17:43 | 002,250,034 | ---- | C] () -- C:\Users\Mark\Documents\5_steps_to_10k.pdf
[2010/07/19 19:04:06 | 3211,186,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/19 14:13:34 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/19 14:13:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/19 14:13:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/19 14:13:34 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/19 14:13:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/19 12:39:36 | 003,738,829 | R--- | C] () -- C:\Users\Mark\Desktop\ComboFix.exe
[2010/07/17 07:56:26 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/07/17 07:56:26 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/07/17 07:56:26 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/07/15 20:35:25 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2010/07/15 19:48:31 | 000,014,872 | ---- | C] () -- C:\Users\Mark\Desktop\Stock trading seminar.docx
[2010/07/15 19:47:29 | 000,000,240 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\wklnhst.dat
[2010/07/14 11:48:01 | 000,000,977 | ---- | C] () -- C:\Users\Mark\Documents\ChatLog Automated Algorithmic Trading 2_0 _ Harness the Power of Code_Free Automation in Your Trading 2010_07_14 11_48.rtf
[2010/07/13 12:24:11 | 000,065,769 | ---- | C] () -- C:\Users\Mark\Documents\scalp discussion 07132010.html
[2010/07/10 08:28:41 | 000,065,103 | ---- | C] () -- C:\Users\Mark\Documents\Zero_2_Hero_Secret_Budget_Guide.pdf
[2010/06/29 21:02:48 | 007,745,878 | ---- | C] () -- C:\Users\Mark\Documents\Package2135.zip
[2010/02/19 13:56:26 | 000,000,263 | ---- | C] () -- C:\Windows\ContentComposer.ini
[2009/10/07 08:54:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 22:02:05 | 000,000,649 | ---- | C] () -- C:\Windows\CCSiteBuilder.ini
[2009/09/16 21:59:07 | 000,000,023 | ---- | C] () -- C:\Windows\ovcs.ini
[2009/09/16 21:51:14 | 000,000,970 | ---- | C] () -- C:\Windows\ccinst.ini
[2009/08/13 14:39:55 | 000,000,077 | ---- | C] () -- C:\Windows\ccsbinst.ini
[2009/08/04 13:09:58 | 000,000,635 | ---- | C] () -- C:\Windows\aasinst.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/02 13:04:56 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/03/23 15:04:45 | 000,000,089 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/03/05 13:08:12 | 000,051,392 | ---- | C] () -- C:\Windows\System32\drivers\atnt40k.sys
[2009/02/16 20:36:16 | 000,000,074 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009/02/11 11:36:07 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/01/06 23:10:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2008/12/31 08:57:55 | 000,000,463 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/12/31 08:57:55 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2008/12/31 08:57:55 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/12/31 08:54:53 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/12/31 08:54:53 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/12/31 08:40:52 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/12/31 08:40:51 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/12/31 08:14:23 | 000,026,760 | R--- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/07/26 15:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/07/26 09:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/03/11 22:50:02 | 000,013,308 | ---- | C] () -- C:\Windows\UN060501.INI
[2008/03/10 15:23:58 | 000,004,697 | ---- | C] () -- C:\Windows\UN080307.INI
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/01/31 04:18:36 | 000,005,404 | ---- | C] () -- C:\Windows\UN070209.INI
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/11/26 20:28:43 | 000,001,126 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2007/11/26 20:28:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/11/26 20:28:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/11/26 20:28:19 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/11/26 20:28:19 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/11/26 20:28:19 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/11/26 20:28:14 | 000,002,088 | ---- | C] () -- C:\Windows\System32\FJSaver.ini
[2007/11/08 16:32:08 | 000,015,360 | ---- | C] () -- C:\Windows\System32\GetInst32.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/02/03 12:31:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\compJNI.dll
[2004/08/20 08:02:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\PMLJNI.dll
[2001/07/07 05:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2001/03/28 13:37:14 | 000,000,033 | ---- | C] () -- C:\Windows\hppcap.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/10 11:33:30 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/01/18 21:41:58 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/11/07 18:31:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/07/20 20:49:01 | 000,035,273 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010/07/16 14:01:18 | 000,000,000 | ---- | M] () -- C:\foo.txt
[2009/01/02 15:09:50 | 000,000,115 | ---- | M] () -- C:\FtpCmd.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/07/26 08:48:17 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/04/28 14:21:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/15 22:48:24 | 000,000,367 | -H-- | M] () -- C:\IPH.PH
[2009/12/25 16:33:14 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2009/04/28 14:21:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/26 08:48:15 | 3524,984,832 | -HS- | M] () -- C:\pagefile.sys
[2010/04/28 18:49:34 | 000,000,265 | ---- | M] () -- C:\RecorderSDKLog.txt
[2009/02/15 00:49:37 | 000,013,639 | ---- | M] () -- C:\results_p5_0.bin
[2009/02/15 22:43:28 | 000,081,365 | ---- | M] () -- C:\results_p5_1.bin
[2009/02/17 00:59:55 | 000,096,482 | ---- | M] () -- C:\results_p5_2.bin
[2009/02/17 21:14:29 | 000,143,368 | ---- | M] () -- C:\results_p5_3.bin
[2009/02/24 18:19:14 | 000,165,241 | ---- | M] () -- C:\results_p5_4.bin
[2009/08/17 23:14:21 | 000,001,864 | ---- | M] () -- C:\run1.txt
[2010/07/04 13:18:02 | 000,061,274 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_04.07.2010_13.17.19_log.txt
[2010/07/19 14:10:24 | 000,061,274 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_19.07.2010_14.09.50_log.txt
[2009/10/14 09:32:39 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2009/09/04 11:04:07 | 011,556,864 | ---- | M] () -- C:\vpnclient-win-msi-5.0.05.0290-k9.exe

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/11 15:11:01 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/09 01:00:00 | 000,026,364 | ---- | M] (Brother Industries ,Ltd ) -- C:\Windows\System32\spool\prtprocs\w32x86\brmfpp1.dll
[2007/01/25 14:24:04 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4wm.dll
[2007/03/15 15:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2010/06/09 21:10:52 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\LMIproc.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2008/12/15 15:31:18 | 041,179,643 | ---- | M] () -- C:\Windows\Fujitsu A Series Retail Demo.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/01/03 15:30:45 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2010/06/14 15:44:23 | 000,000,000 | ---- | M] () -- C:\Program Files\StatsJunkyRunDiagnostics.txt
[2009/05/26 20:08:11 | 001,249,905 | ---- | M] () -- C:\Program Files\ZohoMeeting.zip

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles /all >

< %systemroot%\system32\drivers\*.sys /90 /md5 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) MD5=67B48A903430C6D4FB58CBACA1866601 -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) MD5=C7DD7D9739785BD3A6B8499EEC1DEE7E -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/22 21:50:44 | 000,007,168 | ---- | M] () MD5=524D8D450622DB4A7875B111C299A76B -- C:\Windows\System32\drivers\uti1nji2.sys

< %systemroot%\Tasks\*.job >
[2010/07/26 08:49:02 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/07/26 21:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/07/27 14:28:02 | 000,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010/07/26 20:34:00 | 000,000,852 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836782008-864910501-2179325550-1001Core.job
[2010/07/27 14:34:06 | 000,000,904 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836782008-864910501-2179325550-1001UA.job
[2010/07/26 20:10:42 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\next.job
[2010/07/27 12:11:37 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C888D4A1-2F47-472F-A226-158D3A3FBBE1}.job

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 02:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 04:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-17 13:00:30
< End of report >



and here's extras.txt:

OTL Extras logfile created on: 7/27/2010 2:47:53 PM - Run 4
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.38 Gb Total Space | 77.02 Gb Free Space | 33.43% Space Free | Partition Type: NTFS
Drive D: | 1023.99 Mb Total Space | 987.05 Mb Free Space | 96.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRSMITH
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{479B6292-910C-40BA-B07C-1D29B972530F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5553532C-8F2A-406C-BA73-640161809EB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6626DE76-E7B2-40D2-8DB2-031999604C68}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76D4A79E-D342-4024-B41A-B359C9DF6CBF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{96823C29-EA2C-4CCD-B843-24A19E50E83D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BB71EC4F-13C6-4C98-AEBD-17ACDE77FDF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC831A01-61AB-4EB5-82E8-EC6519E6967F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F123B225-BD68-4B55-B1B4-73FC94AD308F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FFA59949-E5F7-4728-A4A6-700B4E3AC224}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CD1361-FBE0-4565-AB3D-905C000305BB}" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{0D57C135-6B1B-42F1-AFCC-A98ADF0128F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D92A61B-C1DB-4408-B8C5-35E4755EE63F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0E337C51-0901-43A5-BAC0-569A411028BA}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{0F8DF642-FFF7-4AE4-AD49-3E568AE747C9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{124825B1-324A-4569-B243-415587D181BE}" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1A69AD43-2243-49C7-B666-19B5DFB1C3F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27958B85-C4E2-48D1-AD88-F151B4287149}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{28FE83A1-AFAC-497F-AA4C-09E3BD1D30D8}" = dir=in | app=c:\program files\dimdim\plugin\application\dimdim.exe |
"{2C16AD22-ADF4-4AD7-BB26-0685AA869D0C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E3A390E-BE2D-42BA-BFBF-56F8B43B2B0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35E1A291-D5BB-4BA3-B453-E677C484AD2F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{373D6A1F-EA30-4072-BA53-D62AA114488C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39B3418F-B1BA-4F18-8069-EA139DFD4CB5}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{3AECE500-2EBF-4C25-9959-30AEACB50861}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4056D3E3-AF6B-4A99-8971-AB91092805B3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{433DC85C-601C-4A2C-87B5-EC2E0D7B1F9B}" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{43E9C444-0734-4EE8-BE30-3F78AF9ED37F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{44765625-14D6-4D98-826F-4E3027B80879}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4CF59070-E4C9-4BD7-A1B5-35BF787BBCF4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4D52A68F-C11C-4A3F-9FF1-B23AD274C48E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E3CC04A-03CB-4055-BDE9-5CBD04E8C6AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{581A24DF-1302-40FA-BF34-483037C857D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BAB1D3D-687C-4494-B8EC-910411F93E05}" = dir=in | app=c:\program files\dimdim\plugin\application\myscreen.exe |
"{5BCE6FEA-DF4D-4A0D-9756-30AA79C58E6E}" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{5CA00033-A5A3-4B5A-AC00-9555520AAF96}" = protocol=6 | dir=in | app=c:\programdata\f101046\msf101.exe |
"{5DEE0BF2-5707-4E0D-ACCD-2ADB0A3A8F29}" = protocol=17 | dir=in | app=c:\programdata\f101046\msf101.exe |
"{5E877265-1B13-4217-BB9B-BE11CEC9D0CA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{62DED174-B7F9-4C0A-933E-65595E641782}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"{665FD93E-7324-4663-AF72-E667E47CAD71}" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{74F24F5A-562D-4FC8-9A18-5C94B917B2A7}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"{774C3EA0-EF58-4A9B-A0F0-F993261A4E0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78AEA5F5-24F1-4D9C-A177-C757B023E13A}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{7C22AFBA-55D5-404C-BCF5-4FD63D0B418F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D58D1C2-37A9-46F0-BAA3-D86611B32DB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88828402-CFD7-4163-ACF8-857FA94A003C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B6565BF-C1C8-4A03-8A7D-C49F7DA59E29}" = dir=in | app=c:\program files\dimdim\plugin\application\dimdim.exe |
"{8F56412C-7A9D-45EA-8AB0-BA6B0F4C765A}" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{92F33CAA-C5F8-4767-86EF-49286A3D044C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{942EFE22-18DC-48E7-BD6B-2F6AA7719A88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{975637CC-66BD-46AC-853A-70860CFFF02F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A421ED5-DE0D-4D99-95AC-776D5026FF96}" = dir=in | app=c:\programdata\dimdim\updater\next.exe |
"{9B182796-0F20-469C-8EED-FB2C5B3838B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BF1C7EF-4203-472E-B4E7-7F19DA931767}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C163146-67F2-469E-A2C3-F7C4AC8734E7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9CE13E72-5551-4FCC-A63E-AA5762B5E13F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A64D4E42-9945-4AAD-9581-EE1F0477B182}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{AB552BEE-4F58-4E59-80DB-4807C02C4B90}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{ABB347BF-A8B5-4E15-A618-F66B754DAE04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD3CB40A-758F-4B89-B79F-8261800476DB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AD77EF22-7F16-4E77-81C4-97AE46C4E3EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3BFC62D-9147-4EED-978F-CD9310AFAA38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3F51982-AC1E-4C28-969A-69A80CE678BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B75432E2-7147-4161-9CF2-8ECEF0594495}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8405AFA-E785-41D1-B22B-D44AC670BDCA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B8E8C3F5-B279-453F-802A-1EE9BA604566}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B99AF15A-5F73-451D-9070-4719E8553F4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA53F53C-DDAA-492E-BD05-481E202D4E23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC68B76F-2162-4392-B649-25C31410DDF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD935BAA-34DC-49EE-911F-3EA59EA5EBD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6E35080-9CF1-445C-8B3C-A413652411C2}" = dir=in | app=c:\program files\dimdim\plugin\application\myscreen.exe |
"{C77321B6-F20F-4D55-A475-D5EA3C260875}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA65EFBE-0AD5-4A03-A5FF-05755DB4AFE6}" = dir=in | app=c:\programdata\dimdim\updater\next.exe |
"{CB628F17-0465-4B89-8783-3E119AB71433}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB734988-83FC-47BB-B26A-3A40F9651626}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC0BA867-C8E4-4950-A2CC-64D9CAF4A37E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE9BBD3D-78DF-4787-BEC4-8AF8AE082064}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{CFABA4F1-C916-4EAC-9009-63A433B1DF58}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D126434C-C7F5-4478-978C-8BA3314B48DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D4BE0985-4E21-452C-9E66-8CCB383480C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6C66474-B904-46BA-B88B-516ACCF4047A}" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DA29144B-139E-4A5E-AA12-7F46D7155AE4}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{DAF84E84-AAF5-43B9-855A-DB1AE1A6F545}" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DBDA0E0D-F633-42DD-8614-949D5B7B01F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF719B36-A107-46A7-8FD2-BD580B111BCA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E058C600-7ADD-441A-9184-3B21B8D5F81A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3E8AC48-7829-4550-A3E1-55E2DD6DF7F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F43EE2C2-5026-47DF-A4A1-572AA9034A4A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F61A2622-0225-4E7F-B807-CC00873357D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB99A365-ED26-456F-A5DB-F032C6E9BAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBFA3564-8845-4FB1-8B4F-3E5DE8D6390E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0382CDB1-9E90-4334-957E-A1FEFA83E4C5}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe |
"TCP Query User{27C04753-BBEC-4780-938D-59C3020E41A4}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe |
"TCP Query User{2ABC0D49-221A-474B-8E46-81CEFD7AC237}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4ECA8F66-391B-4C7D-9934-A6E6DC6EF768}C:\program files\novosoft\filesanywhere\hbagent.exe" = protocol=6 | dir=in | app=c:\program files\novosoft\filesanywhere\hbagent.exe |
"TCP Query User{595D284A-A24C-4531-AAD2-FD8FC890775C}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{5E53865B-D421-4C19-8575-9CE889336342}C:\program files\woopra\woopra.exe" = protocol=6 | dir=in | app=c:\program files\woopra\woopra.exe |
"TCP Query User{8BB39DC9-DC3F-4BDC-A0DA-446F8CF8A96F}C:\program files\novosoft\filesanywhere\backup.exe" = protocol=6 | dir=in | app=c:\program files\novosoft\filesanywhere\backup.exe |
"TCP Query User{9233DAC0-BD88-428C-9F68-33B84708A72E}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"TCP Query User{A67DEC91-241F-4CCE-9200-64B55EFFA1DC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B17437F8-DBC9-4FF3-BE4D-F413018E4771}C:\program files\novosoft\filesanywhere\hbagent.exe" = protocol=6 | dir=in | app=c:\program files\novosoft\filesanywhere\hbagent.exe |
"TCP Query User{B5249629-DEED-4622-9045-A340097BD42D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EBA056BF-FECB-42FE-81E0-26136DCD2C5C}C:\program files\woopra\woopra.exe" = protocol=6 | dir=in | app=c:\program files\woopra\woopra.exe |
"UDP Query User{14E7DBBA-880C-481E-B98F-58C0734603E8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{16304272-5E06-4612-9DB1-EE3161B52436}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{41E1880E-04BF-4499-975B-A3B3DFD7D195}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe |
"UDP Query User{58FF8967-37BF-4B3A-8CC9-740FEF8EF455}C:\program files\novosoft\filesanywhere\backup.exe" = protocol=17 | dir=in | app=c:\program files\novosoft\filesanywhere\backup.exe |
"UDP Query User{8AF9F05E-4B18-4AAD-AF47-ED2D8B9CE5FC}C:\program files\woopra\woopra.exe" = protocol=17 | dir=in | app=c:\program files\woopra\woopra.exe |
"UDP Query User{AFFBB67D-4642-45CE-8C0A-0B5BA34B7F84}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"UDP Query User{AFFE5AE4-7CDB-4115-BD68-CE502E8A1B48}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B981E22E-192E-400A-9552-026208416865}C:\program files\novosoft\filesanywhere\hbagent.exe" = protocol=17 | dir=in | app=c:\program files\novosoft\filesanywhere\hbagent.exe |
"UDP Query User{C2D1D6C6-046C-4309-95C7-D69A8E084BD5}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{D832BCC0-95A2-4201-862A-C56ED910F46A}C:\program files\woopra\woopra.exe" = protocol=17 | dir=in | app=c:\program files\woopra\woopra.exe |
"UDP Query User{E09690CB-4136-4373-AB90-10DB934C94B9}C:\program files\novosoft\filesanywhere\hbagent.exe" = protocol=17 | dir=in | app=c:\program files\novosoft\filesanywhere\hbagent.exe |
"UDP Query User{E21947ED-3088-4470-A804-C1BF4B2F575C}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0236C1B8-A699-4A8F-9121-36B41FFDB33A}" = Mindjet MindManager 8
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0B023593-E50E-4B7F-868A-68553D8DFAF5}" = hppscan2800
"{0BEA216B-D17C-47E1-A932-0289D54F35F1}" = hppScanTo
"{0CAB4649-323C-4F20-B889-EFCF9E86DBAD}" = EVO2
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0FA9A7F0-B2B3-52C9-2034-5F28C9DB525C}" = TweetDeck
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1CC340A6-E2E8-4986-B4F6-300055258684}" = Aventail OnDemand Proxy Agent
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (NR2007)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2F471509-1144-4997-8E22-6F19496723BA}" = hppTLBX2840Help
"{3312E45D-23DB-506E-C4C1-C2E284541924}" = Yahoo! Search Marketing Desktop
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E8DD348-4174-4fe8-8FDC-238AAFBD2488}" = HP Photosmart All-In-One Software 9.0
"{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}" = Cisco EAP-FAST Module
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{41219DD3-30BF-490C-ADD0-581F4B6934CC}" = KeywordCorral
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Fujitsu Driver Update
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{493A8ADD-B18F-441E-BEAF-DDB5ABC86FCE}" = PPC Kahuna
"{49E5F021-4DA5-41A3-A893-0A9564D30264}" = Jing
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53D745D9-E06F-895C-1D7D-F149605AA231}" = Market Samurai
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55FFD2A7-065B-408A-BC55-BB7958874D14}" = Ad Words Digger
"{57DA304D-27B0-40D1-A796-92CEFF20FA32}" = hppIOFiles
"{5856F90C-3D9F-4748-9FED-2C755D8CE6A9}" = CommentKahuna
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B72304B-8204-4819-ABE4-3837485D1BF8}" = hppFaxDrv
"{6CFF5E43-FDDA-CCCE-8D1F-3BA9F4BA6410}" = Domain Samurai
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B0459A-6BFB-45B4-AF97-3799B8FE8A10}" = hppTooCool
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{763BC5B6-5248-48F7-BF02-440704315335}" = Real Link Finder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"{82B2DB92-98CA-4a0e-B1BD-18B6E2D320CB}" = Memeo Backup
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D199EBB-749F-478E-B4E4-9D343A1BEB07}" = NeatReceipts Professional 3.0 Core Files
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{913EC513-5CE5-486D-8BD5-3F8CC7359516}" = Tube Automator
"{91789CDD-E83A-4186-B436-AA7A588679FD}" = NeatReceipts Database Controller
"{934B3B19-8193-467A-B356-E73F82647D38}" = Cisco LEAP Module
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9740B7F2-C98E-4805-B1E3-B3136E173002}" = StatsJunky
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98B3C6A6-0612-4430-87A3-34C46AD3BEEF}" = Cisco Aironet Installation Program
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A518D6D8-0A3F-4A91-B4B5-07AF2CDD6E57}" = ImageShack Toolbar for Internet Explorer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA86363-C01C-43F0-9420-104EECABB89A}_is1" = Image Ad Builder 0.8
"{ABB977BD-2CBF-4C4D-BB4C-AB415AA42DAA}" = Livescribe™ Desktop
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AD8CD806-45C6-4A8C-95B5-4C55778FEBEB}" = hppSendFax
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = VC0331 USB2.0 Digital Camera
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13F9676-15B9-4F5D-9FF3-C3CC56BAC641}" = hppCLJ2800
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5992112-3081-4B5C-A682-5E5C73F5D410}" = Soonr Desktop Client
"{B5B2837F-AD1F-4E98-AAD1-562E1E23FB09}" = Tweet Adder
"{B6CD9865-DE3D-4F97-8D78-525CA990E8F3}" = Lead Evolution 2.3 Elite
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8910E04-E0A0-4FC4-9E0A-E8259239F10E}" = hppTLBX2840
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BAD1449B-DF0C-4118-B76D-68C54009576C}" = Cisco PEAP Module
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BBABCFC9-6B78-446B-B560-C0D48EDDE18F}" = gSyncit
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1D8CEBB-BFEE-4E82-92E0-7579211F3ADF}" = Fujitsu Display Manager
"{C2F34782-CE15-4524-951D-75204560F75A}" = hppDustDevil
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C667F699-861A-4AB5-AC2C-A8276DCCFDA9}" = O2Micro Flash Memory Card Windows Driver
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9C641B6-DB5C-4C84-B6C9-9540388DA0DA}" = WebMeeting Plug-in
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDABF5C-A9E4-0C6D-175D-4F699D8CE49A}" = Instant Autoresponder Messages
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3E7A2A5-A059-4A44-949B-21FBD371A8B8}" = Paint.NET v3.5
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DB17CEFF-AB91-460E-8DDA-62AA0898427F}" = Sierra Wireless 3G Watcher
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2538E95-8C8D-4575-B599-681FC5A3DC15}" = StatsJunky
"{E3140540-8675-4C62-B494-122B408D7DEF}" = Lead Evolution 2.6A Elite
"{E543358B-B8E9-4759-8FF3-01722B1FC2E1}" = Handy Backup
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{ED88AD4C-EEFD-4C91-8BDE-AB9EF0648BBC}" = Sales Letters Creator
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F423FA4E-D2BC-4FE4-B8F9-1BFC26A5DE9C}" = hppManuals2800
"{F474647F-BA05-4328-858E-C8002F8A05F3}" = ImageShack Toolbar for Internet Explorer
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"A3CD60F2D5E61002E900E4A19E2CA01EFDF39B9C" = Windows Driver Package - Livescribe (PulseUsb) Image (03/19/2009 2.0.12.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AI RoboForm" = AI RoboForm (All Users)
"AIM_6" = AIM 6
"Any Video Converter_is1" = Any Video Converter 2.7.5
"Ask Toolbar_is1" = Ask Toolbar
"AVerMedia HC80 ExpressCard Hybrid ATSC" = AVerMedia HC80 ExpressCard Hybrid ATSC 1.3.0.71
"BackLinkAnalyzer v2.0-cp" = Back Link Analyzer v2.0-cp
"Blog Announcer Pro" = Blog Announcer Pro 1.0
"CC Site Builder" = CC Site Builder
"CCleaner" = CCleaner
"Cloaker Buzz_is1" = Cloaker Buzz
"com.yahoo.ysm.ycm.mainShell.view.component.CampaignManager.262B88FEA9266DFF896B0906626A983E39683A75.1" = Yahoo! Search Marketing Desktop
"Content Bully" = Content Bully
"Core FTP LE 2.1" = Core FTP LE 2.1
"DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Domain Samurai
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.3
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"Fujitsu A Series Retail Demo" = Fujitsu A Series Retail Demo
"Glary Utilities_is1" = Glary Utilities 2.19.0.800
"Google Email Uploader" = Google Email Uploader 1.1.0808.1801
"GSA Auto Website Submitter_is1" = GSA Auto Website Submitter v3.38
"HDMI" = Intel® Graphics Media Accelerator Driver
"HMIP50_is1" = Hide My IP 5.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Color LaserJet 2820/2830/2840" = HP Color LaserJet 2820/2830/2840 3.1
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HyperVRE_is1" = HyperVRE 1.8
"IAM.B19B3102B24DFB63AEB5C7A8E51709DA6F7EC00F.1" = Instant Autoresponder Messages
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{C1D8CEBB-BFEE-4E82-92E0-7579211F3ADF}" = Fujitsu Display Manager
"InstallShield_{C667F699-861A-4AB5-AC2C-A8276DCCFDA9}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"Keyword Cloud Generator_is1" = Keyword Cloud Generator 1.0.20
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Micro Niche Finder 5.0_is1" = Micro Niche Finder 5.0
"Micro Niche Finder_is1" = Micro Niche Finder
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"NeatReceipts Professional" = NeatReceipts Professional
"NicheSponder_is1" = NicheSponder
"Nvu_is1" = Nvu 1.0PR
"PDFCreator Toolbar" = PDFCreator Toolbar
"PDF-XChange 3_is1" = PDF-XChange 3
"Picasa 3" = Picasa 3
"Privoxy" = Privoxy 3.0.6
"PROR" = Microsoft Office Professional 2007
"Proxy Server Finder" = Proxy Server Finder
"ProxyFirewall_is1" = ProxyFirewall 1.0.4 Beta
"Report Viewer_is1" = Report Viewer 3.0
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"seopowersuite" = SEO SpyGlass
"Simple Sales Copy_is1" = Simple Sales Copy
"Site Profit Bot 1.0" = Site Profit Bot 1.0
"Site Profit Bot 1.1" = Site Profit Bot 1.1
"Site Sniper Pro_is1" = Site Sniper Pro 2.8
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TheBestSpinner" = TheBestSpinner
"Theme Buzz_is1" = Theme Buzz v2.01
"Tor" = Tor 0.2.1.19
"Traffic Travis_is1" = Traffic Travis 3.2.3
"Tube Thumper" = Tube Thumper
"TVAnts 1.0" = TVAnts 1.0
"Typo Buzz_is1" = Typo Buzz v2.0
"UN060501" = BUFFALO NAS Navigator
"UN070209" = Uninstall of File Security Tool
"UN080307" = BUFFALO LinkStation(LS-WTGL/R1) Setup Guide
"UnityWebPlayer" = Unity Web Player
"Veetle TV" = Veetle TV 0.9.17
"Vidalia" = Vidalia 0.1.15
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Web 2.0 Mayhem" = Web 2.0 Mayhem 0.2.0.5 Beta
"WebCEO70_is1" = Web CEO 8.1
"WebMeeting Plug-in" = WebMeeting Plug-in
"Window Washer" = Window Washer
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XHeader Bonus Download" = XHeader Bonus Download
"XSitePro2" = XSitePro2
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"2936BA206D985FAE13777719CA18A9A97FD3533C" = Microsoft Advertising Intelligence
"7ab25f4a8bac63b7" = Microsoft adCenter Desktop
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Thank Hammerman
  • 0

#30
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - (uti1nji2) -- C:\Windows\System32\drivers\uti1nji2.sys ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O33 - MountPoints2\{48ddbf62-4be9-11de-83cf-001742918c16}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe -- File not found
    O33 - MountPoints2\{48ddbf62-4be9-11de-83cf-001742918c16}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe -- File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.

-- Step 2 --

Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, choose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP