Hi Ron,
Thank you so much for the fast reply. Sorry for my delay.
I have a few questions for you,
When using USB drive to speed system- I have a 8GB and a 4GB stick. I read that the 8GB is to large for the program and will not work? Is this correct? I also have a 4GB stick that I did try, but it seemed to bog down the computer even more. So I removed it to continue with the scans. Should I try using it again?
Also, when using the 4GB USB drive, could you tell me what the following message means. "While this device is being used. The reserved space will not be available for storage"
Java- Can I disable the 3 outdated java programs on Internet Explorer as well?
PC Doctor- Did you see that I had this program to remove? I didn't find it on my PC
disabling Avast, right click on ball, click on disable until rebooted. I did that, but when running ComboFix it still said Avast was running? I still ran the scan.
Thank you again for all your help and time!!
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7534
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
8/22/2011 2:24:57 AM
mbam-log-2011-08-22 (02-24-57).txt
Scan type: Quick scan
Objects scanned: 188077
Time elapsed: 7 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ComboFix 11-08-22.03 - Wes Cornwell 08/22/2011 9:50.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.958.404 [GMT -5:00]
Running from: c:\users\Wes Cornwell\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\pswi_preloaded.exe
c:\programdata\SPL25DB.tmp
c:\programdata\SPL4AD7.tmp
c:\programdata\SPL6A87.tmp
c:\programdata\SPL7E7.tmp
c:\programdata\SPL8342.tmp
c:\programdata\SPL8E4E.tmp
c:\programdata\SPLDE8D.tmp
c:\programdata\SPLDEC8.tmp
c:\users\Wes Cornwell\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
.
((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 14:59 . 2011-08-22 14:59 -------- d-----w- c:\users\Wes Cornwell\AppData\Local\temp
2011-08-22 14:59 . 2011-08-22 14:59 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-22 14:59 . 2011-08-22 14:59 -------- d-----w- c:\users\SYSTEM\AppData\Local\temp
2011-08-22 14:59 . 2011-08-22 14:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-22 14:59 . 2011-08-22 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-22 08:05 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-22 08:05 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-22 08:05 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-22 08:05 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-22 08:05 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-22 08:04 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-22 08:02 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-22 08:02 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-22 08:01 . 2011-08-22 08:01 -------- d-----w- c:\programdata\AVAST Software
2011-08-22 08:01 . 2011-08-22 08:01 -------- d-----w- c:\program files\AVAST Software
2011-08-22 07:10 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 07:10 . 2011-08-22 07:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 07:10 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 23:22 . 2011-07-20 14:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42E3528F-6F29-4CC0-AF2C-D4B0290F8D12}\mpengine.dll
2011-08-10 23:13 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 23:10 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 23:10 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 23:10 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 23:10 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 23:10 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 20:26 . 2011-05-16 16:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 13:34 . 2011-07-13 13:47 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 00:14 . 2009-10-03 02:45 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-06 17:41 . 2011-05-15 23:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-10-10 160592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FIRST WARN ON-LINE.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FIRST WARN ON-LINE.lnk
backup=c:\windows\pss\FIRST WARN ON-LINE.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer 948 Fax Server]
2007-07-03 13:37 307848 ----a-w- c:\program files\Dell AIO Printer 948\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldfmon.exe]
2007-07-03 13:36 455304 ----a-w- c:\program files\Dell AIO Printer 948\dldfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 22:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linksys Wireless Manager]
2009-07-09 05:21 1366064 ----a-r- c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2007-07-03 13:36 410248 ----a-w- c:\program files\Dell AIO Printer 948\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-06-18 21:41 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-03 05:16 13535776 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-03 05:16 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNDDOCK]
2011-05-26 03:04 956928 ----a-w- c:\program files\Rand McNally\Rand McNally TND Dock\TNDDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-08-02 735232]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgusbgps.sys [2008-11-11 19968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-04 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-16 116608]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe [2007-06-26 598664]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe [2007-06-26 98952]
S2 mrtRate;mrtRate; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-08-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: worldwinner.com\www
TCP: DhcpNameServer = 209.94.172.166 209.94.172.167
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Wes Cornwell\AppData\Roaming\Mozilla\Firefox\Profiles\ryox0u1c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bf0cb54&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-08-22 09:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,fe,53,9f,fc,22,88,40,af,8f,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,fe,53,9f,fc,22,88,40,af,8f,9a,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-22 10:05:36
ComboFix-quarantined-files.txt 2011-08-22 15:05
.
Pre-Run: 190,430,101,504 bytes free
Post-Run: 190,392,418,304 bytes free
.
- - End Of File - - A0849E0DE2DD38C54795FAD8B87E2477
TDSSKILLER2011/08/22 11:10:24.0392 0892 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/22 11:10:24.0782 0892 ================================================================================
2011/08/22 11:10:24.0782 0892 SystemInfo:
2011/08/22 11:10:24.0782 0892
2011/08/22 11:10:24.0782 0892 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/22 11:10:24.0782 0892 Product type: Workstation
2011/08/22 11:10:24.0782 0892 ComputerName: WESCORNWELL-PC
2011/08/22 11:10:24.0782 0892 UserName: Wes Cornwell
2011/08/22 11:10:24.0782 0892 Windows directory: C:\Windows
2011/08/22 11:10:24.0782 0892 System windows directory: C:\Windows
2011/08/22 11:10:24.0782 0892 Processor architecture: Intel x86
2011/08/22 11:10:24.0782 0892 Number of processors: 2
2011/08/22 11:10:24.0782 0892 Page size: 0x1000
2011/08/22 11:10:24.0782 0892 Boot type: Normal boot
2011/08/22 11:10:24.0782 0892 ================================================================================
2011/08/22 11:10:25.0843 0892 Initialize success
2011/08/22 11:10:42.0426 3960 ================================================================================
2011/08/22 11:10:42.0426 3960 Scan started
2011/08/22 11:10:42.0426 3960 Mode: Manual;
2011/08/22 11:10:42.0426 3960 ================================================================================
2011/08/22 11:10:43.0112 3960 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/22 11:10:43.0206 3960 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/22 11:10:43.0268 3960 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/22 11:10:43.0315 3960 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/22 11:10:43.0362 3960 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/22 11:10:43.0456 3960 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/22 11:10:43.0518 3960 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/08/22 11:10:43.0549 3960 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/22 11:10:43.0580 3960 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2011/08/22 11:10:43.0627 3960 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/08/22 11:10:43.0658 3960 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2011/08/22 11:10:43.0736 3960 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/22 11:10:43.0768 3960 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/22 11:10:43.0846 3960 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/22 11:10:43.0892 3960 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/22 11:10:43.0955 3960 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/08/22 11:10:43.0986 3960 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/22 11:10:44.0033 3960 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/08/22 11:10:44.0095 3960 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/08/22 11:10:44.0220 3960 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/08/22 11:10:44.0251 3960 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/08/22 11:10:44.0298 3960 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/22 11:10:44.0329 3960 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/22 11:10:44.0423 3960 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/22 11:10:44.0516 3960 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/22 11:10:44.0563 3960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/22 11:10:44.0594 3960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/22 11:10:44.0641 3960 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/22 11:10:44.0672 3960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/22 11:10:44.0766 3960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/22 11:10:44.0797 3960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/22 11:10:44.0828 3960 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/22 11:10:44.0969 3960 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/22 11:10:45.0031 3960 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/22 11:10:45.0078 3960 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/22 11:10:45.0125 3960 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/22 11:10:45.0218 3960 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2011/08/22 11:10:45.0265 3960 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/08/22 11:10:45.0296 3960 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/22 11:10:45.0328 3960 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/22 11:10:45.0421 3960 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/22 11:10:45.0499 3960 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/22 11:10:45.0593 3960 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/22 11:10:45.0624 3960 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/22 11:10:45.0671 3960 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/22 11:10:45.0733 3960 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/22 11:10:45.0858 3960 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/08/22 11:10:45.0967 3960 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/08/22 11:10:46.0030 3960 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/22 11:10:46.0139 3960 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/08/22 11:10:46.0186 3960 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/22 11:10:46.0232 3960 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/22 11:10:46.0279 3960 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/22 11:10:46.0373 3960 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/22 11:10:46.0420 3960 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/22 11:10:46.0451 3960 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/22 11:10:46.0560 3960 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/22 11:10:46.0576 3960 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/22 11:10:46.0622 3960 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/22 11:10:46.0654 3960 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/22 11:10:46.0700 3960 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/22 11:10:46.0747 3960 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/22 11:10:46.0825 3960 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/22 11:10:46.0903 3960 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/22 11:10:46.0950 3960 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/22 11:10:47.0012 3960 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/22 11:10:47.0044 3960 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/22 11:10:47.0137 3960 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/22 11:10:47.0246 3960 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/08/22 11:10:47.0293 3960 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/08/22 11:10:47.0356 3960 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/22 11:10:47.0418 3960 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/22 11:10:47.0449 3960 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/22 11:10:47.0496 3960 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/22 11:10:47.0605 3960 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/22 11:10:47.0699 3960 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
2011/08/22 11:10:47.0730 3960 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/22 11:10:47.0839 3960 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/22 11:10:47.0902 3960 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/22 11:10:47.0948 3960 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/22 11:10:47.0995 3960 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/22 11:10:48.0042 3960 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/08/22 11:10:48.0073 3960 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/22 11:10:48.0104 3960 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/22 11:10:48.0120 3960 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/22 11:10:48.0167 3960 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/22 11:10:48.0214 3960 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/22 11:10:48.0276 3960 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/22 11:10:48.0354 3960 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/22 11:10:48.0463 3960 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/22 11:10:48.0494 3960 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/22 11:10:48.0526 3960 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/22 11:10:48.0572 3960 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/22 11:10:48.0604 3960 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/22 11:10:48.0650 3960 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/22 11:10:48.0697 3960 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/22 11:10:48.0744 3960 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/22 11:10:48.0775 3960 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/22 11:10:48.0806 3960 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/22 11:10:48.0838 3960 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/22 11:10:48.0884 3960 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/22 11:10:48.0916 3960 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/22 11:10:48.0994 3960 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/22 11:10:49.0040 3960 mrtRate (6075de2ad531f6e30c9995dfda22001f) C:\Windows\system32\drivers\mrtRate.sys
2011/08/22 11:10:49.0087 3960 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/22 11:10:49.0165 3960 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/22 11:10:49.0212 3960 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/22 11:10:49.0243 3960 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/22 11:10:49.0290 3960 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2011/08/22 11:10:49.0337 3960 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/22 11:10:49.0399 3960 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/22 11:10:49.0430 3960 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/22 11:10:49.0493 3960 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/22 11:10:49.0540 3960 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/22 11:10:49.0571 3960 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/22 11:10:49.0664 3960 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/22 11:10:49.0727 3960 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/22 11:10:49.0758 3960 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/22 11:10:49.0774 3960 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/22 11:10:49.0852 3960 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/22 11:10:49.0914 3960 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/22 11:10:49.0976 3960 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/22 11:10:50.0023 3960 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/22 11:10:50.0070 3960 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/22 11:10:50.0117 3960 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/22 11:10:50.0164 3960 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/22 11:10:50.0195 3960 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/22 11:10:50.0335 3960 netr28u (1569349e4e9558238e4260c3668325ff) C:\Windows\system32\DRIVERS\netr28u.sys
2011/08/22 11:10:50.0398 3960 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/22 11:10:50.0460 3960 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/22 11:10:50.0507 3960 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/22 11:10:50.0585 3960 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/22 11:10:50.0647 3960 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/22 11:10:50.0725 3960 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/08/22 11:10:50.0756 3960 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/22 11:10:50.0819 3960 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/08/22 11:10:51.0271 3960 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/22 11:10:51.0521 3960 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/22 11:10:51.0568 3960 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/08/22 11:10:51.0614 3960 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/08/22 11:10:51.0692 3960 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/22 11:10:51.0770 3960 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/22 11:10:51.0817 3960 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/22 11:10:51.0848 3960 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/22 11:10:51.0880 3960 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/22 11:10:51.0958 3960 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/22 11:10:52.0020 3960 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/22 11:10:52.0082 3960 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/22 11:10:52.0207 3960 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
2011/08/22 11:10:52.0285 3960 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/22 11:10:52.0332 3960 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/22 11:10:52.0394 3960 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/22 11:10:52.0441 3960 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
2011/08/22 11:10:52.0488 3960 PxHelp20 (324c27635e516184c811339a75cefd4a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/22 11:10:52.0613 3960 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/22 11:10:52.0660 3960 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/22 11:10:52.0706 3960 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/22 11:10:52.0816 3960 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/22 11:10:52.0909 3960 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/22 11:10:52.0956 3960 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/22 11:10:53.0003 3960 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/22 11:10:53.0050 3960 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/22 11:10:53.0096 3960 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/22 11:10:53.0174 3960 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/22 11:10:53.0268 3960 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/08/22 11:10:53.0299 3960 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/22 11:10:53.0346 3960 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/22 11:10:53.0440 3960 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/22 11:10:53.0611 3960 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/22 11:10:53.0658 3960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/22 11:10:53.0705 3960 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/22 11:10:53.0752 3960 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/22 11:10:53.0798 3960 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/22 11:10:53.0845 3960 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/08/22 11:10:53.0876 3960 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/22 11:10:53.0892 3960 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/22 11:10:53.0939 3960 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/22 11:10:54.0032 3960 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/08/22 11:10:54.0064 3960 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/22 11:10:54.0095 3960 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/22 11:10:54.0142 3960 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/22 11:10:54.0220 3960 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/22 11:10:54.0298 3960 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/08/22 11:10:54.0298 3960 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/08/22 11:10:54.0298 3960 sptd - detected LockedFile.Multi.Generic (1)
2011/08/22 11:10:54.0360 3960 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/22 11:10:54.0438 3960 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/22 11:10:54.0516 3960 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/22 11:10:54.0563 3960 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/08/22 11:10:54.0610 3960 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/22 11:10:54.0656 3960 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/22 11:10:54.0734 3960 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/22 11:10:54.0766 3960 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/22 11:10:54.0890 3960 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/22 11:10:54.0984 3960 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/22 11:10:55.0046 3960 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/22 11:10:55.0093 3960 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/22 11:10:55.0140 3960 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/22 11:10:55.0187 3960 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/22 11:10:55.0234 3960 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/22 11:10:55.0296 3960 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/22 11:10:55.0343 3960 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/22 11:10:55.0390 3960 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/22 11:10:55.0483 3960 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/22 11:10:55.0530 3960 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/22 11:10:55.0577 3960 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/22 11:10:55.0608 3960 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/22 11:10:55.0655 3960 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/22 11:10:55.0686 3960 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/22 11:10:55.0733 3960 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/22 11:10:55.0795 3960 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/22 11:10:55.0842 3960 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/08/22 11:10:55.0889 3960 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/22 11:10:55.0920 3960 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/22 11:10:55.0967 3960 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/08/22 11:10:56.0076 3960 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/22 11:10:56.0092 3960 UsbGps (071b8e7a0ca11a2a9b32109058136bbe) C:\Windows\system32\DRIVERS\lgusbgps.sys
2011/08/22 11:10:56.0138 3960 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/22 11:10:56.0185 3960 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/08/22 11:10:56.0201 3960 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/22 11:10:56.0232 3960 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/22 11:10:56.0263 3960 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/22 11:10:56.0294 3960 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/22 11:10:56.0341 3960 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/22 11:10:56.0404 3960 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/22 11:10:56.0450 3960 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/22 11:10:56.0482 3960 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/08/22 11:10:56.0513 3960 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/22 11:10:56.0544 3960 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2011/08/22 11:10:56.0575 3960 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/22 11:10:56.0622 3960 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/22 11:10:56.0731 3960 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/22 11:10:56.0762 3960 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/22 11:10:56.0809 3960 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/22 11:10:56.0965 3960 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/22 11:10:56.0981 3960 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/22 11:10:57.0059 3960 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/22 11:10:57.0106 3960 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/22 11:10:57.0199 3960 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/22 11:10:57.0324 3960 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/22 11:10:57.0402 3960 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/22 11:10:57.0464 3960 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/22 11:10:57.0542 3960 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/22 11:10:57.0636 3960 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/22 11:10:57.0698 3960 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/22 11:10:57.0730 3960 Boot (0x1200) (5ae36f71a098ea3b302cb5da6500d4ad) \Device\Harddisk0\DR0\Partition0
2011/08/22 11:10:57.0745 3960 Boot (0x1200) (33a0e30d2deefaed18a33003866f2c53) \Device\Harddisk0\DR0\Partition1
2011/08/22 11:10:57.0761 3960 ================================================================================
2011/08/22 11:10:57.0761 3960 Scan finished
2011/08/22 11:10:57.0761 3960 ================================================================================
2011/08/22 11:10:57.0776 3908 Detected object count: 1
2011/08/22 11:10:57.0776 3908 Actual detected object count: 1
2011/08/22 11:11:18.0805 3908 LockedFile.Multi.Generic(sptd) - User select action: Skip
AVASTaswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-22 11:13:34
-----------------------------
11:13:34.759 OS Version: Windows 6.0.6002 Service Pack 2
11:13:34.759 Number of processors: 2 586 0x6B01
11:13:34.759 ComputerName: WESCORNWELL-PC UserName: Wes Cornwell
11:13:35.804 Initialize success
11:13:36.740 AVAST engine defs: 11082200
11:13:45.211 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
11:13:45.211 Disk 0 Vendor: WDC_WD25 10.0 Size: 238418MB BusType: 8
11:13:47.239 Disk 0 MBR read successfully
11:13:47.239 Disk 0 MBR scan
11:13:47.645 Disk 0 Windows VISTA default MBR code
11:13:47.660 Disk 0 scanning sectors +488278016
11:13:48.269 Disk 0 scanning C:\Windows\system32\drivers
11:14:06.708 Service scanning
11:14:08.034 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
11:14:08.642 Modules scanning
11:14:19.110 Disk 0 trace - called modules:
11:14:19.141 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8529f1f8]<<
11:14:19.141 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858e7a50]
11:14:19.656 3 CLASSPNP.SYS[86da28b3] -> nt!IofCallDriver -> [0x853668c8]
11:14:19.656 5 acpi.sys[82b306bc] -> nt!IofCallDriver -> \Device\00000059[0x8532ec90]
11:14:19.672 \Driver\nvstor[0x853318c8] -> IRP_MJ_CREATE -> 0x8529f1f8
11:14:20.171 AVAST engine scan C:\Windows
11:14:24.508 AVAST engine scan C:\Windows\system32
11:16:32.786 AVAST engine scan C:\Windows\system32\drivers
11:16:43.738 AVAST engine scan C:\Users\Wes Cornwell
11:17:15.718 Disk 0 MBR has been saved successfully to "C:\Users\Wes Cornwell\Desktop\MBR.dat"
11:17:15.733 The log file has been saved successfully to "C:\Users\Wes Cornwell\Desktop\aswMBR.txt"
OTL logfile created on: 8/22/2011 11:26:28 AM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Wes Cornwell\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
957.76 Mb Total Physical Memory | 186.79 Mb Available Physical Memory | 19.50% Memory free
2.13 Gb Paging File | 1.22 Gb Available in Paging File | 57.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 177.35 Gb Free Space | 79.61% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.36 Gb Free Space | 63.61% Space Free | Partition Type: NTFS
Computer Name: WESCORNWELL-PC | User Name: Wes Cornwell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/08/20 21:39:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Cornwell\Downloads\OTL.exe
PRC - [2011/08/16 00:40:36 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/06/18 16:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldfserv.exe
PRC - [2007/06/26 01:56:06 | 000,598,664 | ---- | M] ( ) -- C:\Windows\System32\dldfcoms.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/08/16 00:40:36 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/29 11:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/06/18 16:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 01:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 06:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/04 13:32:36 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/02 06:56:10 | 000,735,232 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/13 15:47:44 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/05/13 15:47:44 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbgps.sys -- (UsbGps)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/15 08:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [1999/08/10 13:51:58 | 000,034,916 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MrtRate.sys -- (mrtRate)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "
http://search.avg.co...s&lng=en-US&q="FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/30 17:39:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/22 03:03:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/06 12:41:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 12:17:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/30 17:39:31 | 000,000,000 | ---D | M]
[2011/02/10 16:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Cornwell\AppData\Roaming\Mozilla\Extensions
[2011/05/15 12:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Cornwell\AppData\Roaming\Mozilla\Firefox\Profiles\ryox0u1c.default\extensions
[2011/02/13 11:37:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Wes Cornwell\AppData\Roaming\Mozilla\Firefox\Profiles\ryox0u1c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/10 20:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/18 03:20:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/27 12:27:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/01 09:23:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/10 20:02:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/07/06 12:41:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/15 18:21:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/08/22 09:59:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: worldwinner.com ([www] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.94.172.166 209.94.172.167
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/08/22 11:12:41 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Wes Cornwell\Desktop\aswMBR.exe
[2011/08/22 11:04:46 | 001,405,744 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Wes Cornwell\Desktop\tdsskiller.exe
[2011/08/22 10:05:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/22 10:05:38 | 000,000,000 | ---D | C] -- C:\Users\Wes Cornwell\AppData\Local\temp
[2011/08/22 09:46:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/22 09:31:08 | 004,181,210 | R--- | C] (Swearware) -- C:\Users\Wes Cornwell\Desktop\ComboFix.exe
[2011/08/22 03:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/22 03:05:05 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/08/22 03:05:05 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/08/22 03:05:02 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/08/22 03:05:01 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/08/22 03:05:01 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/08/22 03:04:59 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/08/22 03:02:51 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/22 03:02:47 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/08/22 03:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/22 03:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/22 02:10:10 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/22 02:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/22 02:10:05 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/22 02:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/13 23:13:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/13 23:13:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/13 23:13:57 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/13 23:13:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/13 23:13:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/13 23:11:35 | 000,000,000 | ---D | C] -- C:\f64d872016d01040bbb9643a4116bc
[2011/08/10 18:13:33 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 18:10:27 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 18:10:27 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2007/10/31 17:48:05 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\dldfhcp.dll
[2007/10/31 17:48:02 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\dldfinpa.dll
[2007/10/31 17:48:02 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldfiesc.dll
[2007/10/31 17:48:00 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\dldfserv.dll
[2007/10/31 17:48:00 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\dldfusb1.dll
[2007/10/31 17:47:58 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldfprox.dll
[2007/10/31 17:47:57 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldfpmui.dll
[2007/10/31 17:47:57 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\dldflmpm.dll
[2007/10/31 17:47:54 | 000,320,136 | ---- | C] ( ) -- C:\Windows\System32\dldfih.exe
[2007/10/31 17:47:50 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldfhbn3.dll
[2007/10/31 17:47:43 | 000,598,664 | ---- | C] ( ) -- C:\Windows\System32\dldfcoms.exe
[2007/10/31 17:47:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldfcomm.dll
[2007/10/31 17:47:41 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\dldfcomc.dll
[2007/10/31 17:47:39 | 000,365,192 | ---- | C] ( ) -- C:\Windows\System32\dldfcfg.exe
========== Files - Modified Within 30 Days ========== [2011/08/22 11:17:53 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/22 11:17:53 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/22 11:17:15 | 000,000,512 | ---- | M] () -- C:\Users\Wes Cornwell\Desktop\MBR.dat
[2011/08/22 11:12:56 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Wes Cornwell\Desktop\aswMBR.exe
[2011/08/22 11:04:46 | 001,405,744 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Wes Cornwell\Desktop\tdsskiller.exe
[2011/08/22 09:59:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/22 09:32:09 | 004,181,210 | R--- | M] (Swearware) -- C:\Users\Wes Cornwell\Desktop\ComboFix.exe
[2011/08/22 09:17:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/22 03:05:06 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/22 03:04:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/22 02:10:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/22 01:25:22 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/08/22 00:34:31 | 000,608,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/22 00:34:31 | 000,105,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/15 13:12:17 | 000,581,632 | ---- | M] () -- C:\Users\Wes Cornwell\Documents\Inventory10.qhi
[2011/08/12 15:26:13 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/11 11:14:42 | 000,000,104 | ---- | M] () -- C:\Users\Wes Cornwell\Application Data\Microsoft\Internet Explorer\Quick Launch\The Internet - Shortcut.lnk
[2011/07/31 23:22:24 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
========== Files Created - No Company Name ========== [2011/08/22 11:17:15 | 000,000,512 | ---- | C] () -- C:\Users\Wes Cornwell\Desktop\MBR.dat
[2011/08/22 03:05:06 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/22 02:10:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 11:14:42 | 000,000,104 | ---- | C] () -- C:\Users\Wes Cornwell\Application Data\Microsoft\Internet Explorer\Quick Launch\The Internet - Shortcut.lnk
[2010/12/30 17:29:53 | 000,207,001 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/05/05 16:50:37 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010/03/31 19:34:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2010/03/11 00:55:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/11 00:55:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/11 00:55:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/11 00:55:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/11 00:55:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/29 21:15:54 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/09/18 12:39:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 12:39:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/08/12 07:46:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/19 00:59:58 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/05/16 03:02:58 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/12/01 20:08:26 | 000,061,440 | ---- | C] () -- C:\Windows\wnUninstall.exe
[2007/11/11 22:38:09 | 000,032,390 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2007/11/11 20:36:53 | 000,032,662 | ---- | C] () -- C:\ProgramData\dldf
[2007/10/31 18:57:49 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/10/31 18:57:49 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\73B486E930.sys
[2007/10/31 18:49:58 | 000,374,784 | ---- | C] () -- C:\Windows\3dg32.dll
[2007/10/31 18:49:57 | 000,000,250 | ---- | C] () -- C:\Windows\3dr.ini
[2007/10/31 17:51:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDFPMON.DLL
[2007/10/31 17:51:10 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDFFXPU.DLL
[2007/10/31 17:50:50 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldfoem.dll
[2007/10/31 17:50:50 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDFPMRC.DLL
[2007/10/31 17:48:07 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldfinst.dll
[2007/10/31 17:48:01 | 000,499,712 | ---- | C] () -- C:\Windows\System32\dldfutil.dll
[2007/10/31 17:47:57 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldfjswr.dll
[2007/10/31 17:47:56 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldfinsb.dll
[2007/10/31 17:47:55 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldfins.dll
[2007/10/31 17:47:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldfinsr.dll
[2007/10/31 17:47:49 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldfgrd.dll
[2007/10/31 17:47:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldfcub.dll
[2007/10/31 17:47:44 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldfcu.dll
[2007/10/31 17:47:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldfcur.dll
[2007/10/31 17:47:36 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldfcfg.dll
[2007/10/31 15:18:40 | 000,000,152 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2007/10/31 15:18:38 | 000,006,838 | ---- | C] () -- C:\Windows\ICOADB32.DAT
[2007/10/31 15:14:51 | 000,000,784 | ---- | C] () -- C:\Users\Wes Cornwell\AppData\Roaming\wklnhst.dat
[2007/10/30 23:33:44 | 000,013,312 | ---- | C] () -- C:\Users\Wes Cornwell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/22 14:17:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dldfcaps.dll
[2007/05/08 18:48:24 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dldfdrs.dll
[2007/05/03 19:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldfcoin.dll
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2007/03/12 22:17:08 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldfcnv4.dll
[2006/11/10 17:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,321,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,608,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/08/01 05:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldfvs.dll
[1997/08/14 00:00:00 | 000,031,232 | ---- | C] () -- C:\Windows\System32\XLREC.DLL
[1997/08/14 00:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\System32\RECNCL.DLL
[1997/08/14 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/08/14 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
========== Alternate Data Streams ========== @Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:CD2ECCEC
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:1AE68282
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:FB384C06
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:72E546C1
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:618BF152
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:3BAD46F6
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:0E660858
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:BD8705CE
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D09AEE3D
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:B1C68614
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:6E5C36BA
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C17FCA88
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9CD61266
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A118E9A3
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E8A39657
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6A7B7A50
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:864A52B8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0A404476
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4EFDF5FB
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E8F2B426
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CCF42AF8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B156F3F2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:74B502CB
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8599F087
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:1A3FC1C4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E90251A2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:1B1330FD
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D091E13E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B42328DE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:8750DCE4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:001F2DD1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DD831FA6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:49F896E9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D6BE1CEA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:20FFCF0B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1B79AEF3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:FC89CE5A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A39CF033
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:687D1056
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FEF919E6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E6427C0F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0DA384B0
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2FAFBD6A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:76C67845
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A73EAFFB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9B7E8561
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FE4E15B1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:DEC7E19B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:54997B77
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:389D51A1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C4F37A10
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B17C9C5E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:68E05C43
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ECD1173C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DA5FD7CF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DB365884
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E35A81F4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:541F9F51
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2411B07C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:685CA1CF
< End of report >
OTL Extras logfile created on: 8/22/2011 11:26:28 AM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Wes Cornwell\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
957.76 Mb Total Physical Memory | 186.79 Mb Available Physical Memory | 19.50% Memory free
2.13 Gb Paging File | 1.22 Gb Available in Paging File | 57.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 177.35 Gb Free Space | 79.61% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.36 Gb Free Space | 63.61% Space Free | Partition Type: NTFS
Computer Name: WESCORNWELL-PC | User Name: Wes Cornwell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15F92067-5390-4DD0-8103-23EFB5E9836A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04559640-978D-43A7-8093-DE92A841018E}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldffax.exe |
"{0C60ED18-E553-4E0B-9E6D-EEE8A0DCB976}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"{1686B3AF-9B63-45FA-976C-B292CB61FDCB}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldftime.exe |
"{307B020C-E563-46C8-A310-3592814721D8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{312D10C2-DA32-4E86-8002-4A6EC225DFF0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{32EDAD9D-7EB9-4904-90E5-11346270887B}" = protocol=6 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{346866DB-F82B-409F-B0A9-45C929CB63B5}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldftime.exe |
"{356D0316-1AA1-4A0A-B08C-AD55F32085AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{370D5422-FD4E-4EF5-A1DE-EE1C114AE83D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{38B22FD9-FA66-4200-BEB2-645E62EDBF83}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldffax.exe |
"{3B4684E3-933B-4CB6-A1FD-0D1612D8CA82}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{4038C590-097B-4886-8220-1E3133DEB72B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{466470E7-829F-4771-B500-EEBA450A1DF1}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{4AE9DE6E-76D0-4604-BD1C-F84AF10C5819}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"{4C249343-73CC-419E-9874-EC2F117D9DCE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{4E5FC7C9-D653-48A1-A1B2-19710C0E4F37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{587FAAE6-33FB-4F00-A0FB-CA3D0B52DD36}" = protocol=17 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{642F86A8-2E58-4D5D-A4F7-8350B5045E7C}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe |
"{771F4399-D956-46C3-80EE-36F7D018A08E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{7E6D0705-32A2-42E4-87DD-757864692F1F}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{87B55347-5DBC-4A4D-9E9C-A08F7E6DEED9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{89C007C0-4232-4D11-A7C8-BEE6A26A0B93}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe |
"{9BA19A75-A32B-4726-AFB5-50407BDEE8BB}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe |
"{9CF70A78-2928-45A6-A79E-E6DA4AF1C30E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{A510A952-9298-4048-A3A4-870297D6F681}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{A6906C5F-6453-45A6-AA9E-D6951AB88A97}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfjswx.exe |
"{AC1E4701-7A40-44DA-8680-3FDA52C8B200}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe |
"{AEC7959C-B44C-41FF-9626-9F0C98E076B4}" = dir=in | app=e:\setup\hpznui01.exe |
"{BD9BA4C5-24B8-43C3-A27D-C8C3CAA91D84}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE3BF063-F138-4301-9A5B-5754623CDAD1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{C25B9B75-42D5-44FD-AD33-34EF480BA347}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D687FE31-766E-428A-8689-049BED05A636}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{D70D395B-0362-47B1-92F5-6DD4D76DF7D0}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{EE5B9EBF-5EB6-4A9D-A128-DFD3A048E5B0}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfjswx.exe |
"{F5D1A5A3-852D-460C-B299-FD230489A833}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe |
"{F6DDEFDE-7016-417E-9678-0E5F5B547C7B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F8501F48-CC70-469A-98F7-6ED7FC6EDFEE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{F9298395-85F9-4AD4-8148-2A76D2F5B622}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{FD397B8A-6C05-4839-A65A-9975E5517EBD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe |
"TCP Query User{06B07688-0200-4FDC-97B3-DEF01E588C40}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{16532C1C-5A5F-4CA3-9977-E0D056B0E597}C:\program files\dell aio printer 948\dldfafcn.exe" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfafcn.exe |
"TCP Query User{29A5A069-F73A-4D26-86D7-329A3EA2D5E2}C:\program files\common files\first warn on-line\trueweather.exe" = protocol=6 | dir=in | app=c:\program files\common files\first warn on-line\trueweather.exe |
"TCP Query User{3FDA3271-B22B-4392-9701-F4ADD955094F}C:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe |
"TCP Query User{4A89CF63-4BD1-4E3B-A21A-6BD558D0B335}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe |
"TCP Query User{81D4D067-E6AC-4C27-B691-05D12927E4AA}C:\program files\common files\first warn on-line\trueweather.exe" = protocol=6 | dir=in | app=c:\program files\common files\first warn on-line\trueweather.exe |
"TCP Query User{F1B37261-FEF4-4E8F-8215-8C466002EACB}C:\program files\dell aio printer 948\dldfmon.exe" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"TCP Query User{F67A5633-8544-4C3D-B611-B1FE3045F1E8}C:\program files\rand mcnally\rand mcnally tnd dock\tnddock.exe" = protocol=6 | dir=in | app=c:\program files\rand mcnally\rand mcnally tnd dock\tnddock.exe |
"UDP Query User{0835F9A6-BAF0-407E-8BB0-A2D4911E5FCB}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe |
"UDP Query User{0DA430C1-7EC0-40CC-8C54-7924071D4B3C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2B86E629-7B1D-4E5D-AA7E-0EBF9AFEE9E0}C:\program files\common files\first warn on-line\trueweather.exe" = protocol=17 | dir=in | app=c:\program files\common files\first warn on-line\trueweather.exe |
"UDP Query User{38D6492B-F55F-4C90-B22F-71B0EDF0D4FF}C:\program files\common files\first warn on-line\trueweather.exe" = protocol=17 | dir=in | app=c:\program files\common files\first warn on-line\trueweather.exe |
"UDP Query User{47FEB229-1BC5-4575-8B85-E8843440EE1D}C:\program files\dell aio printer 948\dldfmon.exe" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"UDP Query User{518D89FA-1A11-4D60-A020-DCE564BD9BD3}C:\program files\rand mcnally\rand mcnally tnd dock\tnddock.exe" = protocol=17 | dir=in | app=c:\program files\rand mcnally\rand mcnally tnd dock\tnddock.exe |
"UDP Query User{52987CB3-20E7-487E-8474-8F56DBB7F10E}C:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldfpswx.exe |
"UDP Query User{9AB94B69-7F0D-4E6D-A461-6C5CD8147EFB}C:\program files\dell aio printer 948\dldfafcn.exe" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfafcn.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52592821-F0CA-4131-8958-BCAE6E50B523}" = Pure Networks Platform
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69DC59F6-C3CE-429F-BDEB-9F45095610C2}" = Rand McNally TND Dock
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6C6ECD6F-895A-47B0-9332-9D785957AB60}" = Rand McNally TND Dock
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDF64407-E968-4AC8-8323-A1DDBE5A8D72}" = Quicken Home Inventory Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"DAO 3.5" = DAO 3.5
"Dell AIO Printer 948" = Dell AIO Printer 948
"Dell Support Center" = Dell Support Center
"Excel" = Microsoft Excel 97
"FIRST WARN ON-LINE" = FIRST WARN ON-LINE
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Linksys Wireless Manager" = Linksys Wireless Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Punch! Professional Home Design" = Punch! Professional Home Design
"Shop for HP Supplies" = Shop for HP Supplies
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >