Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a posibly protected malware.


  • This topic is locked This topic is locked
29 replies to this topic

#1 chembear

chembear

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 18 June 2009 - 02:05 PM

Referred here from: http://www.bleepingcomputer.com/forums/t/233740/i-think-i-have-a-vundo-infection/ Not able to run DDS. ~ OB

Hi,

I've been having problems in all my web browsers with "pop-unders". This happens almost exclusively while on Facebook and especially while viewing pictures. I've run RSIT and here is the log:

info.txt logfile of random's system information tool 1.06 2009-06-18 10:01:03

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Big City Adventures San Francisco\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Cinema Tycoon\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Family Feud 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\GameHouse Solitaire Challenge\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Garden Dreams\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Match 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\JoJo's Fashion Show\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Numba\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Poker Superstars III\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\The Hidden Object Game Show\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Tradewinds Legends\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->"C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Age of Empires III-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AMD USB Audio Driver Filter-->MsiExec.exe /X{A3AB35FA-943E-4799-99DC-46EFD59E998F}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
Belkin Storage Manager-->MsiExec.exe /X{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B}
Catalyst Control Center - Branding-->MsiExec.exe /I{558FF444-F562-4E4C-98BD-7B20EE184D2E}
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\Uninstall.exe
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Gardener's Journal Premium 3.1-->C:\WINDOWS\st6unst.exe -n "C:\Program Files (x86)\GJ 3.1\ST6UNST.LOG"
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Greeting Card Factory Deluxe 7.0-->MsiExec.exe /I{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files (x86)\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS
HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
HP MULTIPLE MODEM INSTALLER for VISTA-->MsiExec.exe /I{45A136EC-88BF-4B95-99F5-C45D3930E1CC}
HP Quick Launch Buttons 6.40 H2-->C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP Total Care Advisor-->MsiExec.exe /X{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0129-->MsiExec.exe /X{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
HPDailySurprise-->MsiExec.exe /X{BCC02E43-8FD8-FEBF-4319-1FE6F8559645}
HPTCSSetup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{30D3B7BC-5798-45D9-822D-05CA18F39E99}\setup.exe" -l0x9 -removeonly
IDT Audio-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
Internet Saving Optimizer-->"C:\Program Files (x86)\Internet Saving Optimizer\3.1.0.3900\unins000.exe"
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMicron JMB38X Flash Media Controller-->"C:\Program Files (x86)\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
Juno Preloader-->MsiExec.exe /X{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files (x86)\McAfee\MSC\mcuninst.exe
Media Access Startup-->"C:\Program Files (x86)\Media Access Startup\1.0.0.610\unins000.exe"
Microsoft Live Search Toolbar-->MsiExec.exe /X{6A370610-3778-44AF-9AAC-69B2FD1A3356}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\Windows\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.0.11)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee Reveal-->MsiExec.exe /X{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}
NetZero Preloader-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Photo Explosion Deluxe 3.0-->MsiExec.exe /X{1034BE34-1569-4889-831D-C2C3F2CB2F73}
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Safari-->MsiExec.exe /I{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Slingbox - Watch Your TV Anywhere-->MsiExec.exe /X{7B798B31-2F33-4DC8-BDA4-D36488E86636}
SlingPlayer-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
SPORE™-->"C:\Program Files (x86)\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Search Dispatcher-->"C:\Program Files (x86)\System Search Dispatcher\1.2.0.750\unins000.exe"
TBS WMP Plug-in-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
The Weather Channel Desktop 6-->C:\Program Files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\SysWOW64\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

======Security center information======

AS: VundoFixTool
AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: Cindy-PC
Event Code: 12
Message: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228) disappeared from the system without first being prepared for removal.
Record Number: 43567
Source Name: PlugPlayManager
Time Written: 20090617005146.000000-000
Event Type: Error
User:

Computer Name: Cindy-PC
Event Code: 12
Message: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328) disappeared from the system without first being prepared for removal.
Record Number: 43568
Source Name: PlugPlayManager
Time Written: 20090617005146.000000-000
Event Type: Error
User:

Computer Name: Cindy-PC
Event Code: 12
Message: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428) disappeared from the system without first being prepared for removal.
Record Number: 43569
Source Name: PlugPlayManager
Time Written: 20090617005146.000000-000
Event Type: Error
User:

Computer Name: Cindy-PC
Event Code: 7
Message: The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 69 seconds since the last report.
Record Number: 43625
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090617174510.220000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Cindy-PC
Event Code: 7
Message: The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 69 seconds since the last report.
Record Number: 43626
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090617174510.220000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Cindy-PC
Event Code: 1023
Message: Windows cannot load the extensible counter DLL EmdCache. The first four bytes (DWORD) of the Data section contains the Windows error code.
Record Number: 7190
Source Name: Microsoft-Windows-Perflib
Time Written: 20090616172147.000000-000
Event Type: Error
User:

Computer Name: Cindy-PC
Event Code: 1008
Message: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Record Number: 7191
Source Name: Microsoft-Windows-Perflib
Time Written: 20090616172149.000000-000
Event Type: Error
User:

Computer Name: Cindy-PC
Event Code: 1023
Message: Windows cannot load the extensible counter DLL PolicyAgent. The first four bytes (DWORD) of the Data section contains the Windows error code.
Record Number: 7192
Source Name: Microsoft-Windows-Perflib
Time Written: 20090616172149.000000-000
Event Type: Error
User:

Computer Name: Cindy-PC
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 7195
Source Name: Microsoft-Windows-EventSystem
Time Written: 20090617004600.000000-000
Event Type: Error
User:

Computer Name: Cindy-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 7221
Source Name: Microsoft-Windows-WMI
Time Written: 20090617004724.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Cindy-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-961268410-3947591333-2576278008-1000
Account Name: Cindy
Account Domain: Cindy-PC
Logon ID: 0x13fca90

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 17502
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090618130733.038000-000
Event Type: Audit Success
User:

Computer Name: Cindy-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-961268410-3947591333-2576278008-1000
Account Name: Cindy
Account Domain: Cindy-PC
Logon ID: 0x13fca31

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 17503
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090618130733.039000-000
Event Type: Audit Success
User:

Computer Name: Cindy-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: CINDY-PC$
Account Domain: CHEMBEARDEN
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2b8
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 17504
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090618130801.585000-000
Event Type: Audit Success
User:

Computer Name: Cindy-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: CINDY-PC$
Account Domain: CHEMBEARDEN
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2b8
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 17505
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090618130801.585000-000
Event Type: Audit Success
User:

Computer Name: Cindy-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 17506
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090618130801.585000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\CyberLink\Power2Go;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Common Files\Ulead Systems\DVD;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=AMD64 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Any help will be greatly appreciated.

Cindy

Edited by Orange Blossom, 18 June 2009 - 07:14 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 24 June 2009 - 08:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 chembear

chembear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 24 June 2009 - 04:16 PM

I followed the instructions the best that I could and I couldn't get DDS to run. It kept telling me it was not supported by my operating system. I have Vista home premium. What should I try now?

Cindy

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 24 June 2009 - 06:12 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

So DDS is giving you trouble. It is probably due to your infection. Your RSIT log is incomplete. Again likely due to the infection.

Try this please..................

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* OTListIt log.txt
* OTL Extra.txt

I will review your logs and post instructions forthcoming.
Regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 chembear

chembear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 24 June 2009 - 08:51 PM

I ran the OTL scan and here are the logs.

OTL logfile created on: 6/24/2009 9:44:07 PM - Run 1
OTL by OldTimer - Version 3.0.5.2 Folder = C:\Users\Cindy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 62.69% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.18 Gb Total Space | 184.05 Gb Free Space | 64.54% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
Drive E: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CINDY-PC
Current User Name: Cindy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/09/16 14:02:26 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/05/15 15:42:26 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
PRC - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
PRC - [2008/10/06 12:54:52 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
PRC - [2008/03/27 04:15:24 | 00,656,040 | ---- | M] () -- C:\Program Files (x86)\Lexmark Z2300 Series\lxdpmon.exe
PRC - [2007/04/29 23:57:42 | 00,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe
PRC - [2007/04/29 23:55:32 | 00,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe
PRC - [2008/06/09 14:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/09/30 19:56:04 | 00,972,080 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2009/03/02 19:22:39 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/06 14:17:38 | 03,325,952 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
PRC - [2008/09/26 06:36:40 | 01,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 22:41:44 | 01,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/25 22:42:24 | 00,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/25 17:25:20 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2008/08/01 19:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/05/08 19:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
PRC - [2008/04/15 17:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/08/30 02:37:22 | 00,855,040 | ---- | M] (Belkin International, Inc.) -- C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe
PRC - [2006/05/10 13:32:32 | 00,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe
PRC - [2007/08/25 02:03:20 | 00,185,664 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe
PRC - [2009/03/25 17:25:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/05/15 15:44:20 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2009/05/30 12:30:26 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2007/09/26 10:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
PRC - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/04/11 12:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/03/08 07:34:00 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe
PRC - [2009/06/24 21:32:20 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/09/26 15:13:24 | 00,089,088 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters [Auto | Running])
SRV:64bit: - [2007/12/11 16:11:30 | 00,015,872 | ---- | M] () -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio [Auto | Running])
SRV:64bit: - [2008/09/17 00:14:32 | 00,905,216 | ---- | M] () -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV:64bit: - [2008/10/23 04:02:25 | 00,053,760 | ---- | M] () -- C:\Windows\SysNative\bthserv.dll -- (BthServ [Auto | Running])
SRV:64bit: - [2008/03/18 20:25:40 | 00,023,040 | ---- | M] () -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv [Auto | Running])
SRV:64bit: - [2007/04/29 23:55:08 | 00,566,704 | ---- | M] () -- C:\Windows\SysNative\lxcgcoms.exe -- (lxcg_device [Auto | Running])
SRV:64bit: - [2008/02/27 12:06:50 | 01,044,648 | ---- | M] () -- C:\Windows\SysNative\lxdpcoms.exe -- (lxdp_device [Auto | Running])
SRV:64bit: - [2009/04/01 14:21:30 | 00,696,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV:64bit: - [2009/03/25 10:59:30 | 00,153,920 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV:64bit: - [2008/09/26 15:13:54 | 00,279,040 | ---- | M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV [Auto | Running])
SRV:64bit: - [2008/01/20 22:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [On_Demand | Stopped])
SRV:64bit: - [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2008/09/16 14:02:26 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0 [Auto | Running])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 14:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/04/15 20:25:29 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/06/19 21:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2009/06/05 20:07:28 | 00,250,616 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/05/15 15:42:26 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c9d5955351c140 [Auto | Stopped])
SRV - [2009/06/01 19:33:17 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/06/16 11:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/11/02 05:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Running])
SRV - [2009/06/18 21:59:22 | 01,003,344 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/04/29 23:54:44 | 00,537,520 | ---- | M] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe -- (lxcg_device [Auto | Running])
SRV - [2008/02/27 12:06:28 | 00,594,600 | ---- | M] ( ) -- C:\Windows\SysWow64\lxdpcoms.exe -- (lxdp_device [Auto | Running])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2009/03/25 17:25:20 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2006/11/02 09:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2008/01/20 22:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/10/06 12:54:52 | 00,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2008/06/29 19:10:18 | 00,241,734 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2006/11/02 02:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 02:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2008/03/27 16:10:14 | 00,040,296 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV:64bit: - [2008/02/29 19:59:32 | 01,252,352 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand | Running])
DRV:64bit: - [2008/04/27 15:09:18 | 01,133,568 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr [On_Demand | Running])
DRV:64bit: - [2008/09/17 01:01:26 | 04,709,888 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV:64bit: - [2008/04/28 05:25:06 | 00,016,400 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot | Running])
DRV:64bit: - [2008/10/23 04:02:23 | 00,026,624 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 22:47:02 | 00,115,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan [On_Demand | Stopped])
DRV:64bit: - [2008/10/23 04:02:23 | 00,694,784 | ---- | M] () -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT [On_Demand | Stopped])
DRV:64bit: - [2008/10/23 04:02:23 | 00,035,840 | ---- | M] () -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 22:46:51 | 00,017,792 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV:64bit: - [2008/01/24 09:24:24 | 00,060,928 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV:64bit: - [2009/03/19 16:34:18 | 00,029,544 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV:64bit: - [2006/11/02 01:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
DRV:64bit: - [2008/03/27 16:10:56 | 00,026,984 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV:64bit: - [2007/06/18 20:13:12 | 00,018,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV:64bit: - [2008/07/21 06:53:04 | 00,145,496 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Stopped])
DRV:64bit: - [2009/06/04 22:01:32 | 00,068,640 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV:64bit: - [2009/03/25 11:06:22 | 00,102,600 | ---- | M] () -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV:64bit: - [2009/03/25 11:06:22 | 00,307,400 | ---- | M] () -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV:64bit: - [2009/03/25 10:59:38 | 00,040,904 | ---- | M] () -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV:64bit: - [2009/03/25 11:06:22 | 00,049,480 | ---- | M] () -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV:64bit: - [2008/10/23 13:08:54 | 00,176,144 | ---- | M] () -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV:64bit: - [2008/01/20 22:46:57 | 03,154,432 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64 [On_Demand | Stopped])
DRV:64bit: - [2009/04/15 20:20:13 | 00,052,856 | ---- | M] () -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64 [Boot | Running])
DRV:64bit: - [2008/10/23 04:02:23 | 00,178,688 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
DRV:64bit: - [2008/02/14 10:56:14 | 00,160,768 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV:64bit: - [2008/01/20 22:46:55 | 00,111,104 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Stopped])
DRV:64bit: - [2008/09/26 15:14:14 | 00,465,408 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA [On_Demand | Running])
DRV:64bit: - [2008/01/18 07:31:30 | 00,320,560 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV:64bit: - [2009/03/05 23:59:00 | 00,044,544 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64 [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 22:47:04 | 00,098,816 | ---- | M] () -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV:64bit: - [2008/05/28 18:54:18 | 00,026,168 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter [On_Demand | Running])
DRV:64bit: - [2008/01/20 22:47:27 | 00,168,704 | ---- | M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV:64bit: - [2006/10/03 21:45:36 | 00,273,408 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Stopped])
DRV - [2006/09/18 17:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2006/05/23 17:00:26 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\Windows\SysWow64\drivers\pfc.sys -- (pfc [On_Demand | Stopped])
DRV - [2009/05/26 10:05:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
DRV - [2009/05/26 10:05:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/05/26 10:05:52 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
DRV - [2006/09/18 17:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [System | Running])
DRV - [2008/09/26 06:36:34 | 00,027,632 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb


IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-961268410-3947591333-2576278008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKU\S-1-5-21-961268410-3947591333-2576278008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-961268410-3947591333-2576278008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-961268410-3947591333-2576278008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-961268410-3947591333-2576278008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-961268410-3947591333-2576278008-1000\S-1-5-21-961268410-3947591333-2576278008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.3.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.9
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.1.0.3900
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: treestyletab@piro.sakura.ne.jp:0.7.2009051501
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090325
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {7ef7f4d6-947d-11dc-8314-0800200c9a66}:3.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=2tWdESdFRtweTiekKdb4sA&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2009/06/24 17:18:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/05/15 15:44:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files (x86)\Internet Saving Optimizer\3.1.0.3900\FF [2009/06/01 19:34:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files (x86)\Media Access Startup\1.0.0.610\FF
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:01:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/06/15 11:44:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/06/15 11:44:29 | 00,000,000 | ---D | M]

[2009/02/20 15:16:23 | 00,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\mozilla\Extensions
[2009/02/20 15:16:23 | 00,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/24 17:00:33 | 00,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions
[2009/04/18 00:21:00 | 00,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/06/24 17:00:33 | 00,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/02 19:39:46 | 00,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/08 06:34:18 | 00,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009/05/17 22:56:48 | 00,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/19 21:50:08 | 00,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2009/03/26 17:01:02 | 00,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/06/08 06:34:21 | 00,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\treestyletab@piro.sakura.ne.jp
[2009/04/15 09:04:51 | 00,009,895 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Mozilla\FireFox\Profiles\0nuysqe0.default\searchplugins\mywebsearch.xml
[2009/06/18 15:05:27 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/06/15 11:44:29 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/01 17:41:07 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/15 11:44:26 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/06/15 11:44:26 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/06/15 11:44:27 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/06/02 17:56:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/06/02 17:56:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/02 17:56:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/02 17:56:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/02 17:56:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/02 17:56:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/02 17:56:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/03/05 01:31:13 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\mozilla firefox\plugins\NPTURNMED.dll
[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Media Access Startup) - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files (x86)\Media Access Startup\1.0.0.610\HPIEAddOn.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (NP Helper Class) - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files (x86)\Internet Saving Optimizer\3.1.0.3900\NPIEAddOn.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-961268410-3947591333-2576278008-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [LXCGCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCGtime.DLL ()
O4:64bit: - HKLM..\Run: [lxcgmon.exe] C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [lxdpmon.exe] C:\Program Files (x86)\Lexmark Z2300 Series\lxdpmon.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Belkin Storage Manager] C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files (x86)\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PhotoExplosionCalCheck] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-961268410-3947591333-2576278008-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-961268410-3947591333-2576278008-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-961268410-3947591333-2576278008-1000..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-961268410-3947591333-2576278008-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-961268410-3947591333-2576278008-1000..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-961268410-3947591333-2576278008-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-961268410-3947591333-2576278008-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWow64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-961268410-3947591333-2576278008-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O18:64bit: - Protocol\Filter: - application/octet-stream - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - application/x-complus - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - application/x-msdownload - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - deflate - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter: - gzip - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - x-sdch - Reg Error: Key error. File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/04/18 11:23:00 | 00,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2b0cc5e3-fee2-11dd-aab7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2b0cc5e3-fee2-11dd-aab7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2001/04/30 13:33:00 | 00,032,768 | R--- | M] ()
O33 - MountPoints2\{a4e004d9-21e7-11de-b929-00235a24ba8d}\Shell - "" = AutoRun
O33 - MountPoints2\{a4e004d9-21e7-11de-b929-00235a24ba8d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\ProgramData\*.tmp files]
[2009/06/24 21:32:19 | 00,512,512 | ---- | C] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
[2009/06/24 17:02:34 | 40,242,62656 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/24 16:48:08 | 00,359,893 | ---- | C] () -- C:\Users\Cindy\Desktop\dds(2).scr
[2009/06/22 18:37:46 | 00,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Yahoo!
[2009/06/22 18:37:25 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2009/06/22 18:37:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2009/06/22 18:35:35 | 00,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{D40B38C7-3BBE-46AF-9B87-AE2DE401F5C2}.job
[2009/06/21 11:42:52 | 00,000,000 | ---D | C] -- C:\Users\Cindy\Documents\LDW
[2009/06/21 11:34:50 | 00,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\ApplicationHistory
[2009/06/18 19:27:00 | 00,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/18 19:25:16 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2009/06/18 10:00:57 | 00,000,000 | ---D | C] -- C:\rsit
[2009/06/17 23:24:04 | 00,781,909 | ---- | C] () -- C:\Users\Cindy\Desktop\RSIT.exe
[2009/06/17 00:15:20 | 00,002,920 | ---- | C] () -- C:\Users\Cindy\Desktop\kaspersky.html
[2009/06/17 00:14:49 | 00,002,920 | ---- | C] () -- C:\Users\Cindy\Documents\kspersky error.html
[2009/06/16 16:09:10 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/06/16 16:03:44 | 00,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Apple
[2009/06/15 12:53:26 | 00,000,342 | ---- | C] () -- C:\Users\Cindy\Desktop\DrWeb.csv
[2009/06/15 12:52:00 | 00,000,342 | ---- | C] () -- C:\Users\Cindy\Documents\DrWeb.csv
[2009/06/15 11:49:47 | 14,427,984 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Cindy\Desktop\s2845924.exe
[2009/06/15 10:47:36 | 00,007,130 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2009/06/15 10:46:25 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2009/06/15 10:46:20 | 00,000,000 | ---D | C] -- C:\SmitfraudFix
[2009/06/15 08:46:02 | 00,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2009/06/15 08:46:02 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2009/06/15 08:46:02 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2009/06/15 08:46:02 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2009/06/15 08:46:02 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2009/06/15 08:46:02 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2009/06/15 08:46:02 | 00,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2009/06/15 08:46:02 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2009/06/15 08:46:02 | 00,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2009/06/15 08:46:01 | 00,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2009/06/15 08:46:01 | 00,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2009/06/15 08:46:01 | 00,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2009/06/15 08:46:01 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2009/06/14 14:42:00 | 00,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Apple Computer
[2009/06/14 12:53:00 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/06/14 12:52:24 | 00,000,944 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/14 12:52:21 | 00,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\SUPERAntiSpyware.com
[2009/06/14 12:52:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/06/14 12:51:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2009/06/14 00:13:01 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2009/06/14 00:12:58 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2009/06/14 00:12:57 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009/06/14 00:12:57 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2009/06/14 00:12:57 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009/06/14 00:12:57 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009/06/14 00:12:56 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2009/06/14 00:12:56 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009/06/14 00:12:56 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2009/06/14 00:12:56 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009/06/13 23:18:36 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/06/12 22:22:39 | 00,000,000 | ---D | C] -- C:\Users\Cindy\Documents\ProcessExplorer
[2009/06/12 19:14:21 | 00,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Internet Saving Optimizer
[2009/06/12 19:02:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\HPDailySurprise
[2009/06/12 19:02:21 | 00,430,854 | ---- | C] () -- C:\Users\Cindy\Desktop\HpDailySurprise.air
[2009/06/11 15:51:03 | 00,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Malwarebytes
[2009/06/11 15:51:01 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/11 15:50:58 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/06/11 15:50:57 | 00,022,040 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/06/11 15:50:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/11 15:50:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/06/11 08:21:27 | 00,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2009/06/11 08:21:27 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2009/06/11 08:21:18 | 01,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2009/06/11 08:21:18 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpcrt4.dll
[2009/06/11 08:21:04 | 09,234,432 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/06/11 08:21:04 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/06/11 08:21:02 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/06/11 08:21:01 | 12,454,912 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/06/11 08:21:01 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/06/11 08:21:00 | 02,332,672 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/06/11 08:21:00 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/06/11 08:21:00 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/06/11 08:21:00 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/06/11 08:20:59 | 01,146,368 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/06/11 08:20:59 | 00,457,728 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/06/11 08:20:59 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/06/11 08:20:58 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/06/11 08:20:57 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/06/11 08:20:57 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/06/11 08:20:57 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/06/11 08:20:57 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/06/11 08:20:56 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/06/11 08:20:56 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/06/11 08:20:56 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/06/11 08:20:56 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/06/11 08:20:55 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/06/11 08:20:55 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/06/11 08:20:55 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/06/11 08:20:54 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/06/11 08:20:54 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/06/11 08:20:46 | 02,742,272 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2009/06/09 16:27:06 | 13,855,2917 | ---- | C] () -- C:\Users\Cindy\Desktop\Rachel's Sophomore end-of-year chorus concert.wmv
[2009/06/08 16:14:50 | 01,486,728 | ---- | C] () -- C:\Users\Cindy\Documents\DSC00339.JPG
[2009/06/08 16:14:50 | 01,485,652 | ---- | C] () -- C:\Users\Cindy\Documents\DSC00336.JPG
[2009/06/08 16:14:50 | 01,468,936 | ---- | C] () -- C:\Users\Cindy\Documents\DSC00338.JPG
[2009/06/08 16:14:50 | 01,456,489 | ---- | C] () -- C:\Users\Cindy\Documents\DSC00337.JPG
[2009/06/08 16:14:50 | 01,370,851 | ---- | C] () -- C:\Users\Cindy\Documents\DSC00335.JPG
[2009/06/05 00:10:38 | 00,015,688 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2009/06/04 22:01:41 | 00,068,640 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2009/06/04 21:59:57 | 00,000,496 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/06/04 21:55:44 | 00,000,000 | -H-D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/04 21:55:42 | 00,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/06/04 21:55:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/06/04 21:55:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/06/04 21:41:02 | 00,001,928 | ---- | C] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2009/06/04 21:41:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/06/04 08:27:40 | 00,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
[2009/06/04 08:27:40 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardcpl.cpl
[2009/06/04 08:27:20 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
[2009/06/04 08:27:18 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2009/06/04 08:27:16 | 00,052,760 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2009/06/04 08:27:15 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2009/06/04 08:27:14 | 01,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2009/06/04 08:27:14 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationNative_v0300.dll
[2009/06/04 08:27:14 | 00,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
[2009/06/04 08:27:14 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2009/06/04 08:27:13 | 01,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
[2009/06/04 08:27:13 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2009/06/04 08:26:55 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2009/06/04 08:26:54 | 00,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2009/06/04 08:26:49 | 00,357,904 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2009/06/04 08:26:49 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2009/06/04 08:09:08 | 00,013,824 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2009/06/04 08:09:07 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2009/06/04 08:07:54 | 00,112,120 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2009/06/04 08:07:54 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2009/06/04 08:07:08 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscoree.dll
[2009/06/04 08:07:06 | 00,406,528 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2009/06/04 08:06:09 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2009/06/04 08:06:09 | 00,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
[2009/06/04 08:05:56 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
[2009/06/04 08:05:45 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2009/06/04 07:54:17 | 00,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll
[2009/06/04 07:54:16 | 00,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll
[2009/06/04 07:54:16 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2009/06/04 07:54:16 | 00,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll
[2009/06/04 07:54:16 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2009/06/04 07:54:16 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2009/06/04 07:54:16 | 00,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll
[2009/06/04 07:54:15 | 00,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll
[2009/06/04 07:54:15 | 00,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll
[2009/06/04 07:54:15 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2009/06/04 07:54:15 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
[2009/06/04 07:54:15 | 00,012,800 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/06/04 07:54:14 | 00,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx
[2009/06/04 07:54:14 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2009/06/04 07:54:14 | 00,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll
[2009/06/04 07:54:13 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2009/06/04 07:54:13 | 00,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll
[2009/06/04 07:54:13 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe
[2009/06/04 07:54:13 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/06/04 07:54:13 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2009/06/04 07:54:13 | 00,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll
[2009/06/04 07:54:13 | 00,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/06/04 07:54:13 | 00,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2009/06/04 07:54:13 | 00,055,808 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2009/06/04 07:54:13 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/06/04 07:54:13 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2009/06/04 07:54:13 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/06/04 07:54:12 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/06/04 07:54:12 | 00,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2009/06/04 07:54:12 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009/06/04 07:54:11 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2009/06/04 07:54:11 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/06/04 07:54:11 | 00,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll
[2009/06/04 07:54:11 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2009/06/04 07:54:11 | 00,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll
[2009/06/04 07:54:11 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2009/06/04 07:54:11 | 00,146,432 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/06/04 07:54:11 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2009/06/04 07:54:10 | 01,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2009/06/04 07:54:10 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/06/04 07:54:10 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/06/04 07:54:10 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/06/04 07:54:10 | 00,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2009/06/04 07:54:10 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2009/06/04 07:54:10 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2009/06/04 07:54:09 | 00,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll
[2009/06/04 07:54:09 | 00,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2009/06/04 07:54:09 | 00,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll
[2009/06/04 07:54:09 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webcheck.dll
[2009/06/04 07:54:09 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2009/06/04 07:54:09 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2009/06/04 07:54:09 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2009/06/04 07:54:09 | 00,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll
[2009/06/04 07:54:09 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2009/06/04 07:54:08 | 00,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe
[2009/06/04 07:54:08 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
[2009/06/04 07:54:08 | 00,161,792 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/06/04 07:54:08 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/06/04 07:54:08 | 00,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe
[2009/06/04 07:54:08 | 00,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2009/06/04 07:54:08 | 00,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2009/06/04 07:54:08 | 00,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe
[2009/06/04 07:54:08 | 00,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe
[2009/06/04 07:54:07 | 00,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2009/06/04 07:54:07 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2009/06/04 07:54:07 | 00,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2009/06/04 07:54:07 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2009/06/04 07:54:07 | 00,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll
[2009/06/04 07:54:07 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2009/06/04 07:54:06 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2009/06/04 07:54:06 | 00,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll
[2009/06/04 07:54:05 | 00,479,744 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2009/06/04 07:54:05 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2009/06/04 07:54:05 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2009/06/04 07:54:05 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshta.exe
[2009/06/04 07:54:04 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2009/06/04 07:54:04 | 03,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2009/06/04 07:54:04 | 00,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe
[2009/06/04 07:54:04 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/06/04 07:54:04 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
[2009/06/04 07:54:04 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/06/04 07:54:04 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2009/06/04 07:54:04 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2009/06/04 07:54:04 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2009/06/02 17:58:48 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/06/02 17:58:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2009/06/02 17:58:22 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/02 17:58:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2009/06/02 17:56:23 | 00,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/06/02 17:56:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009/06/01 19:34:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Saving Optimizer
[2009/06/01 19:33:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DoubleD
[2009/05/30 23:17:19 | 00,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/05/30 23:17:19 | 00,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/05/30 23:17:19 | 00,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/05/30 22:21:51 | 00,038,627 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009/05/30 22:21:51 | 00,001,740 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2009/05/30 22:21:47 | 00,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2009/05/30 22:21:46 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2009/05/30 22:08:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo II
[2009/05/27 17:46:00 | 00,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll
[2009/05/27 17:46:00 | 00,029,544 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2009/05/27 17:45:34 | 00,000,000 | ---D | C] -- C:\ProgramData\{35733029-9859-49C7-8475-1E78E2AAE413}
[2009/03/03 20:55:30 | 01,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll
[2009/03/03 20:55:30 | 00,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll
[2009/03/03 20:55:30 | 00,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll
[2009/03/03 20:55:30 | 00,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll
[2009/03/03 20:55:30 | 00,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll
[2009/03/03 20:55:30 | 00,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll
[2009/03/03 20:55:30 | 00,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll
[2009/03/03 20:55:30 | 00,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll
[2009/03/03 20:55:30 | 00,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll
[2009/03/03 20:55:30 | 00,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll
[2009/03/03 20:55:30 | 00,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll
[2009/03/03 20:55:30 | 00,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll
[2009/03/03 20:55:30 | 00,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll
[2009/03/03 19:26:42 | 01,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpserv.dll
[2009/03/03 19:26:42 | 00,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpusb1.dll
[2009/03/03 19:26:42 | 00,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdppmui.dll
[2009/03/03 19:26:42 | 00,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpinpa.dll
[2009/03/03 19:26:42 | 00,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDPinst.dll
[2009/03/03 19:26:42 | 00,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpiesc.dll
[2009/03/03 19:26:42 | 00,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdpcomx.dll
[2009/03/03 19:26:42 | 00,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpprox.dll
[2009/03/03 19:26:41 | 00,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpcomc.dll
[2009/03/03 19:26:41 | 00,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdphbn3.dll
[2009/03/03 19:26:41 | 00,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdplmpm.dll
[2009/03/03 19:26:41 | 00,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdpcomm.dll
[2008/01/20 22:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 08:34:27 | 00,000,230 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\ProgramData\*.tmp files]
[2009/06/24 21:40:26 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D40B38C7-3BBE-46AF-9B87-AE2DE401F5C2}.job
[2009/06/24 21:32:20 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Desktop\OTL.exe
[2009/06/24 21:31:59 | 00,018,705 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2009/06/24 21:31:26 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/24 19:02:44 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/24 19:02:44 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/24 17:02:49 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009/06/24 17:02:46 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/24 17:02:34 | 40,242,62656 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/24 16:56:50 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/06/24 16:48:09 | 00,359,893 | ---- | M] () -- C:\Users\Cindy\Desktop\dds(2).scr
[2009/06/23 16:38:21 | 00,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/06/22 21:59:47 | 00,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/06/20 03:03:13 | 00,721,824 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/20 03:03:13 | 00,604,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/06/20 03:03:13 | 00,105,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/06/17 23:24:04 | 00,781,909 | ---- | M] () -- C:\Users\Cindy\Desktop\RSIT.exe
[2009/06/17 00:15:20 | 00,002,920 | ---- | M] () -- C:\Users\Cindy\Desktop\kaspersky.html
[2009/06/17 00:14:49 | 00,002,920 | ---- | M] () -- C:\Users\Cindy\Documents\kspersky error.html
[2009/06/15 16:17:30 | 00,000,342 | ---- | M] () -- C:\Users\Cindy\Desktop\DrWeb.csv
[2009/06/15 12:52:00 | 00,000,342 | ---- | M] () -- C:\Users\Cindy\Documents\DrWeb.csv
[2009/06/15 11:53:51 | 14,427,984 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Cindy\Desktop\s2845924.exe
[2009/06/15 10:47:36 | 00,007,130 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2009/06/14 12:52:24 | 00,000,944 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/13 14:11:21 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/06/13 10:08:10 | 00,374,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/06/12 19:02:58 | 00,000,852 | ---- | M] () -- C:\Users\Public\Desktop\HPDailySurprise.lnk
[2009/06/12 19:02:21 | 00,430,854 | ---- | M] () -- C:\Users\Cindy\Desktop\HpDailySurprise.air
[2009/06/12 16:49:27 | 00,015,360 | ---- | M] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 15:51:01 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/05 14:13:26 | 00,006,836 | ---- | M] () -- C:\Users\Cindy\AppData\Local\d3d9caps.dat
[2009/06/04 23:03:05 | 13,855,2917 | ---- | M] () -- C:\Users\Cindy\Desktop\Rachel's Sophomore end-of-year chorus concert.wmv
[2009/06/04 22:01:32 | 00,068,640 | ---- | M] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2009/06/04 22:01:30 | 00,015,688 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2009/06/04 21:55:42 | 00,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/06/04 21:41:02 | 00,001,928 | ---- | M] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2009/06/04 12:13:46 | 00,106,160 | ---- | M] () -- C:\Users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/06/04 11:10:28 | 01,486,728 | ---- | M] () -- C:\Users\Cindy\Documents\DSC00339.JPG
[2009/06/04 11:10:12 | 01,468,936 | ---- | M] () -- C:\Users\Cindy\Documents\DSC00338.JPG
[2009/06/04 11:03:50 | 01,456,489 | ---- | M] () -- C:\Users\Cindy\Documents\DSC00337.JPG
[2009/06/04 11:03:22 | 01,485,652 | ---- | M] () -- C:\Users\Cindy\Documents\DSC00336.JPG
[2009/06/04 11:02:48 | 01,370,851 | ---- | M] () -- C:\Users\Cindy\Documents\DSC00335.JPG
[2009/06/02 17:58:48 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/06/02 17:56:23 | 00,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/06/02 11:17:27 | 00,075,776 | ---- | M] () -- C:\Windows\SysWow64\WS2Fix.exe
[2009/06/01 19:35:13 | 00,000,230 | ---- | M] () -- C:\Windows\win.ini
[2009/06/01 13:16:48 | 25,255,368 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/06/01 01:20:00 | 00,000,332 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/05/30 23:17:19 | 00,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/05/30 23:17:19 | 00,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/05/30 23:17:19 | 00,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/05/30 23:13:40 | 00,038,627 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2009/05/30 22:21:51 | 00,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2009/05/30 22:21:47 | 00,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2009/05/30 22:21:46 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2009/05/28 15:51:34 | 00,000,316 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\wklnhst.dat
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/05/26 13:19:58 | 00,022,040 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
< End of report >

OTL Extras logfile created on: 6/24/2009 9:44:07 PM - Run 1
OTL by OldTimer - Version 3.0.5.2 Folder = C:\Users\Cindy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 62.69% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.18 Gb Total Space | 184.05 Gb Free Space | 64.54% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
Drive E: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CINDY-PC
Current User Name: Cindy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

{396477c0-f045-47ed-8828-8d63b7f37b45} = rport=445 | protocol=6 | dir=out | app=system |
{3bf84b39-a0e8-48d3-b30d-724d27ad8ae4} = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
{4b861fce-93dc-4b32-b5bc-483d6a902c38} = rport=139 | protocol=6 | dir=out | app=system |
{79654833-97a5-4b2e-beaf-beb9057f4f4e} = rport=138 | protocol=17 | dir=out | app=system |
{832a7912-b9f6-4363-85c5-3715b6d448ef} = lport=445 | protocol=6 | dir=in | app=system |
{a432912b-c5f4-455c-b386-a4f61f437224} = lport=138 | protocol=17 | dir=in | app=system |
{ae680fed-cfc0-42e0-b707-89542dc0cdb0} = lport=137 | protocol=17 | dir=in | app=system |
{beef66a3-678b-4691-9f10-d115c3e3d6c0} = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
{e63be57b-00a4-4b55-b921-68990bd4e0cd} = rport=137 | protocol=17 | dir=out | app=system |
{fc880021-dd71-45f7-8899-86a20b424df3} = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

{08c87972-a019-45c7-a96a-cf6dfb57173e} = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
{12dd5bc1-62f6-4d76-a5ec-85b19f20c023} = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
{2c55e06e-c19e-4520-84c1-007e748be97e} = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
{2d720e0b-fb17-4c8a-9f86-b55938cfa8a9} = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
{346930cb-c200-4e73-853c-fc5fe1a126d8} = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
{36bb79ac-a78c-43c8-b1d8-e8a8dd992a9e} = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
{377eb26b-48b1-4510-805c-183f2c469658} = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
{4395bc14-2273-4b12-b065-46e4dc95eb40} = protocol=17 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe |
{4ab557c5-7d7a-4726-bc82-8b2e3db54bfd} = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
{4d177681-6cb8-41af-88ee-02c3d1073b56} = protocol=17 | dir=in | app=c:\windows\syswow64\lxdpcoms.exe |
{5246886c-ae1c-4ede-b798-7f354c8d4c02} = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
{59cad699-bc8f-47ba-b15e-e1f00547633a} = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
{5a368a94-73e3-4996-b1c5-92036fb56754} = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
{5ad58a42-d5af-44c8-8f26-f74f94407c43} = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
{677b898d-6119-4dbf-bf4e-f9387cbbfa96} = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
{6e2114f0-46af-4531-a9e8-8d51ac17c725} = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcgpswx.exe |
{8820a505-1039-4625-b3c8-1b0c320f91fa} = protocol=17 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
{88c9ce10-f5cd-4ff5-a269-372155cba0b3} = protocol=6 | dir=in | app=c:\windows\syswow64\lxdpcoms.exe |
{94519a8f-b812-4027-bace-d8d242c71b0a} = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
{9b05edc3-d05e-4f54-b816-10b8d35ed14f} = protocol=6 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe |
{a7727452-6300-4e7a-a038-108d61464b68} = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
{ac675864-a7e3-41a6-a37f-1d084e1f32e2} = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
{acc73245-bec9-4c1f-a849-587b34e9ab3b} = protocol=6 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
{b472629c-b189-4552-921d-75f97900f22a} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{c67320e5-6d44-4ee6-bff5-2a025a71df6e} = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
{c695ecba-207e-45bb-bb99-e27d5064c60a} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{ca65d4cb-3c4e-4bfd-ad48-a31939fb78ee} = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
{cc4766fb-90f3-4370-85ce-0e930bd301fe} = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
{cd816c93-9cf3-48c3-9c3d-81516d97ff1e} = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{cefbeb74-20af-4482-9994-a560377de021} = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcgpswx.exe |
{d1007414-de96-4af0-8d22-7f092f6ad5d0} = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
{d16d1282-867a-466c-a2f8-41bdc384152f} = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
{d40ee9af-aa88-4b48-a2ce-88ee7d71e5cd} = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
{d48ed3ec-95cb-450e-910f-f1214d458f21} = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
{eb74096e-ff57-4eb4-8c38-60571ffb51e2} = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
{f29e2fee-bbe8-4ae5-b3c2-8f39326c85f9} = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{f7741dcd-4120-4b03-9906-9956c9f32d1c} = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
tcp query user{fe85b85d-0ced-477f-a38f-25b6c5c84ed7}c:\program files (x86)\belkin storage manager\storagemanager.exe = protocol=6 | dir=in | app=c:\program files (x86)\belkin storage manager\storagemanager.exe |
udp query user{18b2b8fb-6550-4cc6-9fc9-f08a197617ed}c:\program files (x86)\belkin storage manager\storagemanager.exe = protocol=17 | dir=in | app=c:\program files (x86)\belkin storage manager\storagemanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4BAD5736-35B9-F84D-9E1A-597F1B78FF44}" = ccc-utility64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7510991E-FE80-7466-2E31-561B52059618}" = ATI Catalyst Install Manager
"{7F6C6990-E99A-4835-8861-BA0E319EA074}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8742BB08-952C-452B-A090-940E136B848D}" = MobileMe Control Panel
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DE4ACC36-9BF6-4466-B3C7-2EE1615EBC68}" = Apple Mobile Device Support
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Lexmark 2300 Series" = Lexmark 2300 Series
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07E785BF-510A-AA43-084E-FF06B3CE8C4C}" = CCC Help Chinese Standard
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1034BE34-1569-4889-831D-C2C3F2CB2F73}" = Photo Explosion Deluxe 3.0
"{129EE758-124A-593C-1EBE-9A2D3A100316}" = Catalyst Control Center Localization Czech
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13C300AF-179C-7350-77E0-61D5566AF864}" = Catalyst Control Center Graphics Full New
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{1545BCD9-DC1A-579C-FB16-170FBE27101D}" = Catalyst Control Center Localization French
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{159B866E-596E-2428-03DD-FF19A8495791}" = CCC Help Finnish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1" = Media Access Startup
"{1740C09B-7E44-D6D5-3694-EA668878B42D}" = CCC Help Swedish
"{178B8E49-2A8E-398E-259B-273311195950}" = Catalyst Control Center Localization Chinese Traditional
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A16E615-CA3F-3F53-EF0E-AA8B5C20294A}" = CCC Help Spanish
"{1E98933B-FAA4-9E26-10E4-4EB58F4C6158}" = CCC Help Turkish
"{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1" = Internet Saving Optimizer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24457508-7194-C5D8-FA37-95AA7E8461A9}" = Catalyst Control Center Localization Norwegian
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{32224A1F-AEC1-739A-5D30-537AB4495CA6}" = CCC Help Japanese
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34642316-CC37-4A01-9C14-014E283346C5}" = Catalyst Control Center Graphics Previews Common
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3604540D-3537-F7FA-726D-F1E60AEC29B4}" = CCC Help Dutch
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39ABC33D-45D6-6ED0-4D64-681F71A1B8E9}" = Skins
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{558FF444-F562-4E4C-98BD-7B20EE184D2E}" = Catalyst Control Center - Branding
"{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}" = Greeting Card Factory Deluxe 7.0
"{561F720C-344E-3684-8091-ADC65B5A1C1D}" = CCC Help Czech
"{563E6B6A-A8E6-8EEA-23D5-C7B277E0E59B}" = CCC Help Italian
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5A793900-4ABA-A304-6BAC-D53DAC45E051}" = CCC Help Russian
"{5BAF6C19-B082-397F-808B-68BCE9443BD8}" = Catalyst Control Center Localization Polish
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6E50E217-16CA-52FE-805C-A2B28DA5B4DC}" = CCC Help Korean
"{70188CEB-B52D-E085-47FF-D6CADF0D855C}" = Catalyst Control Center Localization Korean
"{71E655A4-3023-A61A-B325-DDB889CBD365}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72F7ED33-5F14-1009-5517-30DBEA2C1681}" = Catalyst Control Center Graphics Light
"{775A633A-DDE9-55D5-16C1-33702198ACF4}" = Catalyst Control Center Localization German
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7933FCE0-2C5C-2026-3E9D-7538A4C6CE67}" = CCC Help Portuguese
"{79719B38-DB69-9384-A52C-EA873A218072}" = Catalyst Control Center Localization Russian
"{79B44DF5-311C-99EC-470A-6558280DDBA4}" = CCC Help Polish
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7D512381-4BE8-AA6B-6D72-50A50DFF3C7B}" = Catalyst Control Center Localization Spanish
"{7F753BCE-0775-A20F-C570-B35FABC3E5A6}" = CCC Help Hungarian
"{80161382-D1D4-A6B8-7972-1946882556C7}" = Catalyst Control Center Core Implementation
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86F167DF-4007-A205-B420-BA5FFC6848D0}" = CCC Help Danish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903B9154-FA33-61C4-5DBF-E22DB6CD02E4}" = Catalyst Control Center Localization Dutch
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94369BC3-9ED5-9E95-F5AC-A5D747AFD50E}" = Catalyst Control Center Localization Thai
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99543043-20E1-5C4C-02E9-4579AA3E407C}" = Catalyst Control Center Graphics Previews Vista
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE
"{A0E723B5-F219-1BA4-8E0F-E40AEF252CCB}" = Catalyst Control Center Localization Hungarian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5AACBDB-7E50-6374-B1CA-BCC6DF7224C0}" = Catalyst Control Center Localization Greek
"{A6C6F036-951A-532F-8BBE-D584E74C728E}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AD0CC7C0-2C63-1067-4F50-02F505D1D225}" = CCC Help Chinese Traditional
"{AD1963C9-501D-785F-8ADF-12668D9D7D6C}" = Catalyst Control Center Localization Finnish
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B7382BC7-D988-F92B-9EA0-96A057DB9711}" = CCC Help French
"{B9B03499-F61D-FBA7-AEDE-E6CDAE983F2D}" = Catalyst Control Center Localization Italian
"{BAE19D51-2DC4-8154-DE72-EB78CAC7F08F}" = Catalyst Control Center Localization Swedish
"{BCC02E43-8FD8-FEBF-4319-1FE6F8559645}" = HPDailySurprise
"{C0B31026-FA56-5F14-71B4-E956C83E6853}" = Catalyst Control Center Localization Portuguese
"{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B}" = Belkin Storage Manager
"{C32CD965-A0AF-19B7-C5D5-D314876762A4}" = Catalyst Control Center Localization Chinese Standard
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4ACD120-3F6C-D6C8-DC37-DDE0B77DCA2E}" = Catalyst Control Center Localization Japanese
"{C5096216-7703-409E-B85A-8A6EE7395128}}_is1" = System Search Dispatcher
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C88B6B79-A659-4DE5-0B4A-6FEEF9FA674F}" = Catalyst Control Center Graphics Full Existing
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D7928776-A89D-C7DA-DAF3-9B7FB1D9FA76}" = CCC Help German
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF5E415F-71F2-CA46-A83D-5D4118939852}" = Catalyst Control Center Localization Danish
"{E1A4C03E-881C-128E-921C-A9D9F940E29F}" = Catalyst Control Center InstallProxy
"{E2D528DA-70E6-D634-47C8-BF80B59CC7EE}" = CCC Help Norwegian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7DEB529-C2EF-DD45-DB4A-FA94F553D71C}" = Catalyst Control Center Localization Turkish
"{F1DC3E29-B4F1-7969-900E-376D258F1D1D}" = CCC Help Thai
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB4C6AF2-315B-B351-8DA9-54F752B519BB}" = CCC Help Greek
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player 10 ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"EADM" = EA Download Manager
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSC" = McAfee SecurityCenter
"RealPlayer 6.0" = RealPlayer
"ST6UNST #1" = Gardener's Journal Premium 3.1
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = HP Games
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2009 11:58:10 AM | Computer Name = Cindy-PC | Source = EventSystem | ID = 4621
Description =

Error - 6/14/2009 12:30:16 PM | Computer Name = Cindy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2009 12:49:00 PM | Computer Name = Cindy-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Users\Cindy\Downloads\gamingharbor_installer.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.

Error - 6/14/2009 1:00:32 PM | Computer Name = Cindy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2009 1:00:48 PM | Computer Name = Cindy-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/14/2009 2:41:32 PM | Computer Name = Cindy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2009 6:04:36 PM | Computer Name = Cindy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2009 9:05:01 PM | Computer Name = Cindy-PC | Source = EventSystem | ID = 4621
Description =

Error - 6/14/2009 9:06:21 PM | Computer Name = Cindy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/15/2009 7:43:16 AM | Computer Name = Cindy-PC | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 4/25/2009 1:30:34 PM | Computer Name = Cindy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 6/21/2009 10:41:21 AM | Computer Name = Cindy-PC | Source = HTTP | ID = 15016
Description =

Error - 6/21/2009 10:42:24 AM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/21/2009 10:46:00 AM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028)
disappeared from the system without first being prepared for removal.

Error - 6/21/2009 10:46:00 AM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228)
disappeared from the system without first being prepared for removal.

Error - 6/21/2009 10:46:00 AM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328)
disappeared from the system without first being prepared for removal.

Error - 6/21/2009 10:46:00 AM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428)
disappeared from the system without first being prepared for removal.

Error - 6/21/2009 4:55:11 PM | Computer Name = Cindy-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 6/21/2009 4:55:12 PM | Computer Name = Cindy-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 6/21/2009 4:55:28 PM | Computer Name = Cindy-PC | Source = HTTP | ID = 15016
Description =

Error - 6/21/2009 4:55:57 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 27 June 2009 - 12:14 PM

Hi again.
Sorry for the delay.
A bit tricky with your 64 bit system.
Please do this first......

Download:
OTS
and save it to your desktop:
- Double click Posted Image and run
If you are running on Vista then right-click the program and choose Run as Administrator.


- Please check Posted Image & Posted Image
- Next press
Posted Image
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
- Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit)
- The log will be located in the OTS folder and named OTS.txt.

==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:


* OTS.txt (attached)
* Gmer.log

Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 chembear

chembear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 27 June 2009 - 10:02 PM

Here are the OTS.txt and the gmer log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-27 22:55:10
Windows 6.0.6001 Service Pack 1


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bff1e3
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186bff1e3

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  OTS.Txt   295.87KB   8 downloads


#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 28 June 2009 - 11:40 AM

Hi there. :thumbup2:
Please do this...............

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.

==========

We need to create an:
OTS - fix:
- Double click Posted Image from your desktop and run
If you are running on Vista then right-click the program and choose Run as Administrator.

- Copy & paste the contents of the code box below (excluding the word "code") in the Posted Image box
[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\Cindy\AppData\Roaming\Mozilla\FireFox\Profiles\0nuysqe0.default\prefs.js
YN -> keyword.URL -> "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=2tWdESdFRtweTiekKdb4sA&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor="
< FireFox SearchPlugins [User Folders] > -> 
YY -> mywebsearch.xml -> C:\Users\Cindy\AppData\Roaming\Mozilla\FireFox\Profiles\0nuysqe0.default\searchplugins\mywebsearch.xml
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts
YN -> Reset Hosts -> 
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\] > -> HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{a4e004d9-21e7-11de-b929-00235a24ba8d} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e004d9-21e7-11de-b929-00235a24ba8d}\shell -> 
YN -> \{a4e004d9-21e7-11de-b929-00235a24ba8d}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e004d9-21e7-11de-b929-00235a24ba8d}\shell\AutoRun\command -> 
YN -> \{a4e004d9-21e7-11de-b929-00235a24ba8d}\shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a]
[Registry - Additional Scans - Safe List]
< 64bit-Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
YN -> ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY -> 1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp
[Empty Temp Folders]
[Reboot]


- Next press
Posted Image
- The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
- Copy & paste this log in your next reply.

Finally...
- Use the Add Reply button in the forum and Attach a new OTS scan back here (do not copy/paste it as it will be too big to fit)
- The log will be located in the OTS folder and named OTS.txt.

==========

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
==========

With your next post please provide:

* Goored log
* OTS.log
* OTS.txt
* Bitdefender log
* Describe in detail any problems your still experiencing

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 chembear

chembear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 28 June 2009 - 06:47 PM

Either I'm not doing something right or this is a very smart virus. The Bitdefender scan failed, twice.

here is the Goored log

GooredFix v1.92 by jpshortstuff
Log created at 18:51 on 28/06/2009 running Option #1 (Cindy)
Firefox version 3.0.11 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Plugins"="C:\Program Files (x86)\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Components"="C:\Program Files (x86)\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}"="C:\Program Files (x86)\Media Access Startup\1.0.0.610\FF" (Folder Missing)

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{2224E955-00E9-4613-A844-CE69FCCAAE91}"="C:\Program Files (x86)\Internet Saving Optimizer\3.1.0.3900\FF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files (x86)\McAfee\SiteAdvisor"


Here is the OTS log file.

All Processes Killed
No active process named Explorer.EXE was found!
[Registry - Safe List]
Prefs.js: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=2tWdESdFRtweTiekKdb4sA&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor=" removed from keyword.URL
C:\Users\Cindy\AppData\Roaming\Mozilla\FireFox\Profiles\0nuysqe0.default\searchplugins\mywebsearch.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e004d9-21e7-11de-b929-00235a24ba8d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e004d9-21e7-11de-b929-00235a24ba8d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e004d9-21e7-11de-b929-00235a24ba8d}\shell\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e004d9-21e7-11de-b929-00235a24ba8d}\shell not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e004d9-21e7-11de-b929-00235a24ba8d}\shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e004d9-21e7-11de-b929-00235a24ba8d}\shell\AutoRun\command not found.
[Registry - Additional Scans - Safe List]
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
[Files/Folders - Created Within 30 Days]
[Empty Temp Folders]


User: All Users

User: Cindy
File delete failed. C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 163894696 bytes
->Java cache emptied: 16863399 bytes
->FireFox cache emptied: 92229131 bytes
->Google Chrome cache emptied: 438317 bytes
->Apple Safari cache emptied: 38696849 bytes

User: Default
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\mcafee_6rOJ8HqJpPZYEhC scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcafee_c2EJmCsu8RtT0Tz scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcafee_i9pZpZXM1PzeqWX scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcafee_rog3e4ZuOoISNae scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_2rTztiGB8C2Pmyp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_7Vqdd1AXSZrTgey scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_a4zbQtebtnuvWph scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_gJfRN5xTE97hgv2 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_0R2Qpz16U912ZOL scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_HhAp9AFCeeQkA8r scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_IA0qFjXnOJOaKst scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_LAXxta1XOacYHvI scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_LreUATHp8tsui3u scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_nxUXSQawQnUrcG0 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_sPg8CaS4ADruoyz scheduled to be deleted on reboot.
Windows Temp folder emptied: 1530315 bytes

RecycleBin emptied: 537 bytes

Total Files Cleaned = 299.15 mb

< End of fix log >
OTS by OldTimer - Version 3.0.8.0 fix logfile created on 06282009_185704

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_6rOJ8HqJpPZYEhC not found!
File\Folder C:\Windows\temp\mcafee_c2EJmCsu8RtT0Tz not found!
File\Folder C:\Windows\temp\mcafee_i9pZpZXM1PzeqWX not found!
File\Folder C:\Windows\temp\mcafee_rog3e4ZuOoISNae not found!
File\Folder C:\Windows\temp\mcmsc_2rTztiGB8C2Pmyp not found!
File\Folder C:\Windows\temp\mcmsc_7Vqdd1AXSZrTgey not found!
File\Folder C:\Windows\temp\mcmsc_a4zbQtebtnuvWph not found!
File\Folder C:\Windows\temp\mcmsc_gJfRN5xTE97hgv2 not found!
File\Folder C:\Windows\temp\sqlite_0R2Qpz16U912ZOL not found!
C:\Windows\temp\sqlite_HhAp9AFCeeQkA8r moved successfully.
C:\Windows\temp\sqlite_IA0qFjXnOJOaKst moved successfully.
File\Folder C:\Windows\temp\sqlite_LAXxta1XOacYHvI not found!
C:\Windows\temp\sqlite_LreUATHp8tsui3u moved successfully.
File\Folder C:\Windows\temp\sqlite_nxUXSQawQnUrcG0 not found!
File\Folder C:\Windows\temp\sqlite_sPg8CaS4ADruoyz not found!

Registry entries deleted on Reboot...

I didn't get another log for OTS.

#10 chembear

chembear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 28 June 2009 - 08:10 PM

Oops. Somehow, Bitdefender is now working....6 hours left in the scan.

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 28 June 2009 - 09:12 PM

Hi there, :thumbup2:
These online scans can sometimes be temperamental particularly with a 64bit OS. If Bitdefender gives you a fit let me know and we can try another. After you have completed the Online scan please create another OTS log. Directions below.......

Run OTS again. If you deleted it then re- download it here:
OTS
and save it to your desktop:

Otherwise.....
- Double click Posted Image and run
If you are running on Vista then right-click the program and choose Run as Administrator.


- Please check Posted Image & Posted Image
- Next press
Posted Image
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
- Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit)
- The log will be located in the OTS folder and named OTS.txt.

With your next post please provide:

* OTS.txt
* Bitdefender log
* A detailed description of any persistent problems

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 chembear

chembear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 29 June 2009 - 07:48 AM

I think computers as a rule can be temperamental.

What I can tell that the computer is doing is it seems to be only while browsing especially in Firefox but it also happens in IE (I mostly use Firefox) and I think it doesn't effect Safari at all (according to my husband). I get pop-ups or pop-unders (depending on who you talk to) to sites that I normally would not visit. It seems to happen only while actively browsing or doing something on a website, especially looking at pictures on Facebook. If I'm watching a movie at Netflix or TV on the network sites I don't seem to have a problem. Seems like the clicking activates a site but not every click. My computer also gets extremely slow while browsing and requires me to reboot, although it's dependent on how much I'm online. I admit I spend a lot of time online. I don't notice anything else being effected.

Cindy

Here's the logs you requested


OTS logfile created on: 6/29/2009 8:24:34 AM - Run 2
OTS by OldTimer - Version 3.0.8.0	 Folder = C:\Users\Cindy\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 51.42% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.18 Gb Total Space | 181.09 Gb Free Space | 63.50% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CINDY-PC
Current User Name: Cindy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.)
blservice.exe -> C:\Program Files (x86)\SMINST\BLService.exe -> [2008/10/06 12:54:52 | 00,365,952 | ---- | M] ()
calcheck.exe -> C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe -> [2006/05/10 13:32:32 | 00,069,632 | ---- | M] (Ulead Systems, Inc.)
clmlsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe -> [2008/09/25 22:42:24 | 00,189,736 | ---- | M] (CyberLink)
com4qlbex.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -> [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.)
dvdagent.exe -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe -> [2008/09/26 06:36:40 | 01,148,200 | ---- | M] (CyberLink Corp.)
ezprint.exe -> C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe -> [2007/04/29 23:57:42 | 00,103,344 | ---- | M] (Lexmark International Inc.)
firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2009/06/15 11:44:26 | 00,307,704 | ---- | M] (Mozilla Corporation)
googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/03/02 19:22:39 | 00,039,408 | ---- | M] (Google Inc.)
googleupdate.exe -> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -> [2009/05/15 15:42:26 | 00,133,104 | ---- | M] (Google Inc.)
hpadvisor.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe -> [2008/09/30 19:56:04 | 00,972,080 | ---- | M] (Hewlett-Packard)
hpqtoaster.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe -> [2008/04/11 12:04:54 | 00,685,360 | ---- | M] ()
hpqwmiex.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -> [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpwamain.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> [2008/04/15 17:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.)
hpwuschd2.exe -> C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe -> [2007/05/08 19:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
ielowutil.exe -> C:\Program Files (x86)\Internet Explorer\IELowutil.exe -> [2009/03/08 07:34:00 | 00,115,712 | ---- | M] (Microsoft Corporation)
ipodservice.exe -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.)
ituneshelper.exe -> C:\Program Files (x86)\iTunes\iTunesHelper.exe -> [2009/05/30 12:30:26 | 00,292,136 | ---- | M] (Apple Inc.)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
lightscribecontrolpanel.exe -> C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -> [2008/06/09 14:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company)
lssrvc.exe -> C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -> [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
lxcgmon.exe -> C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe -> [2007/04/29 23:55:32 | 00,205,744 | ---- | M] (Lexmark International, Inc.)
lxdpmon.exe -> C:\Program Files (x86)\Lexmark Z2300 Series\lxdpmon.exe -> [2008/03/27 04:15:24 | 00,656,040 | ---- | M] ()
mcagent.exe -> c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe -> [2009/03/25 17:25:20 | 00,645,328 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2009/03/25 17:25:20 | 00,797,864 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.)
mcsacore.exe -> C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -> [2009/02/11 11:06:36 | 00,210,216 | ---- | M] ()
mcsysmon.exe -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
mpfsrv.exe -> C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -> [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.)
msksrver.exe -> C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -> [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.)
ots.exe -> C:\Users\Cindy\Downloads\OTS.exe -> [2009/06/27 18:09:17 | 00,510,976 | ---- | M] (OldTimer Tools)
photoshopelementsfileagent.exe -> C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -> [2008/09/16 14:02:26 | 00,163,840 | ---- | M] (Adobe Systems Incorporated)
qlbctrl.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> [2008/08/01 19:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
realsched.exe -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe -> [2009/05/15 15:44:20 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
reminderapp.exe -> C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe -> [2007/08/25 02:03:20 | 00,185,664 | ---- | M] ()
richvideo.exe -> C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -> [2008/06/29 19:10:18 | 00,241,734 | ---- | M] ()
storagemanager.exe -> C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe -> [2008/08/30 02:37:22 | 00,855,040 | ---- | M] (Belkin International, Inc.)
tsmagent.exe -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe -> [2008/09/25 22:41:44 | 01,152,296 | ---- | M] (CyberLink Corp.)
wifimsg.exe -> C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE -> [2007/09/26 10:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.)
 
[Win32 Services - Safe List]
64bit-(AESTFilters) Andrea ST Filters Service [Win32_Own | Auto | Running] -> C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -> [2008/09/26 15:13:24 | 00,089,088 | ---- | M] ()
64bit-(AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> C:\Windows\SysNative\agr64svc.exe -> [2007/12/11 16:11:30 | 00,015,872 | ---- | M] ()
64bit-(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> C:\Windows\SysNative\Ati2evxx.exe -> [2008/09/17 00:14:32 | 00,905,216 | ---- | M] ()
64bit-(BthServ) Bluetooth Support Service [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\bthserv.dll -> [2008/10/23 04:02:25 | 00,053,760 | ---- | M] ()
64bit-(hpsrv) HP Service [Win32_Own | Auto | Running] -> C:\Windows\SysNative\Hpservice.exe -> [2008/03/18 20:25:40 | 00,023,040 | ---- | M] ()
64bit-(lxcg_device) lxcg_device [Win32_Own | Auto | Running] -> C:\Windows\SysNative\lxcgcoms.exe -> [2007/04/29 23:55:08 | 00,566,704 | ---- | M] ()
64bit-(lxdp_device) lxdp_device [Win32_Own | Auto | Running] -> C:\Windows\SysNative\lxdpcoms.exe -> [2008/02/27 12:06:50 | 01,044,648 | ---- | M] ()
64bit-(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/04/01 14:21:30 | 00,696,848 | ---- | M] (McAfee, Inc.)
64bit-(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/03/25 10:59:30 | 00,153,920 | ---- | M] (McAfee, Inc.)
64bit-(STacSV) Audio Service [Win32_Own | Auto | Running] -> C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -> [2008/09/26 15:13:54 | 00,279,040 | ---- | M] ()
64bit-(WinDefend) Windows Defender [Win32_Shared | On_Demand | Stopped] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 22:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation)
(AdobeActiveFileMonitor7.0) Adobe Active File Monitor V7 [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -> [2008/09/16 14:02:26 | 00,163,840 | ---- | M] (Adobe Systems Incorporated)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 14:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(Com4QLBEx) Com4QLBEx [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -> [2008/04/03 14:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/04/15 20:25:29 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Running] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 21:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -> [2009/06/05 20:07:28 | 00,250,616 | ---- | M] (WildTangent, Inc.)
(gupdate1c9d5955351c140) Google Update Service (gupdate1c9d5955351c140) [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -> [2009/05/15 15:42:26 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/06/01 19:33:17 | 00,182,768 | ---- | M] (Google)
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008/06/16 11:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard)
(hpqwmiex) hpqwmiex [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -> [2008/05/01 19:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 21:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\keyiso.dll -> [2006/11/02 05:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/06/18 21:59:22 | 01,003,344 | ---- | M] (Lavasoft)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -> [2008/06/09 14:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(lxcg_device) lxcg_device [Win32_Own | Auto | Running] -> C:\Windows\SysWow64\lxcgcoms.exe -> [2007/04/29 23:54:44 | 00,537,520 | ---- | M] ( )
(lxdp_device) lxdp_device [Win32_Own | Auto | Running] -> C:\Windows\SysWow64\lxdpcoms.exe -> [2008/02/27 12:06:28 | 00,594,600 | ---- | M] ( )
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -> [2009/02/11 11:06:36 | 00,210,216 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2009/03/25 17:25:20 | 00,797,864 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -> [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006/11/02 09:34:14 | 00,000,000 | ---D | M]
(MSK80Service) McAfee Anti-Spam Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -> [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.)
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2008/01/20 22:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Recovery Service for Windows) Recovery Service for Windows [Win32_Own | Auto | Running] -> C:\Program Files (x86)\SMINST\BLService.exe -> [2008/10/06 12:54:52 | 00,365,952 | ---- | M] ()
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -> [2008/06/29 19:10:18 | 00,241,734 | ---- | M] ()
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006/11/02 02:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006/11/02 02:35:15 | 00,055,846 | ---- | M] ()
 
[Driver Services - Safe List]
64bit-(Accelerometer) HP Accelerometer [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Accelerometer.sys -> [2008/03/27 16:10:14 | 00,040,296 | ---- | M] ()
64bit-(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\agrsm64.sys -> [2008/02/29 19:59:32 | 01,252,352 | ---- | M] ()
64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\athrx.sys -> [2008/04/27 15:09:18 | 01,133,568 | ---- | M] ()
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\atikmdag.sys -> [2008/09/17 01:01:26 | 04,709,888 | ---- | M] ()
64bit-(AtiPcie) ATI PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\AtiPcie.sys -> [2008/04/28 05:25:06 | 00,016,400 | ---- | M] ()
64bit-(BthEnum) Bluetooth Request Block Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\BthEnum.sys -> [2008/10/23 04:02:23 | 00,026,624 | ---- | M] ()
64bit-(BthPan) Bluetooth Device (Personal Area Network) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\bthpan.sys -> [2008/01/20 22:47:02 | 00,115,712 | ---- | M] ()
64bit-(BTHPORT) Bluetooth Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\BTHport.sys -> [2008/10/23 04:02:23 | 00,694,784 | ---- | M] ()
64bit-(BTHUSB) Bluetooth Radio USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\BTHUSB.sys -> [2008/10/23 04:02:23 | 00,035,840 | ---- | M] ()
64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CmBatt.sys -> [2008/01/20 22:46:51 | 00,017,792 | ---- | M] ()
64bit-(enecir) ENE CIR Receiver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\enecir.sys -> [2008/01/24 09:24:24 | 00,060,928 | ---- | M] ()
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -> [2009/03/19 16:34:18 | 00,029,544 | ---- | M] ()
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/02 01:28:10 | 00,273,920 | ---- | M] ()
64bit-(hpdskflt) HP Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\hpdskflt.sys -> [2008/03/27 16:10:56 | 00,026,984 | ---- | M] ()
64bit-(HpqKbFiltr) HpqKbFilter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -> [2007/06/18 20:13:12 | 00,018,432 | ---- | M] ()
64bit-(JMCR) JMCR [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\jmcr.sys -> [2008/07/21 06:53:04 | 00,145,496 | ---- | M] ()
64bit-(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\SysNative\DRIVERS\Lbd.sys -> [2009/06/04 22:01:32 | 00,068,640 | ---- | M] ()
64bit-(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfeavfk.sys -> [2009/03/25 11:06:22 | 00,102,600 | ---- | M] ()
64bit-(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mfehidk.sys -> [2009/03/25 11:06:22 | 00,307,400 | ---- | M] ()
64bit-(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mferkdk.sys -> [2009/03/25 10:59:38 | 00,040,904 | ---- | M] ()
64bit-(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfesmfk.sys -> [2009/03/25 11:06:22 | 00,049,480 | ---- | M] ()
64bit-(MPFP) MPFP [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\Mpfp.sys -> [2008/10/23 13:08:54 | 00,176,144 | ---- | M] ()
64bit-(NETw3v64) Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\NETw3v64.sys -> [2008/01/20 22:46:57 | 03,154,432 | ---- | M] ()
64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\PxHlpa64.sys -> [2009/04/15 20:20:13 | 00,052,856 | ---- | M] ()
64bit-(RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\rfcomm.sys -> [2008/10/23 04:02:23 | 00,178,688 | ---- | M] ()
64bit-(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Rtlh64.sys -> [2008/02/14 10:56:14 | 00,160,768 | ---- | M] ()
64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\sdbus.sys -> [2008/01/20 22:46:55 | 00,111,104 | ---- | M] ()
64bit-(STHDA) IDT High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\stwrt64.sys -> [2008/09/26 15:14:14 | 00,465,408 | ---- | M] ()
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\SynTP.sys -> [2008/01/18 07:31:30 | 00,320,560 | ---- | M] ()
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbaapl64.sys -> [2009/03/05 23:59:00 | 00,044,544 | ---- | M] ()
64bit-(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaudio.sys -> [2008/01/20 22:47:04 | 00,098,816 | ---- | M] ()
64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\usbfilter.sys -> [2008/05/28 18:54:18 | 00,026,168 | ---- | M] ()
64bit-(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\usbvideo.sys -> [2008/01/20 22:47:27 | 00,168,704 | ---- | M] ()
64bit-(yukonx64) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\yk60x64.sys -> [2006/10/03 21:45:36 | 00,273,408 | ---- | M] ()
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWow64\Wbem\mpsdrv.mof -> [2006/09/18 17:35:23 | 00,001,088 | ---- | M] ()
(pfc) Padus ASPI Shell [Kernel | On_Demand | Stopped] -> C:\Windows\SysWow64\drivers\pfc.sys -> [2006/05/23 17:00:26 | 00,010,368 | ---- | M] (Padus, Inc.)
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -> [2009/05/26 10:05:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -> [2009/05/26 10:05:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -> [2009/05/26 10:05:52 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> C:\Windows\SysWow64\Wbem\tcpip.mof -> [2006/09/18 17:36:40 | 00,003,066 | ---- | M] ()
({55662437-DA8C-40c0-AADA-2C816A897A49}) {55662437-DA8C-40c0-AADA-2C816A897A49} [Kernel | Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -> [2008/09/26 06:36:34 | 00,027,632 | ---- | M] (Cyberlink Corp.)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 06:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 06:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\] > -> -> 
HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb -> 
HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Cindy\AppData\Roaming\Mozilla\FireFox\Profiles\0nuysqe0.default\prefs.js -> 
browser.search.defaultenginename -> "Yahoo" ->
browser.search.defaulturl -> "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=" ->
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage -> "http://www.yahoo.com/" ->
extensions.enabledItems -> {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.4.0 ->
extensions.enabledItems -> {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1 ->
extensions.enabledItems -> {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> moveplayer@movenetworks.com:7 ->
extensions.enabledItems -> {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.1.0.3900 ->
extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 ->
extensions.enabledItems -> treestyletab@piro.sakura.ne.jp:0.7.2009051501 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 ->
extensions.enabledItems -> {7ef7f4d6-947d-11dc-8314-0800200c9a66}:3.0.1 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 ->
< FireFox Settings [User.js] > -> C:\Users\Cindy\AppData\Roaming\Mozilla\FireFox\Profiles\0nuysqe0.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR] -> [2009/06/24 17:18:25 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2009/05/15 15:44:44 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91} -> C:\PROGRAM FILES (X86)\INTERNET SAVING OPTIMIZER\3.1.0.3900\FF [C:\PROGRAM FILES (X86)\INTERNET SAVING OPTIMIZER\3.1.0.3900\FF] -> [2009/06/01 19:34:30 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} -> C:\PROGRAM FILES (X86)\MEDIA ACCESS STARTUP\1.0.0.610\FF -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/06/24 03:01:32 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009/06/15 11:44:29 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009/06/15 11:44:29 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Users\Cindy\AppData\Roaming\mozilla\Extensions -> [2009/02/20 15:16:22 | 00,000,000 | ---D | M]
 -> C:\Users\Cindy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/02/20 15:16:22 | 00,000,000 | ---D | M]
 -> C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions -> [2009/06/28 18:07:35 | 00,101,585 | ---- | M] ()
 -> C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} -> [2009/06/28 18:07:35 | 00,101,585 | ---- | M] ()
 -> C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/06/28 18:07:35 | 00,101,585 | ---- | M] ()
 -> C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2009/06/28 18:07:35 | 00,101,585 | ---- | M] ()
 -> C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca} -> [2009/06/28 18:07:35 | 00,101,585 | ---- | M] ()
 -> C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/06/28 18:07:35 | 00,101,585 | ---- | M] ()
 -> C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66} -> [2009/06/28 18:07:35 | 00,101,585 | ---- | M] ()
 -> C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2009/06/28 18:07:35 | 00,101,585 | ---- | M] ()
 -> C:\Users\Cindy\AppData\Roaming\mozilla\Firefox\Profiles\0nuysqe0.default\extensions\treestyletab@piro.sakura.ne.jp -> [2009/06/28 18:07:35 | 00,101,585 | ---- | M] ()
< FireFox SearchPlugins [User Folders] > -> 
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009/06/15 11:44:29 | 09,777,144 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/06/15 11:44:29 | 09,777,144 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/06/15 11:44:29 | 09,777,144 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components -> [2009/06/15 11:44:29 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/06/15 11:44:26 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/06/15 11:44:26 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins -> [2009/06/15 11:44:29 | 00,000,000 | ---D | M]
npdeploytk.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npnul32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/06/15 11:44:27 | 00,065,528 | ---- | M] (mozilla.org)
nppdf32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/06/02 17:56:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/06/02 17:56:32 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/06/02 17:56:33 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/06/02 17:56:33 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/06/02 17:56:33 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/06/02 17:56:34 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/06/02 17:56:34 | 00,143,360 | ---- | M] (Apple Inc.)
NPTURNMED.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\NPTURNMED.dll -> [2009/03/05 01:31:13 | 00,221,184 | ---- | M] (CNN)
QuickTimePlugin.class -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/06/02 17:56:32 | 00,004,208 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins -> [2009/06/12 18:53:22 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/01/19 19:28:04 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/01/19 19:28:04 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/01/19 19:28:04 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/01/19 19:28:04 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/01/19 19:28:04 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/01/19 19:28:04 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/01/19 19:28:04 | 00,000,792 | ---- | M] ()
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1	   localhost
::1			 localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll [McAfee Phishing Filter] -> [2009/01/09 09:22:10 | 00,337,424 | ---- | M] ()
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/03/25 10:59:38 | 00,060,224 | ---- | M] (McAfee, Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/02/13 12:45:04 | 00,200,208 | ---- | M] ()
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 06:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{25B8D58C-B0CB-46b0-BA64-05B3804E4E86} [HKLM] -> C:\Program Files (x86)\Media Access Startup\1.0.0.610\HPIEAddOn.dll [Media Access Startup] -> File not found
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files (x86)\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2009/01/09 09:22:10 | 00,246,800 | ---- | M] ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2009/05/15 15:44:43 | 00,312,928 | ---- | M] (RealPlayer)
{35B8D58C-B0CB-46b0-BA64-05B3804E4E86} [HKLM] -> C:\Program Files (x86)\Internet Saving Optimizer\3.1.0.3900\NPIEAddOn.dll [NP Helper Class] -> [2009/05/11 16:56:00 | 00,184,320 | ---- | M] ()
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/03/25 11:05:56 | 00,062,784 | ---- | M] (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/06/01 19:32:43 | 00,259,696 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/04/16 09:34:11 | 00,668,656 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/02/13 12:44:56 | 00,150,032 | ---- | M] ()
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> [2009/06/01 19:32:42 | 00,470,512 | ---- | M] (Google Inc.)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2008/08/28 23:09:08 | 00,086,032 | ---- | M] (Microsoft Corp.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 06:47:42 | 00,160,496 | ---- | M] (Yahoo! Inc)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/02/13 12:45:04 | 00,200,208 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2008/08/28 23:09:08 | 00,086,032 | ---- | M] (Microsoft Corp.)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/06/01 19:32:43 | 00,259,696 | ---- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 06:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\] > -> HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/06/01 19:32:43 | 00,259,696 | ---- | M] (Google Inc.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"EzPrint" -> C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe ["C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe"] -> [2007/04/29 23:57:42 | 00,103,344 | ---- | M] (Lexmark International Inc.)
"LXCGCATS" -> C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCGtime.DLL [rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCGtime.dll,RunDLLEntry] -> [2007/02/22 07:02:24 | 00,028,672 | ---- | M] ()
"lxcgmon.exe" -> C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe ["C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe"] -> [2007/04/29 23:55:32 | 00,205,744 | ---- | M] (Lexmark International, Inc.)
"lxdpmon.exe" -> C:\Program Files (x86)\Lexmark Z2300 Series\lxdpmon.exe ["C:\Program Files (x86)\Lexmark Z2300 Series\lxdpmon.exe"] -> [2008/03/27 04:15:24 | 00,656,040 | ---- | M] ()
"SmartMenu" -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe] -> [2008/09/23 15:03:38 | 00,912,688 | ---- | M] (Hewlett-Packard)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2008/01/18 07:31:28 | 01,220,392 | ---- | M] (Synaptics, Inc.)
"SysTrayApp" -> C:\Program Files\IDT\WDM\sttray64.exe [%ProgramFiles%\IDT\WDM\sttray64.exe] -> [2008/09/26 15:14:10 | 00,441,344 | ---- | M] (IDT, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 22:47:32 | 01,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)
"Ad-Watch" -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe ["C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"] -> [2009/06/18 21:59:24 | 00,518,488 | ---- | M] (Lavasoft)
"AppleSyncNotifier" -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2009/05/13 20:58:04 | 00,177,472 | ---- | M] (Apple Inc.)
"Belkin Storage Manager" -> C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe ["C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe"] -> [2008/08/30 02:37:22 | 00,855,040 | ---- | M] (Belkin International, Inc.)
"CLMLServer for HP TouchSmart" -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe ["C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"] -> [2008/09/25 22:42:24 | 00,189,736 | ---- | M] (CyberLink)
"DVDAgent" -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe ["C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"] -> [2008/09/26 06:36:40 | 01,148,200 | ---- | M] (CyberLink Corp.)
"HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/06/16 11:03:20 | 00,075,008 | ---- | M] (Hewlett-Packard)
"HP Software Update" -> C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 19:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"hpWirelessAssistant" -> C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe] -> [2008/04/15 17:51:00 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"] -> [2009/05/30 12:30:26 | 00,292,136 | ---- | M] (Apple Inc.)
"mcagent_exe" -> C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe ["C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/03/25 17:25:20 | 00,645,328 | ---- | M] (McAfee, Inc.)
"McENUI" -> C:\Program Files (x86)\McAfee\MHN\McENUI.exe [C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide] -> [2009/01/09 14:41:12 | 01,176,808 | ---- | M] (McAfee, Inc.)
"PhotoExplosionCalCheck" -> C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe [C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe] -> [2006/05/10 13:32:32 | 00,069,632 | ---- | M] (Ulead Systems, Inc.)
"QlbCtrl.exe" ->  ["C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start] -> File not found
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"ReminderApp" -> C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe [C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe] -> [2007/08/25 02:03:20 | 00,185,664 | ---- | M] ()
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2008/08/01 19:23:08 | 00,061,440 | ---- | M] (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2009/05/15 15:44:20 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
"TSMAgent" -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe ["C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"] -> [2008/09/25 22:41:44 | 01,152,296 | ---- | M] (CyberLink Corp.)
"UCam_Menu" -> C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"] -> [2008/06/13 22:11:32 | 00,210,216 | ---- | M] (CyberLink Corp.)
"UpdateLBPShortCut" -> C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"] -> [2008/06/13 21:11:32 | 00,210,216 | ---- | M] (CyberLink Corp.)
"UpdateP2GoShortCut" -> C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2008/06/13 21:11:32 | 00,210,216 | ---- | M] (CyberLink Corp.)
"UpdatePDIRShortCut" -> C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"] -> [2008/06/13 21:11:32 | 00,210,216 | ---- | M] (CyberLink Corp.)
"UpdatePSTShortCut" -> C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"] -> [2008/09/26 13:15:54 | 00,210,216 | ---- | M] (CyberLink Corp.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 22:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 22:47:52 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 22:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 22:47:52 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\] > -> HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"EA Core" -> C:\Program Files (x86)\Electronic Arts\EADM\Core.exe ["C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent] -> [2009/02/06 14:17:38 | 03,325,952 | ---- | M] (Electronic Arts)
"ehTray.exe" -> C:\Windows\ehome\ehTray.exe [C:\Windows\ehome\ehTray.exe] -> [2008/01/20 22:51:33 | 00,138,240 | ---- | M] (Microsoft Corporation)
"HPAdvisor" -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN] -> [2008/09/30 19:56:04 | 00,972,080 | ---- | M] (Hewlett-Packard)
"LightScribe Control Panel" -> C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden] -> [2008/06/09 14:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company)
"SUPERAntiSpyware" -> C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2009/05/26 10:05:52 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com)
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/03/02 19:22:39 | 00,039,408 | ---- | M] (Google Inc.)
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"ForceActiveDesktopOn" ->  [0] -> File not found
\\"NoActiveDesktopChanges" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\] > -> HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\] > -> HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> C:\Windows\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner] -> [2009/01/05 15:44:10 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\] > -> HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\] > -> HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab [BDSCANONLINE Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{2B8C2B34-9CB4-4020-AFF6-84C7A5E96FA9}\\DhcpNameServer -> 192.168.2.1 192.168.2.1   (Atheros AR5007 802.11b/g WiFi Adapter) -> 
{BB6E0358-E195-40FB-BCD2-AC24C5161803}\\DhcpNameServer -> 172.25.1.64 172.25.1.65 172.25.0.28   (Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:49:22 | 03,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll -> [2008/12/22 12:05:34 | 00,356,352 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{396477C0-F045-47ED-8828-8D63B7F37B45} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
{3BF84B39-A0E8-48D3-B30D-724D27AD8AE4} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{4B861FCE-93DC-4B32-B5BC-483D6A902C38} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
{79654833-97A5-4B2E-BEAF-BEB9057F4F4E} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
{832A7912-B9F6-4363-85C5-3715B6D448EF} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{A432912B-C5F4-455C-B386-A4F61F437224} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{AE680FED-CFC0-42E0-B707-89542DC0CDB0} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
{BEEF66A3-678B-4691-9F10-D115C3E3D6C0} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{E63BE57B-00A4-4B55-B921-68990BD4E0CD} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{FC880021-DD71-45F7-8899-86A20B424DF3} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{08C87972-A019-45C7-A96A-CF6DFB57173E} -> dir=in | action=allow | name=quick play resident program | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | 
{12DD5BC1-62F6-4D76-A5EC-85B19F20C023} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
{2C55E06E-C19E-4520-84C1-007E748BE97E} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
{2D720E0B-FB17-4C8A-9F86-B55938CFA8A9} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
{346930CB-C200-4E73-853C-FC5FE1A126D8} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
{36BB79AC-A78C-43C8-B1D8-E8A8DD992A9E} -> profile=domain | dir=in | action=allow | name=mcafee network agent | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
{377EB26B-48B1-4510-805C-183F2C469658} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
{4395BC14-2273-4B12-B065-46E4DC95EB40} -> profile=private | protocol=17 | dir=in | action=allow | name=2300 series server | app=c:\windows\syswow64\lxcgcoms.exe | 
{4AB557C5-7D7A-4726-BC82-8B2E3DB54BFD} -> profile=private | protocol=17 | dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxdpcoms.exe | 
{4D177681-6CB8-41AF-88EE-02C3D1073B56} -> profile=private | protocol=17 | dir=in | action=allow | name=z2300 series server | app=c:\windows\syswow64\lxdpcoms.exe | 
{5246886C-AE1C-4EDE-B798-7F354C8D4C02} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
{59CAD699-BC8F-47BA-B15E-E1F00547633A} -> dir=in | action=allow | name=quick play | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | 
{5A368A94-73E3-4996-B1C5-92036FB56754} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{5AD58A42-D5AF-44C8-8F26-F74F94407C43} -> profile=public | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{677B898D-6119-4DBF-BF4E-F9387CBBFA96} -> profile=private | protocol=6 | dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxdpcoms.exe | 
{6E2114F0-46AF-4531-A9E8-8D51AC17C725} -> profile=private | protocol=17 | dir=in | action=allow | name=printer status window | app=c:\windows\system32\spool\drivers\x64\3\lxcgpswx.exe | 
{8820A505-1039-4625-B3C8-1B0C320F91FA} -> profile=private | protocol=17 | dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxcgcoms.exe | 
{88C9CE10-F5CD-4FF5-A269-372155CBA0B3} -> profile=private | protocol=6 | dir=in | action=allow | name=z2300 series server | app=c:\windows\syswow64\lxdpcoms.exe | 
{94519A8F-B812-4027-BACE-D8D242C71B0A} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
{9B05EDC3-D05E-4F54-B816-10B8D35ED14F} -> profile=private | protocol=6 | dir=in | action=allow | name=2300 series server | app=c:\windows\syswow64\lxcgcoms.exe | 
{A7727452-6300-4E7A-A038-108D61464B68} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
{AC675864-A7E3-41A6-A37F-1D084E1F32E2} -> profile=public | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
{ACC73245-BEC9-4C1F-A849-587B34E9AB3B} -> profile=private | protocol=6 | dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxcgcoms.exe | 
{B472629C-B189-4552-921D-75F97900F22A} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{C67320E5-6D44-4EE6-BFF5-2A025A71DF6E} -> profile=public | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{C695ECBA-207E-45BB-BB99-E27D5064C60A} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{CA65D4CB-3C4E-4BFD-AD48-A31939FB78EE} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
{CC4766FB-90F3-4370-85CE-0E930BD301FE} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
{CD816C93-9CF3-48C3-9C3D-81516D97FF1E} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{CEFBEB74-20AF-4482-9994-A560377DE021} -> profile=private | protocol=6 | dir=in | action=allow | name=printer status window | app=c:\windows\system32\spool\drivers\x64\3\lxcgpswx.exe | 
{D1007414-DE96-4AF0-8D22-7F092F6AD5D0} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
{D16D1282-867A-466C-A2F8-41BDC384152F} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
{D40EE9AF-AA88-4B48-A2CE-88EE7D71E5CD} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{D48ED3EC-95CB-450E-910F-F1214D458F21} -> profile=public | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
{EB74096E-FF57-4EB4-8C38-60571FFB51E2} -> profile=public | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{F29E2FEE-BBE8-4AE5-B3C2-8F39326C85F9} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{F7741DCD-4120-4B03-9906-9956C9F32D1C} -> profile=public | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
TCP Query User{FE85B85D-0CED-477F-A38F-25B6C5C84ED7}C:\program files (x86)\belkin storage manager\storagemanager.exe -> profile=private | protocol=6 | dir=in | action=allow | name=belkin storage manager | app=c:\program files (x86)\belkin storage manager\storagemanager.exe | 
UDP Query User{18B2B8FB-6550-4CC6-9FC9-F08A197617ED}C:\program files (x86)\belkin storage manager\storagemanager.exe -> profile=private | protocol=17 | dir=in | action=allow | name=belkin storage manager | app=c:\program files (x86)\belkin storage manager\storagemanager.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/20 22:46:54 | 00,079,872 | ---- | M] ()
< Drives with AutoRun files > ->  -> 
E:\AUTORUN.INF [[autorun] | OPEN=SETUP.EXE | ICON=D2X.ICO | ] -> E:\AUTORUN.INF [ CDFS ] -> [2001/04/18 11:23:00 | 00,000,041 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{2b0cc5e3-fee2-11dd-aab7-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b0cc5e3-fee2-11dd-aab7-806e6f6e6963}\shell
\{2b0cc5e3-fee2-11dd-aab7-806e6f6e6963}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b0cc5e3-fee2-11dd-aab7-806e6f6e6963}\shell\AutoRun\command
\{2b0cc5e3-fee2-11dd-aab7-806e6f6e6963}\shell\AutoRun\command\\"" -> E:\SETUP.EXE [E:\SETUP.EXE] -> [2001/04/30 13:33:00 | 00,032,768 | R--- | M] ()
 
[Registry - Additional Scans - Safe List]
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.cpl [@ = cplfile] -> C:\Windows\SysNative\control.exe -> [2006/11/02 07:15:47 | 00,214,016 | ---- | M] ()
.exe [@ = exefile] -> "%1" %* -> 
.hlp [@ = hlpfile] -> C:\Windows\winhlp32.exe -> [2006/11/02 05:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation)
.html [@ = htmlfile] -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation)
.inf [@ = inffile] -> C:\Windows\SysNative\NOTEPAD.EXE -> [2008/01/20 22:48:30 | 00,169,472 | ---- | M] ()
.ini [@ = inifile] -> C:\Windows\SysNative\NOTEPAD.EXE -> [2008/01/20 22:48:30 | 00,169,472 | ---- | M] ()
.url [@ = InternetShortcut] -> C:\Windows\System32\ieframe.DLL -> [2009/05/09 01:34:26 | 11,064,832 | ---- | M] (Microsoft Corporation)
.js [@ = JSFile] -> C:\Windows\SysNative\WScript.exe -> [2008/10/23 04:18:52 | 00,166,912 | ---- | M] ()
.jse [@ = JSEFile] -> C:\Windows\SysNative\WScript.exe -> [2008/10/23 04:18:52 | 00,166,912 | ---- | M] ()
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
.txt [@ = txtfile] -> C:\Windows\SysNative\NOTEPAD.EXE -> [2008/01/20 22:48:30 | 00,169,472 | ---- | M] ()
.vbe [@ = VBEFile] -> C:\Windows\SysNative\WScript.exe -> [2008/10/23 04:18:52 | 00,166,912 | ---- | M] ()
.vbs [@ = VBSFile] -> C:\Windows\SysNative\WScript.exe -> [2008/10/23 04:18:52 | 00,166,912 | ---- | M] ()
.wsf [@ = WSFFile] -> C:\Windows\SysNative\WScript.exe -> [2008/10/23 04:18:52 | 00,166,912 | ---- | M] ()
.wsh [@ = WSHFile] -> C:\Windows\SysNative\WScript.exe -> [2008/10/23 04:18:52 | 00,166,912 | ---- | M] ()
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.cpl [@ = cplfile] -> C:\Windows\SysWow64\control.exe -> [2006/11/02 05:44:59 | 00,211,968 | ---- | M] (Microsoft Corporation)
.exe [@ = exefile] -> "%1" %* -> 
.hlp [@ = hlpfile] -> C:\Windows\winhlp32.exe -> [2006/11/02 05:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation)
.html [@ = htmlfile] -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* -> 
.reg [@ = regfile] -> C:\Windows\SysWow64\regedit.exe -> [2008/01/20 22:50:29 | 00,134,656 | ---- | M] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S -> 
< 64bit-Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> 
application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} [HKLM] -> C:\Windows\SysNative\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> [2008/07/27 14:01:52 | 00,406,528 | ---- | M] ()
application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} [HKLM] -> C:\Windows\SysNative\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> [2008/07/27 14:01:52 | 00,406,528 | ---- | M] ()
application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} [HKLM] -> C:\Windows\SysNative\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> [2008/07/27 14:01:52 | 00,406,528 | ---- | M] ()
deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} [HKLM] -> C:\Windows\SysNative\urlmon.dll[AP encoding/decoding Filters] -> [2009/05/09 02:37:53 | 01,484,288 | ---- | M] ()
gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} [HKLM] -> C:\Windows\SysNative\urlmon.dll[AP encoding/decoding Filters] -> [2009/05/09 02:37:53 | 01,484,288 | ---- | M] ()
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2008/10/25 08:34:10 | 00,108,920 | ---- | M] (Microsoft Corporation)
x-sdch:{B1759355-3EEC-4C1E-B0F1-B719FE26E377} [HKLM] -> Reg Error: Key error.[Reg Error: Key error.] -> File not found
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> 
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2008/10/25 09:27:54 | 00,044,408 | ---- | M] (Microsoft Corporation)
x-sdch:{B1759355-3EEC-4C1E-B0F1-B719FE26E377} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll[Google Dictionary Compression filter] -> [2009/06/01 19:32:42 | 00,470,512 | ---- | M] (Google Inc.)
< 64bit-Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} [HKLM] -> C:\Windows\SysNative\mshtml.dll[Microsoft HTML About Pluggable Protocol] -> [2009/05/09 02:20:37 | 09,234,432 | ---- | M] ()
cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} [HKLM] -> C:\Windows\SysNative\urlmon.dll[CDL: Asychronous Pluggable Protocol Handler] -> [2009/05/09 02:37:53 | 01,484,288 | ---- | M] ()
dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} [HKLM] -> C:\Windows\SysNative\msvidctl.dll[DVD: Pluggable Protocol] -> [2008/01/20 22:47:36 | 02,535,424 | ---- | M] ()
file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} [HKLM] -> C:\Windows\SysNative\urlmon.dll[file:, local: Asychronous Pluggable Protocol Handler] -> [2009/05/09 02:37:53 | 01,484,288 | ---- | M] ()
ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} [HKLM] -> C:\Windows\SysNative\urlmon.dll[ftp: Asychronous Pluggable Protocol Handler] -> [2009/05/09 02:37:53 | 01,484,288 | ---- | M] ()
http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} [HKLM] -> C:\Windows\SysNative\urlmon.dll[http: Asychronous Pluggable Protocol Handler] -> [2009/05/09 02:37:53 | 01,484,288 | ---- | M] ()
https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} [HKLM] -> C:\Windows\SysNative\urlmon.dll[https: Asychronous Pluggable Protocol Handler] -> [2009/05/09 02:37:53 | 01,484,288 | ---- | M] ()
its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} [HKLM] -> C:\Windows\SysNative\itss.dll[Microsoft InfoTech Protocols for IE 4.0] -> [2006/11/02 07:17:43 | 00,169,984 | ---- | M] ()
java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} [HKLM] -> C:\Windows\SysNative\mshtml.dll[Microsoft HTML Javascript Pluggable Protocol] -> [2009/05/09 02:20:37 | 09,234,432 | ---- | M] ()
local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} [HKLM] -> C:\Windows\SysNative\urlmon.dll[file:, local: Asychronous Pluggable Protocol Handler] -> [2009/05/09 02:37:53 | 01,484,288 | ---- | M] ()
mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} [HKLM] -> C:\Windows\SysNative\mshtml.dll[Microsoft HTML Mailto Pluggable Protocol] -> [2009/05/09 02:20:37 | 09,234,432 | ---- | M] ()
mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} [HKLM] -> C:\Windows\SysNative\inetcomm.dll[MHTML Asynchronous Pluggable Protocol Handler] -> [2008/10/23 04:15:38 | 00,974,848 | ---- | M] ()
mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} [HKLM] -> C:\Windows\SysNative\urlmon.dll[mk: Asychronous Pluggable Protocol Handler] -> [2009/05/09 02:37:53 | 01,484,288 | ---- | M] ()
ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} [HKLM] -> C:\Windows\SysNative\itss.dll[Microsoft InfoTech Protocols for IE 4.0] -> [2006/11/02 07:17:43 | 00,169,984 | ---- | M] ()
res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} [HKLM] -> C:\Windows\SysNative\mshtml.dll[Microsoft HTML Resource Pluggable Protocol] -> [2009/05/09 02:20:37 | 09,234,432 | ---- | M] ()
sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll[McAfee SACore Protocol Handler] -> [2009/02/13 12:45:04 | 00,200,208 | ---- | M] ()
tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} [HKLM] -> C:\Windows\SysNative\msvidctl.dll[TV: Pluggable Protocol] -> [2008/01/20 22:47:36 | 02,535,424 | ---- | M] ()
vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} [HKLM] -> C:\Windows\SysNative\mshtml.dll[Microsoft HTML Javascript Pluggable Protocol] -> [2009/05/09 02:20:37 | 09,234,432 | ---- | M] ()
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll[McAfee SACore Protocol Handler] -> [2009/02/13 12:44:56 | 00,150,032 | ---- | M] ()
< 64bit-Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"cval" ->  [1] -> File not found
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> -> 
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
\Svc\\"AntiVirusOverride" ->  [0] -> File not found
\Svc\\"AntiSpywareOverride" ->  [0] -> File not found
\Svc\\"FirewallOverride" ->  [0] -> File not found
\Svc\\"VistaSp1" ->  [9F 9E 16 8C DC 5B C8 01  [binary data]] -> File not found
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol\ -> -> 
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
\Svc\\"oobe_av" ->  [1] -> File not found
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->  [0] -> File not found
\\"DisableNotifications" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
64bit-NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -> C:\Windows\SysNative\NLAapi.dll -> [2008/01/20 22:50:27 | 00,061,440 | ---- | M] ()
64bit-NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -> C:\Windows\SysNative\napinsp.dll -> [2008/01/20 22:49:00 | 00,062,976 | ---- | M] ()
64bit-NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -> C:\Windows\SysNative\pnrpnsp.dll -> [2008/01/20 22:52:02 | 00,078,848 | ---- | M] ()
64bit-NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -> C:\Windows\SysNative\pnrpnsp.dll -> [2008/01/20 22:52:02 | 00,078,848 | ---- | M] ()
64bit-NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\wshtcpip.dll,-60103] -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
64bit-NameSpace_Catalog5\Catalog_Entries\000000000006 [NTDS] -> C:\Windows\SysNative\winrnr.dll -> [2008/01/20 22:48:07 | 00,027,648 | ---- | M] ()
64bit-NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] -> C:\Windows\SysNative\wshbth.dll -> [2008/10/23 04:02:24 | 00,045,056 | ---- | M] ()
64bit-Protocol_Catalog9\Catalog_Entries\000000000001 -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
64bit-Protocol_Catalog9\Catalog_Entries\000000000002 -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
64bit-Protocol_Catalog9\Catalog_Entries\000000000003 -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
64bit-Protocol_Catalog9\Catalog_Entries\000000000004 -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
64bit-Protocol_Catalog9\Catalog_Entries\000000000005 -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
64bit-Protocol_Catalog9\Catalog_Entries\000000000006 -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
64bit-Protocol_Catalog9\Catalog_Entries\000000000007 -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
64bit-Protocol_Catalog9\Catalog_Entries\000000000008 -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
64bit-Protocol_Catalog9\Catalog_Entries\000000000009 -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
64bit-Protocol_Catalog9\Catalog_Entries\000000000010 -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
64bit-Protocol_Catalog9\Catalog_Entries\000000000011 -> C:\Windows\SysNative\mswsock.dll -> [2008/01/20 22:50:56 | 00,304,128 | ---- | M] ()
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -> C:\Windows\SysWow64\NLAapi.dll -> [2008/01/20 22:51:08 | 00,048,128 | ---- | M] (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -> C:\Windows\SysWow64\napinsp.dll -> [2008/01/20 22:49:49 | 00,050,176 | ---- | M] (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -> C:\Windows\SysWow64\pnrpnsp.dll -> [2008/01/20 22:52:02 | 00,062,464 | ---- | M] (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -> C:\Windows\SysWow64\pnrpnsp.dll -> [2008/01/20 22:52:02 | 00,062,464 | ---- | M] (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] -> C:\Windows\SysWow64\wshbth.dll -> [2008/10/23 04:02:34 | 00,034,816 | ---- | M] (Microsoft Corporation)
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
ldap -> 4 = Restricted sites (Not a Default Protocol) -> 
news -> 4 = Restricted sites (Not a Default Protocol) -> 
nntp -> 4 = Restricted sites (Not a Default Protocol) -> 
oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 
snews -> 4 = Restricted sites (Not a Default Protocol) -> 
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
@ivt -> @ivt protocol not assigned -> 
file -> file protocol not assigned -> 
ftp -> ftp protocol not assigned -> 
http -> http protocol not assigned -> 
https -> https protocol not assigned -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
@ivt -> @ivt protocol not assigned -> 
file -> file protocol not assigned -> 
ftp -> ftp protocol not assigned -> 
http -> http protocol not assigned -> 
https -> https protocol not assigned -> 
shell -> shell protocol not assigned -> 
< 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{071c9b48-7c32-4621-a0ac-3f809523288f} -> Microsoft Visual C++ 2005 Redistributable (x64)
{2F97CE84-9C33-4631-821B-85EA371EA254} -> ProtectSmart Hard Drive Protection
{4BAD5736-35B9-F84D-9E1A-597F1B78FF44} -> ccc-utility64
{4FFA2088-8317-3B14-93CD-4C699DB37843} -> Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A} -> Microsoft Visual C++ 2005 Redistributable (x64)
{7510991E-FE80-7466-2E31-561B52059618} -> ATI Catalyst Install Manager
{7F6C6990-E99A-4835-8861-BA0E319EA074} -> iTunes
{8220EEFE-38CD-377E-8595-13398D740ACE} -> Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
{8742BB08-952C-452B-A090-940E136B848D} -> MobileMe Control Panel
{90120000-002A-0000-1000-0000000FF1CE} -> Microsoft Office Office 64-bit Components 2007
{90120000-002A-0409-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit MUI (English) 2007
{90120000-0116-0409-1000-0000000FF1CE} -> Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D2F7994F-661E-46D1-A1DF-67F2887AAA7E} -> HP MediaSmart SmartMenu
{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD} -> Bonjour
{DE4ACC36-9BF6-4466-B3C7-2EE1615EBC68} -> Apple Mobile Device Support
Agere Systems Soft Modem -> Agere Systems HDA Modem
Lexmark 2300 Series -> Lexmark 2300 Series
Lexmark Z2300 Series -> Lexmark Z2300 Series
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
SynTPDeinstKey -> Synaptics Pointing Device Driver
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{004B0DCB-4C60-465B-8F01-44B0A4111187} -> SlingPlayer
{0054A0F6-00C9-4498-B821-B5C9578F433E} -> HP Help and Support
{01FB4998-33C4-4431-85ED-079E3EEFE75D} -> HP MediaSmart Webcam
{07E785BF-510A-AA43-084E-FF06B3CE8C4C} -> CCC Help Chinese Standard
{082702D5-5DD8-4600-BCE5-48B15174687F} -> HP Doc Viewer
{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB} -> LightScribe System Software  1.14.17.1
{1034BE34-1569-4889-831D-C2C3F2CB2F73} -> Photo Explosion Deluxe 3.0
{129EE758-124A-593C-1EBE-9A2D3A100316} -> Catalyst Control Center Localization Czech
{13515135-48BB-4184-8C1F-2FAE0138E200} -> TBS WMP Plug-in
{13C300AF-179C-7350-77E0-61D5566AF864} -> Catalyst Control Center Graphics Full New
{149BBCB8-674F-48D2-969C-9D0EA88DA7D6} -> HP User Guides 0129
{1545BCD9-DC1A-579C-FB16-170FBE27101D} -> Catalyst Control Center Localization French
{154A4184-1A3D-4BF9-A5AE-4FA1660445F3} -> HP Total Care Advisor
{159B866E-596E-2428-03DD-FF19A8495791} -> CCC Help Finnish
{15BC8CD0-A65B-47D0-A2DD-90A824590FA8} -> Microsoft Works
{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 -> Media Access Startup
{1740C09B-7E44-D6D5-3694-EA668878B42D} -> CCC Help Swedish
{178B8E49-2A8E-398E-259B-273311195950} -> Catalyst Control Center Localization Chinese Traditional
{18455581-E099-4BA8-BC6B-F34B2F06600C} -> Google Toolbar for Internet Explorer
{1A16E615-CA3F-3F53-EF0E-AA8B5C20294A} -> CCC Help Spanish
{1E98933B-FAA4-9E26-10E4-4EB58F4C6158} -> CCC Help Turkish
{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 -> Internet Saving Optimizer
{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> CyberLink DVD Suite
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{24457508-7194-C5D8-FA37-95AA7E8461A9} -> Catalyst Control Center Localization Norwegian
{254C37AA-6B72-4300-84F6-98A82419187E} -> Hewlett-Packard Active Check for Health Check
{26604C7E-A313-4D12-867F-7C6E7820BE4C} -> JMicron JMB38X Flash Media Controller
{26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 13
{30D3B7BC-5798-45D9-822D-05CA18F39E99} -> HPTCSSetup
{32224A1F-AEC1-739A-5D30-537AB4495CA6} -> CCC Help Japanese
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
{34642316-CC37-4A01-9C14-014E283346C5} -> Catalyst Control Center Graphics Previews Common
{34D2AB40-150D-475D-AE32-BD23FB5EE355} -> HP Quick Launch Buttons 6.40 H2
{352310C3-E46B-42D3-8F32-54721FDD72D9} -> NetZero Preloader
{3604540D-3537-F7FA-726D-F1E60AEC29B4} -> CCC Help Dutch
{3877C901-7B90-4727-A639-B6ED2DD59D43} -> ESU for Microsoft Vista
{39ABC33D-45D6-6ED0-4D64-681F71A1B8E9} -> Skins
{40BF1E83-20EB-11D8-97C5-0009C5020658} -> Power2Go
{415B2719-AD3A-4944-B404-C472DB6085B3} -> Cisco EAP-FAST Module
{45A136EC-88BF-4B95-99F5-C45D3930E1CC} -> HP MULTIPLE MODEM INSTALLER for VISTA
{558FF444-F562-4E4C-98BD-7B20EE184D2E} -> Catalyst Control Center - Branding
{55D6B4DA-50E9-47AF-99C1-9A8E3A234763} -> Greeting Card Factory Deluxe 7.0
{561F720C-344E-3684-8091-ADC65B5A1C1D} -> CCC Help Czech
{563E6B6A-A8E6-8EEA-23D5-C7B277E0E59B} -> CCC Help Italian
{57A5AEC1-97FC-474D-92C4-908FCC2253D4} -> HP Customer Experience Enhancements
{5A793900-4ABA-A304-6BAC-D53DAC45E051} -> CCC Help Russian
{5BAF6C19-B082-397F-808B-68BCE9443BD8} -> Catalyst Control Center Localization Polish
{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5} -> HP Active Support Library
{6423EF83-6E1D-4D22-A36F-689CD19FD4D2} -> Juno Preloader
{65DA2EC9-0642-47E9-AAE2-B5267AA14D75} -> Activation Assistant for the 2007 Microsoft Office suites
{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E} -> Cisco PEAP Module
{669D4A35-146B-4314-89F1-1AC3D7B88367} -> Hewlett-Packard Asset Agent for Health Check
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6A370610-3778-44AF-9AAC-69B2FD1A3356} -> Microsoft Live Search Toolbar
{6E50E217-16CA-52FE-805C-A2B28DA5B4DC} -> CCC Help Korean
{70188CEB-B52D-E085-47FF-D6CADF0D855C} -> Catalyst Control Center Localization Korean
{71E655A4-3023-A61A-B325-DDB889CBD365} -> ccc-core-static
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{72F7ED33-5F14-1009-5517-30DBEA2C1681} -> Catalyst Control Center Graphics Light
{775A633A-DDE9-55D5-16C1-33702198ACF4} -> Catalyst Control Center Localization German
{77DCDCE3-2DED-62F3-8154-05E745472D07} -> Acrobat.com
{7933FCE0-2C5C-2026-3E9D-7538A4C6CE67} -> CCC Help Portuguese
{79719B38-DB69-9384-A52C-EA873A218072} -> Catalyst Control Center Localization Russian
{79B44DF5-311C-99EC-470A-6558280DDBA4} -> CCC Help Polish
{7B798B31-2F33-4DC8-BDA4-D36488E86636} -> Slingbox - Watch Your TV Anywhere
{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97} -> Age of Empires III
{7D512381-4BE8-AA6B-6D72-50A50DFF3C7B} -> Catalyst Control Center Localization Spanish
{7F753BCE-0775-A20F-C570-B35FABC3E5A6} -> CCC Help Hungarian
{80161382-D1D4-A6B8-7972-1946882556C7} -> Catalyst Control Center Core Implementation
{83770D14-21B9-44B3-8689-F7B523F94560} -> Cisco LEAP Module
{86F167DF-4007-A205-B420-BA5FFC6848D0} -> CCC Help Danish
{8833FFB6-5B0C-4764-81AA-06DFEED9A476} -> Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{903B9154-FA33-61C4-5DBF-E22DB6CD02E4} -> Catalyst Control Center Localization Dutch
{91120000-002F-0000-0000-0000000FF1CE} -> Microsoft Office Home and Student 2007
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{94369BC3-9ED5-9E95-F5AC-A5D747AFD50E} -> Catalyst Control Center Localization Thai
{95120000-00AF-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (English)
{99543043-20E1-5C4C-02E9-4579AA3E407C} -> Catalyst Control Center Graphics Previews Vista
{9ADABDDE-9644-461B-9E73-83FA3EFCAB50} -> HP Wireless Assistant
{9DF0196F-B6B8-4C3A-8790-DE42AA530101} -> SPORE
{A0E723B5-F219-1BA4-8E0F-E40AEF252CCB} -> Catalyst Control Center Localization Hungarian
{A2BCA9F1-566C-4805-97D1-7FDC93386723} -> Adobe AIR
{A3AB35FA-943E-4799-99DC-46EFD59E998F} -> AMD USB Audio Driver Filter
{A5AACBDB-7E50-6374-B1CA-BCC6DF7224C0} -> Catalyst Control Center Localization Greek
{A6C6F036-951A-532F-8BBE-D584E74C728E} -> CCC Help English
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AC76BA86-7AD7-1033-7B44-A91000000001} -> Adobe Reader 9.1.2
{AD0CC7C0-2C63-1067-4F50-02F505D1D225} -> CCC Help Chinese Traditional
{AD1963C9-501D-785F-8ADF-12668D9D7D6C} -> Catalyst Control Center Localization Finnish
{B2EE25B9-5B00-4ACF-94F0-92433C28C39E} -> HP MediaSmart Music/Photo/Video
{B7382BC7-D988-F92B-9EA0-96A057DB9711} -> CCC Help French
{B9B03499-F61D-FBA7-AEDE-E6CDAE983F2D} -> Catalyst Control Center Localization Italian
{BAE19D51-2DC4-8154-DE72-EB78CAC7F08F} -> Catalyst Control Center Localization Swedish
{BCC02E43-8FD8-FEBF-4319-1FE6F8559645} -> HPDailySurprise
{C0B31026-FA56-5F14-71B4-E956C83E6853} -> Catalyst Control Center Localization Portuguese
{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B} -> Belkin Storage Manager
{C32CD965-A0AF-19B7-C5D5-D314876762A4} -> Catalyst Control Center Localization Chinese Standard
{C3A32068-8AB1-4327-BB16-BED9C6219DC7} -> Atheros Driver Installation Program
{C4ACD120-3F6C-D6C8-DC37-DDE0B77DCA2E} -> Catalyst Control Center Localization Japanese
{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 -> System Search Dispatcher
{C59C179C-668D-49A9-B6EA-0121CCFC1243} -> LabelPrint
{C5C649A8-1D21-4C83-9B08-7B3752E580F4} -> Safari
{C78EAC6F-7A73-452E-8134-DBB2165C5A68} -> QuickTime
{C88B6B79-A659-4DE5-0B4A-6FEEF9FA674F} -> Catalyst Control Center Graphics Full Existing
{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F} -> HP Update
{CB099890-1D5F-11D5-9EA9-0050BAE317E1} -> PowerDirector
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CB6075D9-F912-40AE-BEA6-E590DA24F16B} -> Adobe Photoshop Elements 7.0
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
{D7928776-A89D-C7DA-DAF3-9B7FB1D9FA76} -> CCC Help German
{DCCAD079-F92C-44DA-B258-624FC6517A5A} -> HP MediaSmart DVD
{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC} -> muvee Reveal
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
{DF5E415F-71F2-CA46-A83D-5D4118939852} -> Catalyst Control Center Localization Danish
{E1A4C03E-881C-128E-921C-A9D9F940E29F} -> Catalyst Control Center InstallProxy
{E2D528DA-70E6-D634-47C8-BF80B59CC7EE} -> CCC Help Norwegian
{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001} -> IDT Audio
{E7DEB529-C2EF-DD45-DB4A-FA94F553D71C} -> Catalyst Control Center Localization Turkish
{F1DC3E29-B4F1-7969-900E-376D258F1D1D} -> CCC Help Thai
{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
{FB4C6AF2-315B-B351-8DA9-54F752B519BB} -> CCC Help Greek
Activation Assistant for the 2007 Microsoft Office suites -> Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware -> Ad-Aware
Adobe AIR -> Adobe AIR
Adobe Flash Player 10 ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7 -> Adobe Photoshop Elements 7.0
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com
Diablo II -> Diablo II
EADM -> EA Download Manager
HijackThis -> HijackThis 2.0.2
HOMESTUDENTR -> Microsoft Office Home and Student 2007
InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187} -> SlingPlayer
InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} -> HP MediaSmart Webcam
InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200} -> TBS WMP Plug-in
InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> CyberLink DVD Suite
InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} -> Power2Go
InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97} -> Age of Empires III
InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E} -> HP MediaSmart Music/Photo/Video
InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} -> LabelPrint
InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} -> PowerDirector
InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A} -> HP MediaSmart DVD
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.11) -> Mozilla Firefox (3.0.11)
MSC -> McAfee SecurityCenter
RealPlayer 6.0 -> RealPlayer
ST6UNST #1 -> Gardener's Journal Premium 3.1
The Weather Channel Desktop 6 -> The Weather Channel Desktop 6
WebPost -> Microsoft Web Publishing Wizard 1.52
WildTangent hp Master Uninstall -> HP Games
Yahoo! Companion -> Yahoo! Toolbar
< Uninstall List [HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\] > -> HKEY_USERS\S-1-5-21-961268410-3947591333-2576278008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
GoToMeeting -> GoToMeeting 4.1.0.366
Move Media Player -> Move Media Player
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 6/15/2009 7:55:35 AM Computer Name = Cindy-PC | Source = Perflib | ID = 1023 -> Description = 
Application [ Error ] 6/15/2009 7:55:36 AM Computer Name = Cindy-PC | Source = Perflib | ID = 1008 -> Description = 
Application [ Error ] 6/15/2009 7:55:36 AM Computer Name = Cindy-PC | Source = Perflib | ID = 1023 -> Description = 
Application [ Error ] 6/15/2009 12:00:13 PM Computer Name = Cindy-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 6/15/2009 12:03:24 PM Computer Name = Cindy-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 6/15/2009 12:03:40 PM Computer Name = Cindy-PC | Source = EventSystem | ID = 4609 -> Description = 
Application [ Error ] 6/15/2009 12:55:30 PM Computer Name = Cindy-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 6/15/2009 5:27:38 PM Computer Name = Cindy-PC | Source = EventSystem | ID = 4621 -> Description = 
Application [ Error ] 6/15/2009 5:30:44 PM Computer Name = Cindy-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 6/15/2009 5:31:01 PM Computer Name = Cindy-PC | Source = EventSystem | ID = 4609 -> Description = 
Media Center [ Error ] 4/25/2009 1:30:34 PM Computer Name = Cindy-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
System [ Error ] 6/25/2009 8:17:59 AM Computer Name = Cindy-PC | Source = HTTP | ID = 15016 -> Description = 
System [ Error ] 6/25/2009 8:18:32 AM Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026 -> Description = 
System [ Error ] 6/25/2009 8:22:29 AM Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028) disappeared from the system without first being prepared for removal.
System [ Error ] 6/25/2009 8:22:29 AM Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228) disappeared from the system without first being prepared for removal.
System [ Error ] 6/25/2009 8:22:29 AM Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328) disappeared from the system without first being prepared for removal.
System [ Error ] 6/25/2009 8:22:29 AM Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428) disappeared from the system without first being prepared for removal.
System [ Error ] 6/26/2009 8:15:31 AM Computer Name = Cindy-PC | Source = Application Popup | ID = 1060 -> Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
System [ Error ] 6/26/2009 8:15:31 AM Computer Name = Cindy-PC | Source = Application Popup | ID = 1060 -> Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
System [ Error ] 6/26/2009 8:15:54 AM Computer Name = Cindy-PC | Source = HTTP | ID = 15016 -> Description = 
System [ Error ] 6/26/2009 8:16:29 AM Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026 -> Description = 
 
[Files/Folders - Created Within 30 Days]
BDOSCAN8 -> C:\Windows\BDOSCAN8 -> [2009/06/28 19:28:14 | 00,000,000 | ---D | C]
_OTS -> C:\_OTS -> [2009/06/28 18:57:04 | 00,000,000 | ---D | C]
Adobe -> C:\Users\Cindy\AppData\Local\Adobe -> [2009/06/27 14:24:16 | 00,000,000 | ---D | C]
IconCache.db -> C:\Users\Cindy\AppData\Local\IconCache.db -> [2009/06/25 08:16:14 | 02,239,634 | -H-- | C] ()
OTL.exe -> C:\Users\Cindy\Desktop\OTL.exe -> [2009/06/24 21:32:19 | 00,512,512 | ---- | C] (OldTimer Tools)
hiberfil.sys -> C:\hiberfil.sys -> [2009/06/24 17:02:34 | 40,242,62656 | -HS- | C] ()
dds(2).scr -> C:\Users\Cindy\Desktop\dds(2).scr -> [2009/06/24 16:48:08 | 00,359,893 | ---- | C] ()
Yahoo! -> C:\Users\Cindy\AppData\Roaming\Yahoo! -> [2009/06/22 18:37:46 | 00,000,000 | ---D | C]
Yahoo! Companion -> C:\ProgramData\Yahoo! Companion -> [2009/06/22 18:37:25 | 00,000,000 | ---D | C]
Yahoo! -> C:\Program Files (x86)\Yahoo! -> [2009/06/22 18:37:21 | 00,000,000 | ---D | C]
User_Feed_Synchronization-{D40B38C7-3BBE-46AF-9B87-AE2DE401F5C2}.job -> C:\Windows\tasks\User_Feed_Synchronization-{D40B38C7-3BBE-46AF-9B87-AE2DE401F5C2}.job -> [2009/06/22 18:35:35 | 00,000,422 | -H-- | C] ()
LDW -> C:\Users\Cindy\Documents\LDW -> [2009/06/21 11:42:52 | 00,000,000 | ---D | C]
ApplicationHistory -> C:\Users\Cindy\AppData\Local\ApplicationHistory -> [2009/06/21 11:34:50 | 00,000,000 | ---D | C]
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2009/06/18 19:27:00 | 00,721,824 | ---- | C] ()
URTTEMP -> C:\Windows\SysWow64\URTTEMP -> [2009/06/18 19:25:16 | 00,000,000 | ---D | C]
rsit -> C:\rsit -> [2009/06/18 10:00:57 | 00,000,000 | ---D | C]
RSIT.exe -> C:\Users\Cindy\Desktop\RSIT.exe -> [2009/06/17 23:24:04 | 00,781,909 | ---- | C] ()
kaspersky.html -> C:\Users\Cindy\Desktop\kaspersky.html -> [2009/06/17 00:15:20 | 00,002,920 | ---- | C] ()
kspersky error.html -> C:\Users\Cindy\Documents\kspersky error.html -> [2009/06/17 00:14:49 | 00,002,920 | ---- | C] ()
Sun -> C:\Windows\Sun -> [2009/06/16 16:09:10 | 00,000,000 | ---D | C]
Apple -> C:\Users\Cindy\AppData\Local\Apple -> [2009/06/16 16:03:44 | 00,000,000 | ---D | C]
DrWeb.csv -> C:\Users\Cindy\Desktop\DrWeb.csv -> [2009/06/15 12:53:26 | 00,000,342 | ---- | C] ()
DrWeb.csv -> C:\Users\Cindy\Documents\DrWeb.csv -> [2009/06/15 12:52:00 | 00,000,342 | ---- | C] ()
DoctorWeb -> C:\Users\Cindy\DoctorWeb -> [2009/06/15 12:07:35 | 00,000,000 | ---D | C]
s2845924.exe -> C:\Users\Cindy\Desktop\s2845924.exe -> [2009/06/15 11:49:47 | 14,427,984 | ---- | C] (Doctor Web, Ltd.)
tmp.reg -> C:\Windows\SysWow64\tmp.reg -> [2009/06/15 10:47:36 | 00,007,130 | ---- | C] ()
Process.exe -> C:\Windows\SysWow64\Process.exe -> [2009/06/15 10:46:25 | 00,053,248 | ---- | C] (http://www.beyondlogic.org)
SmitfraudFix -> C:\SmitfraudFix -> [2009/06/15 10:46:20 | 00,000,000 | ---D | C]
VCCLSID.exe -> C:\Windows\SysWow64\VCCLSID.exe -> [2009/06/15 08:46:02 | 00,289,144 | ---- | C] (S!Ri)
VACFix.exe -> C:\Windows\SysWow64\VACFix.exe -> [2009/06/15 08:46:02 | 00,087,552 | ---- | C] (S!Ri.URZ)
IEDFix.exe -> C:\Windows\SysWow64\IEDFix.exe -> [2009/06/15 08:46:02 | 00,082,944 | ---- | C] (S!Ri.URZ)
IEDFix.C.exe -> C:\Windows\SysWow64\IEDFix.C.exe -> [2009/06/15 08:46:02 | 00,082,944 | ---- | C] (S!Ri.URZ)
404Fix.exe -> C:\Windows\SysWow64\404Fix.exe -> [2009/06/15 08:46:02 | 00,082,432 | ---- | C] (S!Ri.URZ)
o4Patch.exe -> C:\Windows\SysWow64\o4Patch.exe -> [2009/06/15 08:46:02 | 00,080,384 | ---- | C] (S!Ri.URZ)
swxcacls.exe -> C:\Windows\SysWow64\swxcacls.exe -> [2009/06/15 08:46:02 | 00,079,360 | ---- | C] (SteelWerX)
Agent.OMZ.Fix.exe -> C:\Windows\SysWow64\Agent.OMZ.Fix.exe -> [2009/06/15 08:46:02 | 00,078,336 | ---- | C] (S!Ri.URZ)
WS2Fix.exe -> C:\Windows\SysWow64\WS2Fix.exe -> [2009/06/15 08:46:02 | 00,075,776 | ---- | C] ()
SrchSTS.exe -> C:\Windows\SysWow64\SrchSTS.exe -> [2009/06/15 08:46:01 | 00,288,417 | ---- | C] (S!Ri)
swreg.exe -> C:\Windows\SysWow64\swreg.exe -> [2009/06/15 08:46:01 | 00,135,168 | ---- | C] (SteelWerX)
dumphive.exe -> C:\Windows\SysWow64\dumphive.exe -> [2009/06/15 08:46:01 | 00,051,200 | ---- | C] ()
swsc.exe -> C:\Windows\SysWow64\swsc.exe -> [2009/06/15 08:46:01 | 00,040,960 | ---- | C] ()
Apple Computer -> C:\Users\Cindy\AppData\Local\Apple Computer -> [2009/06/14 14:42:00 | 00,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2009/06/14 12:53:00 | 00,000,000 | ---D | C]
SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2009/06/14 12:52:24 | 00,000,944 | ---- | C] ()
SUPERAntiSpyware.com -> C:\Users\Cindy\AppData\Roaming\SUPERAntiSpyware.com -> [2009/06/14 12:52:21 | 00,000,000 | ---D | C]
SUPERAntiSpyware -> C:\Program Files (x86)\SUPERAntiSpyware -> [2009/06/14 12:52:21 | 00,000,000 | ---D | C]
Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2009/06/14 12:51:00 | 00,000,000 | ---D | C]
EncDec.dll -> C:\Windows\SysNative\EncDec.dll -> [2009/06/14 00:13:01 | 00,558,592 | ---- | C] ()
psisrndr.ax -> C:\Windows\SysNative\psisrndr.ax -> [2009/06/14 00:12:58 | 00,289,792 | ---- | C] ()
EncDec.dll -> C:\Windows\SysWow64\EncDec.dll -> [2009/06/14 00:12:57 | 00,428,544 | ---- | C] (Microsoft Corporation)
psisdecd.dll -> C:\Windows\SysNative\psisdecd.dll -> [2009/06/14 00:12:57 | 00,375,808 | ---- | C] ()
psisdecd.dll -> C:\Windows\SysWow64\psisdecd.dll -> [2009/06/14 00:12:57 | 00,293,376 | ---- | C] (Microsoft Corporation)
psisrndr.ax -> C:\Windows\SysWow64\psisrndr.ax -> [2009/06/14 00:12:57 | 00,217,088 | ---- | C] (Microsoft Corporation)
mpg2splt.ax -> C:\Windows\SysNative\mpg2splt.ax -> [2009/06/14 00:12:56 | 00,227,328 | ---- | C] ()
mpg2splt.ax -> C:\Windows\SysWow64\mpg2splt.ax -> [2009/06/14 00:12:56 | 00,177,664 | ---- | C] (Microsoft Corporation)
MSNP.ax -> C:\Windows\SysNative\MSNP.ax -> [2009/06/14 00:12:56 | 00,101,376 | ---- | C] ()
MSNP.ax -> C:\Windows\SysWow64\MSNP.ax -> [2009/06/14 00:12:56 | 00,080,896 | ---- | C] (Microsoft Corporation)
VundoFix Backups -> C:\VundoFix Backups -> [2009/06/13 23:18:36 | 00,000,000 | ---D | C]
ProcessExplorer -> C:\Users\Cindy\Documents\ProcessExplorer -> [2009/06/12 22:22:39 | 00,000,000 | ---D | C]
Internet Saving Optimizer -> C:\Users\Cindy\AppData\Local\Internet Saving Optimizer -> [2009/06/12 19:14:21 | 00,000,000 | ---D | C]
HPDailySurprise -> C:\Program Files (x86)\HPDailySurprise -> [2009/06/12 19:02:58 | 00,000,000 | ---D | C]
HpDailySurprise.air -> C:\Users\Cindy\Desktop\HpDailySurprise.air -> [2009/06/12 19:02:21 | 00,430,854 | ---- | C] ()
Malwarebytes -> C:\Users\Cindy\AppData\Roaming\Malwarebytes -> [2009/06/11 15:51:03 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/06/11 15:51:01 | 00,000,848 | ---- | C] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009/06/11 15:50:58 | 00,040,160 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009/06/11 15:50:57 | 00,022,040 | ---- | C] ()
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2009/06/11 15:50:57 | 00,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/06/11 15:50:57 | 00,000,000 | ---D | C]
localspl.dll -> C:\Windows\SysNative\localspl.dll -> [2009/06/11 08:21:27 | 00,791,552 | ---- | C] ()
localspl.dll -> C:\Windows\SysWow64\localspl.dll -> [2009/06/11 08:21:27 | 00,636,928 | ---- | C] (Microsoft Corporation)
rpcrt4.dll -> C:\Windows\SysNative\rpcrt4.dll -> [2009/06/11 08:21:18 | 01,280,512 | ---- | C] ()
rpcrt4.dll -> C:\Windows\SysWow64\rpcrt4.dll -> [2009/06/11 08:21:18 | 00,677,376 | ---- | C] (Microsoft Corporation)
mshtml.dll -> C:\Windows\SysNative\mshtml.dll -> [2009/06/11 08:21:04 | 09,234,432 | ---- | C] ()
mshtml.dll -> C:\Windows\SysWow64\mshtml.dll -> [2009/06/11 08:21:04 | 05,936,128 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysWow64\ieframe.dll -> [2009/06/11 08:21:02 | 11,064,832 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysNative\ieframe.dll -> [2009/06/11 08:21:01 | 12,454,912 | ---- | C] ()
iertutil.dll -> C:\Windows\SysWow64\iertutil.dll -> [2009/06/11 08:21:01 | 01,985,024 | ---- | C] (Microsoft Corporation)
iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2009/06/11 08:21:00 | 02,332,672 | ---- | C] ()
urlmon.dll -> C:\Windows\SysNative\urlmon.dll -> [2009/06/11 08:21:00 | 01,484,288 | ---- | C] ()
urlmon.dll -> C:\Windows\SysWow64\urlmon.dll -> [2009/06/11 08:21:00 | 01,207,808 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2009/06/11 08:21:00 | 00,915,456 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2009/06/11 08:20:59 | 01,146,368 | ---- | C] ()
iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2009/06/11 08:20:59 | 00,457,728 | ---- | C] ()
iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2009/06/11 08:20:59 | 00,385,536 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2009/06/11 08:20:58 | 01,469,440 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2009/06/11 08:20:57 | 01,538,560 | ---- | C] ()
ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2009/06/11 08:20:57 | 00,164,352 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2009/06/11 08:20:57 | 00,070,656 | ---- | C] ()
jsproxy.dll -> C:\Windows\SysWow64\jsproxy.dll -> [2009/06/11 08:20:57 | 00,025,600 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2009/06/11 08:20:56 | 00,219,136 | ---- | C] ()
ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2009/06/11 08:20:56 | 00,173,056 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2009/06/11 08:20:56 | 00,072,192 | ---- | C] ()
jsproxy.dll -> C:\Windows\SysNative\jsproxy.dll -> [2009/06/11 08:20:56 | 00,031,744 | ---- | C] ()
iesetup.dll -> C:\Windows\SysNative\iesetup.dll -> [2009/06/11 08:20:55 | 00,077,312 | ---- | C] ()
iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2009/06/11 08:20:55 | 00,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2009/06/11 08:20:55 | 00,055,808 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysWow64\mshtml.tlb -> [2009/06/11 08:20:54 | 01,638,912 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysNative\mshtml.tlb -> [2009/06/11 08:20:54 | 01,638,912 | ---- | C] ()
win32k.sys -> C:\Windows\SysNative\win32k.sys -> [2009/06/11 08:20:46 | 02,742,272 | ---- | C] ()
Rachel's Sophomore end-of-year chorus concert.wmv -> C:\Users\Cindy\Desktop\Rachel's Sophomore end-of-year chorus concert.wmv -> [2009/06/09 16:27:06 | 13,855,2917 | ---- | C] ()
DSC00339.JPG -> C:\Users\Cindy\Documents\DSC00339.JPG -> [2009/06/08 16:14:50 | 01,486,728 | ---- | C] ()
DSC00336.JPG -> C:\Users\Cindy\Documents\DSC00336.JPG -> [2009/06/08 16:14:50 | 01,485,652 | ---- | C] ()
DSC00338.JPG -> C:\Users\Cindy\Documents\DSC00338.JPG -> [2009/06/08 16:14:50 | 01,468,936 | ---- | C] ()
DSC00337.JPG -> C:\Users\Cindy\Documents\DSC00337.JPG -> [2009/06/08 16:14:50 | 01,456,489 | ---- | C] ()
DSC00335.JPG -> C:\Users\Cindy\Documents\DSC00335.JPG -> [2009/06/08 16:14:50 | 01,370,851 | ---- | C] ()
lsdelete.exe -> C:\Windows\SysNative\lsdelete.exe -> [2009/06/05 00:10:38 | 00,015,688 | ---- | C] ()
Lbd.sys -> C:\Windows\SysNative\drivers\Lbd.sys -> [2009/06/04 22:01:41 | 00,068,640 | ---- | C] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2009/06/04 21:59:57 | 00,000,496 | ---- | C] ()
{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} -> C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} -> [2009/06/04 21:55:44 | 00,000,000 | -H-D | C]
Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2009/06/04 21:55:42 | 00,001,049 | ---- | C] ()
Lavasoft -> C:\ProgramData\Lavasoft -> [2009/06/04 21:55:37 | 00,000,000 | ---D | C]
Lavasoft -> C:\Program Files (x86)\Lavasoft -> [2009/06/04 21:55:37 | 00,000,000 | ---D | C]
HijackThis.lnk -> C:\Users\Cindy\Desktop\HijackThis.lnk -> [2009/06/04 21:41:02 | 00,001,928 | ---- | C] ()
Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2009/06/04 21:41:02 | 00,000,000 | ---D | C]
infocardcpl.cpl -> C:\Windows\SysNative\infocardcpl.cpl -> [2009/06/04 08:27:40 | 00,049,160 | ---- | C] ()
infocardcpl.cpl -> C:\Windows\SysWow64\infocardcpl.cpl -> [2009/06/04 08:27:40 | 00,037,384 | ---- | C] (Microsoft Corporation)
icardres.dll -> C:\Windows\SysNative\icardres.dll -> [2009/06/04 08:27:20 | 00,011,264 | ---- | C] ()
icardres.dll -> C:\Windows\SysWow64\icardres.dll -> [2009/06/04 08:27:18 | 00,011,264 | ---- | C] (Microsoft Corporation)
PresentationHostProxy.dll -> C:\Windows\SysNative\PresentationHostProxy.dll -> [2009/06/04 08:27:16 | 00,052,760 | ---- | C] ()
PresentationHostProxy.dll -> C:\Windows\SysWow64\PresentationHostProxy.dll -> [2009/06/04 08:27:15 | 00,043,544 | ---- | C] (Microsoft Corporation)
PresentationNative_v0300.dll -> C:\Windows\SysNative\PresentationNative_v0300.dll -> [2009/06/04 08:27:14 | 01,168,928 | ---- | C] ()
PresentationNative_v0300.dll -> C:\Windows\SysWow64\PresentationNative_v0300.dll -> [2009/06/04 08:27:14 | 00,781,344 | ---- | C] (Microsoft Corporation)
infocardapi.dll -> C:\Windows\SysNative\infocardapi.dll -> [2009/06/04 08:27:14 | 00,167,432 | ---- | C] ()
infocardapi.dll -> C:\Windows\SysWow64\infocardapi.dll -> [2009/06/04 08:27:14 | 00,097,800 | ---- | C] (Microsoft Corporation)
icardagt.exe -> C:\Windows\SysNative\icardagt.exe -> [2009/06/04 08:27:13 | 01,383,936 | ---- | C] ()
icardagt.exe -> C:\Windows\SysWow64\icardagt.exe -> [2009/06/04 08:27:13 | 00,622,080 | ---- | C] (Microsoft Corporation)
PresentationCFFRasterizerNative_v0300.dll -> C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll -> [2009/06/04 08:26:55 | 00,105,016 | ---- | C] (Microsoft Corporation)
PresentationCFFRasterizerNative_v0300.dll -> C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll -> [2009/06/04 08:26:54 | 00,126,520 | ---- | C] ()
PresentationHost.exe -> C:\Windows\SysNative\PresentationHost.exe -> [2009/06/04 08:26:49 | 00,357,904 | ---- | C] ()
PresentationHost.exe -> C:\Windows\SysWow64\PresentationHost.exe -> [2009/06/04 08:26:49 | 00,326,160 | ---- | C] (Microsoft Corporation)
netfxperf.dll -> C:\Windows\SysNative\netfxperf.dll -> [2009/06/04 08:09:08 | 00,013,824 | ---- | C] ()
netfxperf.dll -> C:\Windows\SysWow64\netfxperf.dll -> [2009/06/04 08:09:07 | 00,041,984 | ---- | C] (Microsoft Corporation)
dfshim.dll -> C:\Windows\SysNative\dfshim.dll -> [2009/06/04 08:07:54 | 00,112,120 | ---- | C] ()
dfshim.dll -> C:\Windows\SysWow64\dfshim.dll -> [2009/06/04 08:07:54 | 00,096,760 | ---- | C] (Microsoft Corporation)
mscoree.dll -> C:\Windows\SysWow64\mscoree.dll -> [2009/06/04 08:07:08 | 00,282,112 | ---- | C] (Microsoft Corporation)
mscoree.dll -> C:\Windows\SysNative\mscoree.dll -> [2009/06/04 08:07:06 | 00,406,528 | ---- | C] ()
mscorier.dll -> C:\Windows\SysWow64\mscorier.dll -> [2009/06/04 08:06:09 | 00,158,720 | ---- | C] (Microsoft Corporation)
mscorier.dll -> C:\Windows\SysNative\mscorier.dll -> [2009/06/04 08:06:09 | 00,158,208 | ---- | C] ()
mscories.dll -> C:\Windows\SysNative\mscories.dll -> [2009/06/04 08:05:56 | 00,076,288 | ---- | C] ()
mscories.dll -> C:\Windows\SysWow64\mscories.dll -> [2009/06/04 08:05:45 | 00,083,968 | ---- | C] (Microsoft Corporation)
admparse.dll -> C:\Windows\SysNative\admparse.dll -> [2009/06/04 07:54:17 | 00,088,064 | ---- | C] ()
advpack.dll -> C:\Windows\SysNative\advpack.dll -> [2009/06/04 07:54:16 | 00,161,792 | ---- | C] ()
advpack.dll -> C:\Windows\SysWow64\advpack.dll -> [2009/06/04 07:54:16 | 00,128,512 | ---- | C] (Microsoft Corporation)
icardie.dll -> C:\Windows\SysNative\icardie.dll -> [2009/06/04 07:54:16 | 00,085,504 | ---- | C] ()
admparse.dll -> C:\Windows\SysWow64\admparse.dll -> [2009/06/04 07:54:16 | 00,072,704 | ---- | C] (Microsoft Corporation)
icardie.dll -> C:\Windows\SysWow64\icardie.dll -> [2009/06/04 07:54:16 | 00,059,904 | ---- | C] (Microsoft Corporation)
corpol.dll -> C:\Windows\SysNative\corpol.dll -> [2009/06/04 07:54:16 | 00,022,528 | ---- | C] ()
msls31.dll -> C:\Windows\SysNative\msls31.dll -> [2009/06/04 07:54:15 | 00,223,232 | ---- | C] ()
ieakeng.dll -> C:\Windows\SysNative\ieakeng.dll -> [2009/06/04 07:54:15 | 00,157,696 | ---- | C] ()
ieakeng.dll -> C:\Windows\SysWow64\ieakeng.dll -> [2009/06/04 07:54:15 | 00,125,952 | ---- | C] (Microsoft Corporation)
corpol.dll -> C:\Windows\SysWow64\corpol.dll -> [2009/06/04 07:54:15 | 00,018,944 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2009/06/04 07:54:15 | 00,012,800 | ---- | C] ()
tdc.ocx -> C:\Windows\SysNative\tdc.ocx -> [2009/06/04 07:54:14 | 00,077,824 | ---- | C] ()
tdc.ocx -> C:\Windows\SysWow64\tdc.ocx -> [2009/06/04 07:54:14 | 00,066,560 | ---- | C] (Microsoft Corporation)
imgutil.dll -> C:\Windows\SysNative\imgutil.dll -> [2009/06/04 07:54:14 | 00,052,736 | ---- | C] ()
msls31.dll -> C:\Windows\SysWow64\msls31.dll -> [2009/06/04 07:54:13 | 00,156,160 | ---- | C] (Microsoft Corporation)
inseng.dll -> C:\Windows\SysNative\inseng.dll -> [2009/06/04 07:54:13 | 00,125,952 | ---- | C] ()
wextract.exe -> C:\Windows\SysNative\wextract.exe -> [2009/06/04 07:54:13 | 00,076,288 | ---- | C] ()
msfeedsbs.dll -> C:\Windows\SysNative\msfeedsbs.dll -> [2009/06/04 07:54:13 | 00,071,680 | ---- | C] ()
wextract.exe -> C:\Windows\SysWow64\wextract.exe -> [2009/06/04 07:54:13 | 00,066,560 | ---- | C] (Microsoft Corporation)
pngfilt.dll -> C:\Windows\SysNative\pngfilt.dll -> [2009/06/04 07:54:13 | 00,063,488 | ---- | C] ()
ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2009/06/04 07:54:13 | 00,057,667 | ---- | C] ()
ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2009/06/04 07:54:13 | 00,057,667 | ---- | C] ()
licmgr10.dll -> C:\Windows\SysNative\licmgr10.dll -> [2009/06/04 07:54:13 | 00,055,808 | ---- | C] ()
msfeedsbs.dll -> C:\Windows\SysWow64\msfeedsbs.dll -> [2009/06/04 07:54:13 | 00,055,296 | ---- | C] (Microsoft Corporation)
pngfilt.dll -> C:\Windows\SysWow64\pngfilt.dll -> [2009/06/04 07:54:13 | 00,046,592 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2009/06/04 07:54:13 | 00,013,312 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2009/06/04 07:54:12 | 00,700,928 | ---- | C] ()
ieapfltr.dll -> C:\Windows\SysNative\ieapfltr.dll -> [2009/06/04 07:54:12 | 00,481,280 | ---- | C] ()
ieapfltr.dll -> C:\Windows\SysWow64\ieapfltr.dll -> [2009/06/04 07:54:12 | 00,445,952 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\SysWow64\mstime.dll -> [2009/06/04 07:54:11 | 00,611,840 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2009/06/04 07:54:11 | 00,594,432 | ---- | C] (Microsoft Corporation)
dxtmsft.dll -> C:\Windows\SysNative\dxtmsft.dll -> [2009/06/04 07:54:11 | 00,508,416 | ---- | C] ()
dxtmsft.dll -> C:\Windows\SysWow64\dxtmsft.dll -> [2009/06/04 07:54:11 | 00,348,160 | ---- | C] (Microsoft Corporation)
dxtrans.dll -> C:\Windows\SysNative\dxtrans.dll -> [2009/06/04 07:54:11 | 00,318,464 | ---- | C] ()
dxtrans.dll -> C:\Windows\SysWow64\dxtrans.dll -> [2009/06/04 07:54:11 | 00,216,064 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\SysNative\occache.dll -> [2009/06/04 07:54:11 | 00,146,432 | ---- | C] ()
imgutil.dll -> C:\Windows\SysWow64\imgutil.dll -> [2009/06/04 07:54:11 | 00,034,816 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\SysNative\mstime.dll -> [2009/06/04 07:54:10 | 01,062,912 | ---- | C] ()
iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2009/06/04 07:54:10 | 00,252,416 | ---- | C] ()
iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2009/06/04 07:54:10 | 00,183,808 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\SysWow64\occache.dll -> [2009/06/04 07:54:10 | 00,109,568 | ---- | C] (Microsoft Corporation)
mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2009/06/04 07:54:10 | 00,096,768 | ---- | C] ()
inseng.dll -> C:\Windows\SysWow64\inseng.dll -> [2009/06/04 07:54:10 | 00,094,720 | ---- | C] (Microsoft Corporation)
licmgr10.dll -> C:\Windows\SysWow64\licmgr10.dll -> [2009/06/04 07:54:10 | 00,043,008 | ---- | C] (Microsoft Corporation)
webcheck.dll -> C:\Windows\SysNative\webcheck.dll -> [2009/06/04 07:54:09 | 00,304,640 | ---- | C] ()
ieaksie.dll -> C:\Windows\SysNative\ieaksie.dll -> [2009/06/04 07:54:09 | 00,271,872 | ---- | C] ()
msrating.dll -> C:\Windows\SysNative\msrating.dll -> [2009/06/04 07:54:09 | 00,241,664 | ---- | C] ()
webcheck.dll -> C:\Windows\SysWow64\webcheck.dll -> [2009/06/04 07:54:09 | 00,236,544 | ---- | C] (Microsoft Corporation)
ieaksie.dll -> C:\Windows\SysWow64\ieaksie.dll -> [2009/06/04 07:54:09 | 00,229,376 | ---- | C] (Microsoft Corporation)
msrating.dll -> C:\Windows\SysWow64\msrating.dll -> [2009/06/04 07:54:09 | 00,193,536 | ---- | C] (Microsoft Corporation)
ieakui.dll -> C:\Windows\SysWow64\ieakui.dll -> [2009/06/04 07:54:09 | 00,163,840 | ---- | C] (Microsoft Corporation)
ieakui.dll -> C:\Windows\SysNative\ieakui.dll -> [2009/06/04 07:54:09 | 00,163,840 | ---- | C] ()
mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2009/06/04 07:54:09 | 00,066,560 | ---- | C] (Microsoft Corporation)
WinFXDocObj.exe -> C:\Windows\SysNative\WinFXDocObj.exe -> [2009/06/04 07:54:08 | 00,278,528 | ---- | C] ()
WinFXDocObj.exe -> C:\Windows\SysWow64\WinFXDocObj.exe -> [2009/06/04 07:54:08 | 00,208,384 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2009/06/04 07:54:08 | 00,161,792 | ---- | C] ()
iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2009/06/04 07:54:08 | 00,132,096 | ---- | C] ()
PDMSetup.exe -> C:\Windows\SysNative\PDMSetup.exe -> [2009/06/04 07:54:08 | 00,131,584 | ---- | C] ()
RegisterIEPKEYs.exe -> C:\Windows\SysNative\RegisterIEPKEYs.exe -> [2009/06/04 07:54:08 | 00,129,024 | ---- | C] ()
SetIEInstalledDate.exe -> C:\Windows\SysNative\SetIEInstalledDate.exe -> [2009/06/04 07:54:08 | 00,128,512 | ---- | C] ()
SetDepNx.exe -> C:\Windows\SysNative\SetDepNx.exe -> [2009/06/04 07:54:08 | 00,125,440 | ---- | C] ()
mshta.exe -> C:\Windows\SysNative\mshta.exe -> [2009/06/04 07:54:08 | 00,041,984 | ---- | C] ()
jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2009/06/04 07:54:07 | 00,817,664 | ---- | C] ()
jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2009/06/04 07:54:07 | 00,726,528 | ---- | C] (Microsoft Corporation)
vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2009/06/04 07:54:07 | 00,612,864 | ---- | C] ()
vbscript.dll -> C:\Windows\SysWow64\vbscript.dll -> [2009/06/04 07:54:07 | 00,420,352 | ---- | C] (Microsoft Corporation)
url.dll -> C:\Windows\SysNative\url.dll -> [2009/06/04 07:54:07 | 00,108,032 | ---- | C] ()
url.dll -> C:\Windows\SysWow64\url.dll -> [2009/06/04 07:54:07 | 00,105,984 | ---- | C] (Microsoft Corporation)
mshtmler.dll -> C:\Windows\SysWow64\mshtmler.dll -> [2009/06/04 07:54:06 | 00,048,128 | ---- | C] (Microsoft Corporation)
mshtmler.dll -> C:\Windows\SysNative\mshtmler.dll -> [2009/06/04 07:54:06 | 00,048,128 | ---- | C] ()
html.iec -> C:\Windows\SysNative\html.iec -> [2009/06/04 07:54:05 | 00,479,744 | ---- | C] ()
html.iec -> C:\Windows\SysWow64\html.iec -> [2009/06/04 07:54:05 | 00,385,024 | ---- | C] (Microsoft Corporation)
iexpress.exe -> C:\Windows\SysWow64\iexpress.exe -> [2009/06/04 07:54:05 | 00,169,472 | ---- | C] (Microsoft Corporation)
mshta.exe -> C:\Windows\SysWow64\mshta.exe -> [2009/06/04 07:54:05 | 00,045,568 | ---- | C] (Microsoft Corporation)
ieapfltr.dat -> C:\Windows\SysWow64\ieapfltr.dat -> [2009/06/04 07:54:04 | 03,698,584 | ---- | C] (Microsoft Corporation)
ieapfltr.dat -> C:\Windows\SysNative\ieapfltr.dat -> [2009/06/04 07:54:04 | 03,698,584 | ---- | C] ()
iexpress.exe -> C:\Windows\SysNative\iexpress.exe -> [2009/06/04 07:54:04 | 00,193,536 | ---- | C] ()
ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2009/06/04 07:54:04 | 00,132,608 | ---- | C] (Microsoft Corporation)
PDMSetup.exe -> C:\Windows\SysWow64\PDMSetup.exe -> [2009/06/04 07:54:04 | 00,109,568 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2009/06/04 07:54:04 | 00,109,056 | ---- | C] (Microsoft Corporation)
RegisterIEPKEYs.exe -> C:\Windows\SysWow64\RegisterIEPKEYs.exe -> [2009/06/04 07:54:04 | 00,107,520 | ---- | C] (Microsoft Corporation)
SetIEInstalledDate.exe -> C:\Windows\SysWow64\SetIEInstalledDate.exe -> [2009/06/04 07:54:04 | 00,107,008 | ---- | C] (Microsoft Corporation)
SetDepNx.exe -> C:\Windows\SysWow64\SetDepNx.exe -> [2009/06/04 07:54:04 | 00,103,936 | ---- | C] (Microsoft Corporation)
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2009/06/02 17:58:48 | 00,001,804 | ---- | C] ()
iPod -> C:\Program Files (x86)\iPod -> [2009/06/02 17:58:25 | 00,000,000 | ---D | C]
iTunes -> C:\Program Files\iTunes -> [2009/06/02 17:58:22 | 00,000,000 | ---D | C]
iTunes -> C:\Program Files (x86)\iTunes -> [2009/06/02 17:58:22 | 00,000,000 | ---D | C]
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2009/06/02 17:56:23 | 00,001,756 | ---- | C] ()
QuickTime -> C:\Program Files (x86)\QuickTime -> [2009/06/02 17:56:00 | 00,000,000 | ---D | C]
Internet Saving Optimizer -> C:\Program Files (x86)\Internet Saving Optimizer -> [2009/06/01 19:34:29 | 00,000,000 | ---D | C]
DoubleD -> C:\Program Files (x86)\DoubleD -> [2009/06/01 19:33:49 | 00,000,000 | ---D | C]
SIntfNT.dll -> C:\Windows\SysWow64\SIntfNT.dll -> [2009/05/30 23:17:19 | 00,021,840 | ---- | C] ()
SIntf32.dll -> C:\Windows\SysWow64\SIntf32.dll -> [2009/05/30 23:17:19 | 00,017,212 | ---- | C] ()
SIntf16.dll -> C:\Windows\SysWow64\SIntf16.dll -> [2009/05/30 23:17:19 | 00,012,067 | ---- | C] ()
DIIUnin.dat -> C:\Windows\DIIUnin.dat -> [2009/05/30 22:21:51 | 00,038,627 | ---- | C] ()
Diablo II.lnk -> C:\Users\Public\Desktop\Diablo II.lnk -> [2009/05/30 22:21:51 | 00,001,740 | ---- | C] ()
DIIUnin.pif -> C:\Windows\DIIUnin.pif -> [2009/05/30 22:21:47 | 00,002,829 | ---- | C] ()
DIIUnin.exe -> C:\Windows\DIIUnin.exe -> [2009/05/30 22:21:46 | 00,094,208 | ---- | C] (Blizzard Entertainment)
Diablo II -> C:\Program Files (x86)\Diablo II -> [2009/05/30 22:08:14 | 00,000,000 | ---D | C]
lxcgserv.dll -> C:\Windows\SysWow64\lxcgserv.dll -> [2009/03/03 20:55:30 | 01,224,704 | ---- | C] ( )
lxcgusb1.dll -> C:\Windows\SysWow64\lxcgusb1.dll -> [2009/03/03 20:55:30 | 00,995,328 | ---- | C] ( )
lxcghbn3.dll -> C:\Windows\SysWow64\lxcghbn3.dll -> [2009/03/03 20:55:30 | 00,696,320 | ---- | C] ( )
lxcgcomc.dll -> C:\Windows\SysWow64\lxcgcomc.dll -> [2009/03/03 20:55:30 | 00,684,032 | ---- | C] ( )
lxcgpmui.dll -> C:\Windows\SysWow64\lxcgpmui.dll -> [2009/03/03 20:55:30 | 00,643,072 | ---- | C] ( )
lxcglmpm.dll -> C:\Windows\SysWow64\lxcglmpm.dll -> [2009/03/03 20:55:30 | 00,585,728 | ---- | C] ( )
lxcgcomm.dll -> C:\Windows\SysWow64\lxcgcomm.dll -> [2009/03/03 20:55:30 | 00,421,888 | ---- | C] ( )
lxcginpa.dll -> C:\Windows\SysWow64\lxcginpa.dll -> [2009/03/03 20:55:30 | 00,413,696 | ---- | C] ( )
lxcgiesc.dll -> C:\Windows\SysWow64\lxcgiesc.dll -> [2009/03/03 20:55:30 | 00,397,312 | ---- | C] ( )
lxcgcomx.dll -> C:\Windows\SysWow64\lxcgcomx.dll -> [2009/03/03 20:55:30 | 00,385,024 | ---- | C] ()
lxcginst.dll -> C:\Windows\SysWow64\lxcginst.dll -> [2009/03/03 20:55:30 | 00,274,432 | ---- | C] ()
lxcgprox.dll -> C:\Windows\SysWow64\lxcgprox.dll -> [2009/03/03 20:55:30 | 00,163,840 | ---- | C] ( )
lxcgpplc.dll -> C:\Windows\SysWow64\lxcgpplc.dll -> [2009/03/03 20:55:30 | 00,094,208 | ---- | C] ( )
lxdpserv.dll -> C:\Windows\SysWow64\lxdpserv.dll -> [2009/03/03 19:26:42 | 01,101,824 | ---- | C] ( )
lxdpusb1.dll -> C:\Windows\SysWow64\lxdpusb1.dll -> [2009/03/03 19:26:42 | 00,843,776 | ---- | C] ( )
lxdppmui.dll -> C:\Windows\SysWow64\lxdppmui.dll -> [2009/03/03 19:26:42 | 00,647,168 | ---- | C] ( )
lxdpinpa.dll -> C:\Windows\SysWow64\lxdpinpa.dll -> [2009/03/03 19:26:42 | 00,364,544 | ---- | C] ( )
LXDPinst.dll -> C:\Windows\SysWow64\LXDPinst.dll -> [2009/03/03 19:26:42 | 00,348,160 | ---- | C] ()
lxdpiesc.dll -> C:\Windows\SysWow64\lxdpiesc.dll -> [2009/03/03 19:26:42 | 00,339,968 | ---- | C] ( )
lxdpcomx.dll -> C:\Windows\SysWow64\lxdpcomx.dll -> [2009/03/03 19:26:42 | 00,335,872 | ---- | C] ()
lxdpprox.dll -> C:\Windows\SysWow64\lxdpprox.dll -> [2009/03/03 19:26:42 | 00,053,248 | ---- | C] ( )
lxdpcomc.dll -> C:\Windows\SysWow64\lxdpcomc.dll -> [2009/03/03 19:26:41 | 00,851,968 | ---- | C] ( )
lxdphbn3.dll -> C:\Windows\SysWow64\lxdphbn3.dll -> [2009/03/03 19:26:41 | 00,663,552 | ---- | C] ( )
lxdplmpm.dll -> C:\Windows\SysWow64\lxdplmpm.dll -> [2009/03/03 19:26:41 | 00,569,344 | ---- | C] ( )
lxdpcomm.dll -> C:\Windows\SysWow64\lxdpcomm.dll -> [2009/03/03 19:26:41 | 00,376,832 | ---- | C] ( )
bdoscandellang.ini -> C:\Windows\bdoscandellang.ini -> [2009/01/05 15:44:10 | 00,000,453 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 22:50:05 | 00,060,124 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/20 22:49:49 | 00,368,640 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 08:34:27 | 00,000,230 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 08:34:27 | 00,000,219 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
140 C:\Users\Cindy\AppData\Local\Temp\*.tmp files -> C:\Users\Cindy\AppData\Local\Temp\*.tmp -> 
NTUSER.DAT -> C:\Users\Cindy\NTUSER.DAT -> [2009/06/29 08:35:52 | 03,145,728 | -HS- | M] ()
Config.MPF -> C:\Windows\SysNative\Config.MPF -> [2009/06/29 08:18:36 | 00,018,839 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/06/29 08:18:02 | 00,067,584 | --S- | M] ()
User_Feed_Synchronization-{D40B38C7-3BBE-46AF-9B87-AE2DE401F5C2}.job -> C:\Windows\tasks\User_Feed_Synchronization-{D40B38C7-3BBE-46AF-9B87-AE2DE401F5C2}.job -> [2009/06/29 06:46:24 | 00,000,422 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/06/29 01:03:02 | 00,003,216 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/06/29 01:03:02 | 00,003,216 | -H-- | M] ()
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/06/29 00:18:21 | 00,005,796 | ---- | M] ()
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/06/29 00:18:21 | 00,000,000 | ---- | M] ()
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/06/29 00:18:20 | 00,022,908 | ---- | M] ()
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/06/29 00:18:20 | 00,000,000 | ---- | M] ()
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/06/29 00:18:19 | 00,135,468 | ---- | M] ()
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/06/29 00:18:16 | 00,003,120 | ---- | M] ()
GoogleUpdateTaskMachine.job -> C:\Windows\tasks\GoogleUpdateTaskMachine.job -> [2009/06/29 00:17:46 | 00,000,894 | ---- | M] ()
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [2009/06/28 23:33:44 | 04,194,304 | ---- | M] ()
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [2009/06/28 23:33:44 | 04,194,304 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/06/28 19:03:05 | 00,000,006 | -H-- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/06/28 19:02:54 | 40,242,62656 | -HS- | M] ()
bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2009/06/28 19:01:52 | 00,000,012 | ---- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Cindy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> [2009/06/28 19:01:47 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> C:\Users\Cindy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> [2009/06/28 19:01:47 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Cindy\AppData\Local\IconCache.db -> [2009/06/28 19:01:44 | 02,239,634 | -H-- | M] ()
Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2009/06/28 13:46:38 | 00,001,917 | ---- | M] ()
OTL.exe -> C:\Users\Cindy\Desktop\OTL.exe -> [2009/06/24 21:32:20 | 00,512,512 | ---- | M] (OldTimer Tools)
dds(2).scr -> C:\Users\Cindy\Desktop\dds(2).scr -> [2009/06/24 16:48:09 | 00,359,893 | ---- | M] ()
Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2009/06/23 16:38:21 | 00,001,866 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2009/06/22 21:59:47 | 00,000,496 | ---- | M] ()
index.dat -> C:\Users\Cindy\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2009/06/21 16:56:09 | 00,032,768 | -HS- | M] ()
index.dat -> C:\Users\Cindy\AppData\Local\Temp\History\History.IE5\index.dat -> [2009/06/21 16:56:09 | 00,032,768 | -HS- | M] ()
index.dat -> C:\Users\Cindy\AppData\Local\Temp\Cookies\index.dat -> [2009/06/21 16:56:09 | 00,016,384 | -HS- | M] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2009/06/20 03:03:13 | 00,721,824 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009/06/20 03:03:13 | 00,604,452 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009/06/20 03:03:13 | 00,105,376 | ---- | M] ()
RSIT.exe -> C:\Users\Cindy\Desktop\RSIT.exe -> [2009/06/17 23:24:04 | 00,781,909 | ---- | M] ()
kaspersky.html -> C:\Users\Cindy\Desktop\kaspersky.html -> [2009/06/17 00:15:20 | 00,002,920 | ---- | M] ()
kspersky error.html -> C:\Users\Cindy\Documents\kspersky error.html -> [2009/06/17 00:14:49 | 00,002,920 | ---- | M] ()
sfdb.dat -> C:\Users\Cindy\AppData\Local\Temp\jkos-Cindy\engine\bases\sfdb.dat -> [2009/06/16 21:00:23 | 00,008,916 | ---- | M] ()
kosglue-7.0.26.0.dll -> C:\Users\Cindy\AppData\Local\Temp\jkos-Cindy\binaries\kosglue-7.0.26.0.dll -> [2009/06/16 20:51:56 | 00,729,152 | ---- | M] (Kaspersky Lab)
prremote.dll -> C:\Users\Cindy\AppData\Local\Temp\jkos-Cindy\binaries\prremote.dll -> [2009/06/16 20:51:56 | 00,090,112 | ---- | M] (Kaspersky Lab)
msvcr80.dll -> C:\Users\Cindy\AppData\Local\Temp\jkos-Cindy\binaries\msvcr80.dll -> [2009/06/16 20:51:55 | 00,626,688 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> C:\Users\Cindy\AppData\Local\Temp\jkos-Cindy\binaries\msvcp80.dll -> [2009/06/16 20:51:55 | 00,548,864 | ---- | M] (Microsoft Corporation)
kave.dll -> C:\Users\Cindy\AppData\Local\Temp\jkos-Cindy\binaries\kave.dll -> [2009/06/16 20:51:55 | 00,282,624 | ---- | M] (Kaspersky Lab.)
prLoader.dll -> C:\Users\Cindy\AppData\Local\Temp\jkos-Cindy\binaries\prLoader.dll -> [2009/06/16 20:51:55 | 00,184,320 | ---- | M] (Kaspersky Lab)
ikave.dll -> C:\Users\Cindy\AppData\Local\Temp\jkos-Cindy\binaries\ikave.dll -> [2009/06/16 20:51:55 | 00,065,536 | ---- | M] ()
ScanningProcess.exe -> C:\Users\Cindy\AppData\Local\Temp\jkos-Cindy\binaries\ScanningProcess.exe -> [2009/06/16 20:51:54 | 00,139,264 | ---- | M] (Kaspersky Lab.)
FSSync.dll -> C:\Users\Cindy\AppData\Local\Temp\jkos-Cindy\binaries\FSSync.dll -> [2009/06/16 20:51:54 | 00,038,400 | ---- | M] (Kaspersky Lab)
msvcm80.dll -> C:\Users\Cindy\AppData\Local\Temp\jkos-Cindy\binaries\msvcm80.dll -> [2009/06/16 20:51:53 | 00,479,232 | ---- | M] (Microsoft Corporation)
DrWeb.csv -> C:\Users\Cindy\Desktop\DrWeb.csv -> [2009/06/15 16:17:30 | 00,000,342 | ---- | M] ()
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [2009/06/15 12:59:40 | 00,008,314 | ---- | M] ()
DrWeb.csv -> C:\Users\Cindy\Documents\DrWeb.csv -> [2009/06/15 12:52:00 | 00,000,342 | ---- | M] ()
s2845924.exe -> C:\Users\Cindy\Desktop\s2845924.exe -> [2009/06/15 11:53:51 | 14,427,984 | ---- | M] (Doctor Web, Ltd.)
tmp.reg -> C:\Windows\SysWow64\tmp.reg -> [2009/06/15 10:47:36 | 00,007,130 | ---- | M] ()
SmitfraudFix.exe -> C:\Users\Cindy\AppData\Local\Temp\Saf6A5E.tmp\SmitfraudFix.exe -> [2009/06/15 08:45:29 | 01,884,866 | ---- | M] ()
SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2009/06/14 12:52:24 | 00,000,944 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009/06/13 14:11:21 | 00,690,960 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2009/06/13 10:08:10 | 00,374,480 | ---- | M] ()
HPDailySurprise.lnk -> C:\Users\Public\Desktop\HPDailySurprise.lnk -> [2009/06/12 19:02:58 | 00,000,852 | ---- | M] ()
HpDailySurprise.air -> C:\Users\Cindy\Desktop\HpDailySurprise.air -> [2009/06/12 19:02:21 | 00,430,854 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/06/12 16:49:27 | 00,015,360 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/06/11 15:51:01 | 00,000,848 | ---- | M] ()
d3d9caps.dat -> C:\Users\Cindy\AppData\Local\d3d9caps.dat -> [2009/06/05 14:13:26 | 00,006,836 | ---- | M] ()
Rachel's Sophomore end-of-year chorus concert.wmv -> C:\Users\Cindy\Desktop\Rachel's Sophomore end-of-year chorus concert.wmv -> [2009/06/04 23:03:05 | 13,855,2917 | ---- | M] ()
Lbd.sys -> C:\Windows\SysNative\drivers\Lbd.sys -> [2009/06/04 22:01:32 | 00,068,640 | ---- | M] ()
lsdelete.exe -> C:\Windows\SysNative\lsdelete.exe -> [2009/06/04 22:01:30 | 00,015,688 | ---- | M] ()
Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2009/06/04 21:55:42 | 00,001,049 | ---- | M] ()
HijackThis.lnk -> C:\Users\Cindy\Desktop\HijackThis.lnk -> [2009/06/04 21:41:02 | 00,001,928 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/06/04 12:13:46 | 00,106,160 | ---- | M] ()
DSC00339.JPG -> C:\Users\Cindy\Documents\DSC00339.JPG -> [2009/06/04 11:10:28 | 01,486,728 | ---- | M] ()
DSC00338.JPG -> C:\Users\Cindy\Documents\DSC00338.JPG -> [2009/06/04 11:10:12 | 01,468,936 | ---- | M] ()
DSC00337.JPG -> C:\Users\Cindy\Documents\DSC00337.JPG -> [2009/06/04 11:03:50 | 01,456,489 | ---- | M] ()
DSC00336.JPG -> C:\Users\Cindy\Documents\DSC00336.JPG -> [2009/06/04 11:03:22 | 01,485,652 | ---- | M] ()
DSC00335.JPG -> C:\Users\Cindy\Documents\DSC00335.JPG -> [2009/06/04 11:02:48 | 01,370,851 | ---- | M] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2009/06/02 17:58:48 | 00,001,804 | ---- | M] ()
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2009/06/02 17:56:23 | 00,001,756 | ---- | M] ()
WS2Fix.exe -> C:\Windows\SysWow64\WS2Fix.exe -> [2009/06/02 11:17:27 | 00,075,776 | ---- | M] ()
win.ini -> C:\Windows\win.ini -> [2009/06/01 19:35:13 | 00,000,230 | ---- | M] ()
mrt.exe -> C:\Windows\SysNative\mrt.exe -> [2009/06/01 13:16:48 | 25,255,368 | ---- | M] ()
McQcTask.job -> C:\Windows\tasks\McQcTask.job -> [2009/06/01 01:20:00 | 00,000,332 | ---- | M] ()
SIntfNT.dll -> C:\Windows\SysWow64\SIntfNT.dll -> [2009/05/30 23:17:19 | 00,021,840 | ---- | M] ()
SIntf32.dll -> C:\Windows\SysWow64\SIntf32.dll -> [2009/05/30 23:17:19 | 00,017,212 | ---- | M] ()
SIntf16.dll -> C:\Windows\SysWow64\SIntf16.dll -> [2009/05/30 23:17:19 | 00,012,067 | ---- | M] ()
DIIUnin.dat -> C:\Windows\DIIUnin.dat -> [2009/05/30 23:13:40 | 00,038,627 | ---- | M] ()
Diablo II.lnk -> C:\Users\Public\Desktop\Diablo II.lnk -> [2009/05/30 22:21:51 | 00,001,740 | ---- | M] ()
DIIUnin.pif -> C:\Windows\DIIUnin.pif -> [2009/05/30 22:21:47 | 00,002,829 | ---- | M] ()
DIIUnin.exe -> C:\Windows\DIIUnin.exe -> [2009/05/30 22:21:46 | 00,094,208 | ---- | M] (Blizzard Entertainment)
SSUPDATE.EXE -> C:\Users\Cindy\AppData\Local\Temp\SSUPDATE.EXE -> [2009/05/26 10:05:50 | 00,158,960 | ---- | M] (SUPERAntiSpyware.com)
wkcalcat.dat -> C:\ProgramData\Microsoft\Works\wkcalcat.dat -> [2009/04/06 13:04:06 | 00,016,384 | ---- | M] ()
powder.exe -> C:\Users\Cindy\AppData\Local\Temp\Temp1_powder.zip\powder.exe -> [2009/03/19 22:21:22 | 00,356,352 | ---- | M] ()
SDL.dll -> C:\Users\Cindy\AppData\Local\Temp\Temp1_powder.zip\SDL.dll -> [2009/03/19 22:21:20 | 00,320,512 | ---- | M] ()
ISBEW64.exe -> C:\Users\Cindy\AppData\Local\Temp\{DFDE4778-E78D-447D-9DC0-F35958473725}\ISBEW64.exe -> [2009/03/02 21:28:43 | 00,120,768 | ---- | M] (Macrovision Corporation)
Cindy.dat -> C:\ProgramData\Microsoft\User Account Pictures\Cindy.dat -> [2009/02/19 13:10:09 | 00,000,000 | ---- | M] ()
procexp.exe -> C:\Users\Cindy\AppData\Local\Temp\Temp1_ProcessExplorer.zip\procexp.exe -> [2009/02/03 10:32:28 | 03,550,592 | ---- | M] (Sysinternals - www.sysinternals.com)
setup.exe -> C:\Users\Cindy\AppData\Local\Temp\{D38EBD88-416F-44B2-A2E0-F7FEDC3EF52B}\setup.exe -> [2006/08/11 14:23:07 | 06,420,979 | ---- | M] (Nova Development										  )
d2l_Install.exe -> C:\Users\Cindy\AppData\Local\Temp\d2l_Install.exe -> [2001/05/09 20:19:26 | 00,352,256 | ---- | M] (Blizzard Entertainment)
binkw32.dll -> C:\Users\Cindy\AppData\Local\Temp\binkw32.dll -> [2000/04/06 08:00:00 | 00,263,168 | ---- | M] ()
< End of report >









Statistics

Time


02:24:05

Files


347860

Folders


32392

Boot Sectors


0

Archives


2841

Packed Files


18111







Results

Identified Viruses


2

Infected Files


9

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


9







Engines Info

Virus Definitions


3750954

Engine build


AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins


17

Archive plugins


44

Unpack plugins


7

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\wtap.dll


Infected with: Gen:Trojan.Heur.A13DC22D2D

C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\wtap.dll


Disinfection failed

C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\wtap.dll


Deleted

C:\Program Files (x86)\HP Games\Chuzzle Deluxe\wtap.dll


Infected with: Gen:Trojan.Heur.A13DC22D2D

C:\Program Files (x86)\HP Games\Chuzzle Deluxe\wtap.dll


Disinfection failed

C:\Program Files (x86)\HP Games\Chuzzle Deluxe\wtap.dll


Deleted

C:\Program Files (x86)\HP Games\Cinema Tycoon\wtap.dll


Infected with: Gen:Trojan.Heur.21AD52BDBD

C:\Program Files (x86)\HP Games\Cinema Tycoon\wtap.dll


Disinfection failed

C:\Program Files (x86)\HP Games\Cinema Tycoon\wtap.dll


Deleted

C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\wtap.dll


Infected with: Gen:Trojan.Heur.21AD52BDBD

C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\wtap.dll


Disinfection failed

C:\Program Files (x86)\HP Games\Farm Frenzy - Pizza Party\wtap.dll


Deleted

C:\Program Files (x86)\HP Games\GameHouse Solitaire Challenge\wtap.dll


Infected with: Gen:Trojan.Heur.21AD52BDBD

C:\Program Files (x86)\HP Games\GameHouse Solitaire Challenge\wtap.dll


Disinfection failed

C:\Program Files (x86)\HP Games\GameHouse Solitaire Challenge\wtap.dll


Deleted

C:\Program Files (x86)\HP Games\Garden Dreams\wtap.dll


Infected with: Gen:Trojan.Heur.21AD52BDBD

C:\Program Files (x86)\HP Games\Garden Dreams\wtap.dll


Disinfection failed

C:\Program Files (x86)\HP Games\Garden Dreams\wtap.dll


Deleted

C:\Program Files (x86)\HP Games\Jewel Match 2\wtap.dll


Infected with: Gen:Trojan.Heur.21AD52BDBD

C:\Program Files (x86)\HP Games\Jewel Match 2\wtap.dll


Disinfection failed

C:\Program Files (x86)\HP Games\Jewel Match 2\wtap.dll


Deleted

C:\Program Files (x86)\HP Games\Numba\wtap.dll


Infected with: Gen:Trojan.Heur.21AD52BDBD

C:\Program Files (x86)\HP Games\Numba\wtap.dll


Disinfection failed

C:\Program Files (x86)\HP Games\Numba\wtap.dll


Deleted

C:\Program Files (x86)\HP Games\Virtual Families\wtap.dll


Infected with: Gen:Trojan.Heur.21AD52BDBD

C:\Program Files (x86)\HP Games\Virtual Families\wtap.dll


Disinfection failed

C:\Program Files (x86)\HP Games\Virtual Families\wtap.dll


Deleted

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 29 June 2009 - 10:16 PM

Hi again.
Your doing fine.
This is a tough one!
Please do this....................

I would like you to go to add/remove and completely uninstall Mozilla Firefox. Then I would like you to delete the Moxilla Firefox folder in its entirety.

Instructions for Add/Remove

- Start
- Search
- Copy and paste C:\Program Files
- Select the Mozilla Firefox folder
- Right mouse click and Delete
- Reboot
- Now reinstall Firefox here

==========

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\Users\Cindy\AppData\Local\Temp\Temp1_powder.zip\SDL.dll
C:\Users\Cindy\AppData\Local\Temp\Temp1_powder.zip\powder.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

==========

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

==========

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it on your desktop you can simply doubleclick and open the program but before running it is critically important that you depress the Update tab first!!!!
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

With your next post please provide:

* Upload results
* MBAM log
* Still having popups?

Thanks,
t

Edited by thcbytes, 29 June 2009 - 10:17 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 chembear

chembear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 30 June 2009 - 12:18 AM

Jotti was negative, for both files.

Here's the MBAM report:(still getting pop-ups)

Malwarebytes' Anti-Malware 1.38
Database version: 2353
Windows 6.0.6001 Service Pack 1

6/30/2009 1:11:01 AM
mbam-log-2009-06-30 (01-11-01).txt

Scan type: Quick Scan
Objects scanned: 74913
Time elapsed: 9 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 30 June 2009 - 01:55 AM

Did you delete/reinstall FF?
Are you still having popups?
Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users