Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection w/hjt log


  • This topic is locked This topic is locked
6 replies to this topic

#1 sjaj

sjaj

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 24 November 2009 - 08:35 PM

All,

First my compliments and thanks for a great web site, I have been reading from it for a while before posting, very professional. Okay, my problem is the computer hangs with several apps. Explorer, media player, opening attachments pic and video(after scanning and from known sources) and clicking links are most prevalent. Opening explorer takes no less than 60 - 75 seconds, this goes for opening new tabs and new explorer windows. Links only open if in same window, links that open with new tab or new window give the Vista waiting circle, finger, then nothing after 90 seconds, reverts to the page (but the links are still hot when you scroll over them). Opening attachements gives the same with pics. Video attachments open media player then freezes the entire desktop and input devices for several minutes then releases (One time it even logge me off after unfreezing). Working with excel and try to format cells hangs as well, right click select format cells and wait 45 seconds for configuration pop-up. Also notice the HD access light on almost constantly (both solid and flashing). Kaspersky and Defender scan show nothing. Speed check once on line shows 58 Mbps. Could not run root repeal as this is 64-bit. Also notice Java Platform SE Binary taking up a lot of resources when system hangs. I would consider myself as above average in compuers, but do not know software that well (more of a hardware guy). Thanks for any helpl.

Steve

HJT log

DDS (Ver_09-11-24.02) - NTFSX64
Run by Steve at 18:57:37.25 on Tue 11/24/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4095.2434 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
E:\Progam Files(x86)\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\CTHELPER.EXE
E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtblfs.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Steve\Desktop\dds.scr
C:\Windows\system32\msiexec.exe
C:\Windows\syswow64\MsiExec.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\program files (x86)\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\program files (x86)\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files (x86)\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [EverioService] "c:\program files (x86)\cyberlink\pcm4everio\EverioService.exe"
mRun: [VolPanel] "c:\program files (x86)\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [NBKeyScan] "c:\program files (x86)\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [UVS11 Preload] "c:\program files (x86)\ulead systems\ulead videostudio 11\uvPL.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "e:\program files (x86)\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~2\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [TrueImageMonitor.exe] c:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files (x86)\acronis\trueimagehome\TimounterMonitor.exe
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files (x86)\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Append to existing PDF - e:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
Trusted Zone: com.tw\www.msi
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~2\kasper~1\kasper~1\sbhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Corel Photo Downloader] "c:\program files (x86)\corel\corel mediaone\Corel Photo Downloader.exe" -startup
mRun-x64: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\x64\3\EKIJ5000MUI.exe
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
AppInit_DLLs-X64: c:\progra~2\kasper~1\kasper~1\x64\sbhook64.dll,c:\progra~2\kasper~1\kasper~1\x64\kloehk.dll
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 40464]
R0 nvstor64;nvstor64;c:\windows\system32\drivers\nvstor64.sys [2007-8-9 130080]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-5-4 53488]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 27152]
R2 IntuitUpdateService;Intuit Update Service;c:\program files (x86)\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 KodakSvc;Kodak AiO Device Service;c:\program files (x86)\kodak\printer\center\KodakSvc.exe [2008-2-28 18944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 21008]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-7 89920]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2008-12-1 79360]
S3 Droppix Service;Droppix Service;"c:\program files (x86)\common files\droppix\dxservice.exe" --> c:\program files (x86)\common files\droppix\DxService.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-4-30 6377496]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\common files\surething shared\stllssvr.exe [2009-11-4 74392]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-11-20 01:01:39 453456 ----a-w- c:\windows\syswow64\d3dx10_42.dll
2009-11-20 01:01:38 462864 ----a-w- c:\windows\syswow64\d3dx10_37.dll
2009-11-20 01:01:38 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2009-11-20 01:01:38 1420824 ----a-w- c:\windows\syswow64\D3DCompiler_37.dll
2009-11-20 01:01:37 3786760 ----a-w- c:\windows\syswow64\D3DX9_37.dll
2009-11-17 23:35:28 0 d-----w- c:\program files (x86)\Windows Portable Devices
2009-11-17 23:35:27 0 d-----w- c:\program files\Windows Portable Devices
2009-11-17 23:28:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 23:25:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-17 02:51:53 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 02:48:59 4096 ----a-w- c:\windows\syswow64\oleaccrc.dll
2009-11-17 02:48:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 02:48:58 736256 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 02:48:58 555520 ----a-w- c:\windows\syswow64\UIAutomationCore.dll
2009-11-17 02:48:58 315904 ----a-w- c:\windows\system32\oleacc.dll
2009-11-17 02:48:58 234496 ----a-w- c:\windows\syswow64\oleacc.dll
2009-11-11 08:29:04 441856 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 08:29:04 355328 ----a-w- c:\windows\syswow64\WSDApi.dll
2009-11-11 08:29:00 2751488 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 01:17:05 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-11-10 01:17:05 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-11-10 01:17:05 145184 ----a-w- c:\windows\syswow64\java.exe
2009-11-07 00:41:53 3670016 ----a-w- c:\users\steve\digital dreams brochure 1.pub
2009-11-06 22:11:36 143387 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-06 22:11:36 104987 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-06 22:09:53 0 d-----w- c:\programdata\Kaspersky Lab
2009-11-06 22:09:53 0 d-----w- c:\program files (x86)\Kaspersky Lab
2009-11-06 22:06:22 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-11-06 15:59:54 15406728 ----a-w- c:\windows\syswow64\xlive.dll
2009-11-06 15:59:54 13642888 ----a-w- c:\windows\syswow64\xlivefnt.dll
2009-11-06 15:58:04 178975 ----a-w- c:\windows\syswow64\xlive.dll.cat
2009-11-05 00:36:19 0 d-----w- c:\program files (x86)\SureThing CD Labeler 5
2009-11-04 16:27:21 5939712 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-04 16:27:20 1638912 ----a-w- c:\windows\syswow64\mshtml.tlb
2009-11-04 16:27:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-02 23:45:50 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2009-11-02 23:05:36 167064 ----a-w- c:\windows\syswow64\xliveinstall.dll
2009-11-02 23:05:34 71832 ----a-w- c:\windows\syswow64\xliveinstallhost.exe
2009-10-29 23:35:34 0 d-----w- c:\program files\iPod
2009-10-29 23:35:32 0 d-----w- c:\program files\iTunes
2009-10-29 23:35:32 0 d-----w- c:\program files (x86)\iTunes
2009-10-28 01:09:39 0 d-----w- c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor
2009-10-28 00:35:53 0 d-----w- c:\program files (x86)\Windows Installer Clean Up
2009-10-27 22:40:15 0 d-----w- c:\users\steve\appdata\roaming\Skinux
2009-10-27 22:35:48 0 d-----w- c:\programdata\ArcSoft
2009-10-27 22:30:20 0 d-----w- c:\program files (x86)\common files\MSSoap
2009-10-27 22:27:05 92672 ----a-w- c:\windows\syswow64\UIAnimation.dll
2009-10-27 22:27:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2009-10-27 22:27:04 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2009-10-27 22:27:04 3023360 ----a-w- c:\windows\syswow64\UIRibbon.dll
2009-10-27 22:27:04 1164800 ----a-w- c:\windows\syswow64\UIRibbonRes.dll
2009-10-27 22:27:04 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-10-27 18:56:32 10626560 ----a-w- c:\windows\syswow64\wmp.dll
2009-10-27 18:56:30 372736 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 18:56:30 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2009-10-27 18:56:26 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 18:56:26 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL

==================== Find3M ====================

2009-11-24 23:28:40 132683 ----a-w- c:\programdata\nvModes.dat
2009-11-17 23:35:22 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 23:35:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 23:35:22 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-17 23:35:22 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-04 23:33:26 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-03 01:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-22 23:05:32 65312 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-10-22 23:05:32 629536 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-10-22 23:05:25 198944 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-10-21 01:39:14 224272 ----a-w- c:\windows\system32\klogon.dll
2009-10-15 02:18:38 40464 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-11 09:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-10-03 00:39:32 21008 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\syswow64\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\syswow64\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\syswow64\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\syswow64\WPDShServiceObj.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\syswow64\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\syswow64\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\syswow64\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\syswow64\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\syswow64\PortableDeviceClassExtension.dll
2009-10-01 00:52:29 2727936 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 00:52:10 453120 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-09-27 22:24:22 3778664 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 22:23:00 4546152 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 22:23:00 3746920 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 22:23:00 289896 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 22:23:00 1647720 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 22:23:00 1646696 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 22:22:00 991848 ----a-w- c:\windows\system32\nvsvc64.dll
2009-09-27 22:22:00 82536 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 22:22:00 5426792 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 22:22:00 5208168 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 22:22:00 383592 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 22:22:00 244840 ----a-w- c:\windows\system32\nvshext.dll
2009-09-27 22:22:00 16666728 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-25 02:27:43 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\syswow64\WindowsCodecs.dll
2009-09-25 02:10:01 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:09:10 411648 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\syswow64\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\syswow64\PhotoMetadataHandler.dll
2009-09-25 02:00:39 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:56:42 643072 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\syswow64\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\syswow64\XpsPrint.dll
2009-09-25 01:40:43 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:40:07 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:39:09 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\syswow64\OpcServices.dll
2009-09-25 01:36:16 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\syswow64\XpsGdiConverter.dll
2009-09-25 01:36:08 1548800 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:35:49 328192 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:35:48 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\syswow64\XpsRasterService.dll
2009-09-25 01:34:58 1269248 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:33:48 792576 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\syswow64\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\syswow64\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\syswow64\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\syswow64\dxdiag.exe
2009-09-25 01:32:22 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:53 519680 ----a-w- c:\windows\syswow64\d3d11.dll
2009-09-25 01:31:53 196608 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:51 326656 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:47 625664 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:31:41 287744 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:31:36 981504 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\syswow64\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\syswow64\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\syswow64\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\syswow64\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\syswow64\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\syswow64\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\syswow64\d3d10core.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\syswow64\DWrite.dll
2009-09-25 01:26:38 47616 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:26:26 1548800 ----a-w- c:\windows\system32\DWrite.dll
2009-09-25 01:26:26 1142272 ----a-w- c:\windows\system32\FntCache.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\syswow64\winspool.drv
2009-09-24 13:24:26 541800 ----a-w- c:\windows\system32\nvuninst.exe
2009-09-17 23:45:51 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-17 23:45:51 413696 ----a-w- c:\windows\syswow64\wrap_oal.dll
2009-09-17 23:45:51 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-17 23:45:51 110592 ----a-w- c:\windows\syswow64\OpenAL32.dll
2009-09-17 23:39:55 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-16 23:49:02 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-16 23:49:02 342016 ----a-w- c:\windows\system32\winspool.drv
2009-09-16 23:49:02 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-10 17:09:22 269312 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-09-04 11:54:24 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\syswow64\msasn1.dll
2009-08-29 02:42:33 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-29 00:50:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2008-09-28 19:40:00 952 --sha-w- c:\windows\syswow64\KGyGaAvL.sys
2009-02-07 14:31:51 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-02-07 14:31:51 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-02-07 14:31:51 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2008-04-10 00:57:02 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:59:19.19 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:39 AM

Posted 29 November 2009 - 03:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 sjaj

sjaj
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 02 December 2009 - 09:55 PM

Thanks fot the time myrti. Computer is still exibiting the same problems as the original post. The only thing I have done is reset Explorer settings to default condition under tools, internet options and advanced. This has enabled me to open links in new windows most of the time. Still hangs up and does nothing occasionally. Here are the log files you requested.

OTL.txt

OTL logfile created on: 12/2/2009 9:31:02 PM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 41.40% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 51.08 Gb Free Space | 21.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 372.61 Gb Total Space | 282.38 Gb Free Space | 75.79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 698.63 Gb Total Space | 485.59 Gb Free Space | 69.51% Space Free | Partition Type: NTFS
Drive M: | 3.74 Gb Total Space | 0.10 Gb Free Space | 2.72% Space Free | Partition Type: FAT32
Drive N: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PARENTS-PC
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/02 21:29:14 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2009/10/28 19:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/09/27 15:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/26 07:38:30 | 00,277,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/08/22 17:57:25 | 00,181,312 | ---- | M] () -- E:\Progam Files(x86)\Photodex\ProShowGold\scsiaccess.exe
PRC - [2009/07/10 12:49:24 | 00,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/01/15 20:08:36 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/01/08 18:23:30 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/12/06 23:28:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/12/06 23:21:20 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/12/02 20:19:41 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008/11/09 08:55:38 | 02,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/07/11 15:50:26 | 00,019,968 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2008/07/11 15:46:44 | 00,969,216 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2008/04/30 10:27:50 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/02/28 17:57:24 | 00,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Printer\Center\KodakSvc.exe
PRC - [2008/02/20 19:58:44 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTHELPER.EXE
PRC - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2007/05/10 21:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007/03/06 09:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/06 17:10:16 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2006/11/22 20:10:06 | 00,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
PRC - [2006/10/16 20:17:16 | 01,941,784 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006/10/16 20:13:32 | 00,087,584 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/10/16 20:12:20 | 01,164,912 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/09/28 20:18:00 | 00,266,343 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
PRC - [2006/03/20 16:34:50 | 00,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/02 21:29:14 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/28 19:21:28 | 00,660,256 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2009/09/24 20:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/04/11 02:11:27 | 00,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/04/11 02:11:14 | 00,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/04/11 02:11:04 | 01,149,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2008/01/20 21:50:23 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:47:07 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2008/01/20 21:46:39 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/10/20 16:23:00 | 00,074,392 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (SureThing Labelflash service)
SRV - [2009/09/27 15:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/22 17:57:25 | 00,181,312 | ---- | M] () -- E:\Progam Files(x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/04/23 22:12:13 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/29 23:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/08 18:23:30 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/06 23:28:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/12/02 20:19:41 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/12/01 21:23:37 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/04/30 10:27:50 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/02/28 17:57:24 | 00,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/03/20 15:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/03/06 09:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/16 12:52:34 | 00,285,216 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/09/28 20:18:00 | 00,266,343 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/11/16 12:13:30 | 00,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2009/10/22 18:05:32 | 00,629,536 | ---- | M] (Acronis) -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2009/10/22 18:05:32 | 00,065,312 | ---- | M] (Acronis) -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2009/10/22 18:05:25 | 00,198,944 | ---- | M] (Acronis) -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2009/10/14 21:18:38 | 00,040,464 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 19:39:32 | 00,021,008 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/30 19:51:42 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/14 14:46:42 | 00,027,152 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/03 10:45:26 | 00,053,488 | ---- | M] (Sonic Solutions) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/01 15:29:56 | 00,157,712 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/08/28 18:42:52 | 00,049,152 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 13:17:08 | 00,034,152 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 22:03:08 | 06,377,496 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) QuickCam for Notebooks Deluxe(UVC)
DRV:64bit: - [2009/04/11 02:15:30 | 00,160,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/04/11 00:39:51 | 00,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/11 00:39:34 | 00,098,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/04/10 23:56:24 | 00,460,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008/07/15 18:17:40 | 02,066,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2008/07/15 18:17:08 | 00,147,480 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2008/07/15 18:15:56 | 00,290,328 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2008/07/15 18:15:10 | 00,016,920 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2008/07/15 18:14:36 | 00,218,648 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2008/07/15 18:14:12 | 00,868,888 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2008/07/15 18:13:38 | 00,580,632 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2008/07/15 17:26:42 | 00,123,416 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2008/07/15 17:26:22 | 00,252,440 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2008/07/15 17:24:10 | 01,570,840 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2008/02/25 08:42:38 | 00,363,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2008/02/25 08:42:32 | 00,189,976 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2008/02/25 08:42:28 | 00,141,848 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2008/02/25 08:42:22 | 00,321,560 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2008/02/25 08:42:14 | 00,219,160 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2008/02/25 08:42:08 | 00,680,984 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2008/02/25 08:42:02 | 00,699,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2008/02/25 08:41:56 | 00,157,208 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2008/01/20 21:46:34 | 00,168,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 21:46:34 | 00,048,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 21:46:32 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:05 | 00,058,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 21:46:01 | 00,061,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2006/11/06 07:56:30 | 00,030,528 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\BrPar64a.sys -- (BrPar)
DRV - [2008/04/30 22:13:45 | 00,000,000 | ---D | M] -- C:\Windows\CSC -- (CSC)
DRV - [2008/04/30 19:35:47 | 00,022,336 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3609477705-854863422-1007626608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-3609477705-854863422-1007626608-1000\S-1-5-21-3609477705-854863422-1007626608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3609477705-854863422-1007626608-1000\S-1-5-21-3609477705-854863422-1007626608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/11/06 17:10:24 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3:64bit: - HKU\S-1-5-21-3609477705-854863422-1007626608-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3609477705-854863422-1007626608-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3609477705-854863422-1007626608-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe File not found
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTXFIREG] C:\Windows\SysWow64\Ctxfireg.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EverioService] C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\Ctxfireg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\Ctxfireg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3609477705-854863422-1007626608-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found
O4 - HKU\S-1-5-21-3609477705-854863422-1007626608-1000..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3609477705-854863422-1007626608-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-3609477705-854863422-1007626608-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3609477705-854863422-1007626608-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3609477705-854863422-1007626608-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Append to existing PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Append to existing PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3609477705-854863422-1007626608-1000\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3609477705-854863422-1007626608-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3609477705-854863422-1007626608-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su2...15035/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 00,000,309 | R--- | M] () - N:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{b046598b-bb8e-11de-990b-001d7dd6632f}\Shell - "" = AutoRun
O33 - MountPoints2\{b046598b-bb8e-11de-990b-001d7dd6632f}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- [2007/10/23 09:45:40 | 01,336,632 | R--- | M] ()
O33 - MountPoints2\{d54dee7f-da76-11de-85f6-001d7dd6632f}\Shell - "" = AutoRun
O33 - MountPoints2\{d54dee7f-da76-11de-85f6-001d7dd6632f}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/02 21:29:13 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2009/11/25 16:47:23 | 00,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Apps
[2009/11/24 19:06:32 | 00,472,064 | ---- | C] ( ) -- C:\Users\Steve\Desktop\RootRepeal.exe
[2009/11/24 13:57:05 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2009/11/24 13:57:05 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2009/11/19 20:01:39 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2009/11/19 20:01:38 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2009/11/19 20:01:38 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2009/11/19 20:01:38 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2009/11/19 20:01:37 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2009/11/17 18:35:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2009/11/17 18:35:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/16 21:52:53 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2009/11/16 21:52:53 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2009/11/16 21:52:53 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2009/11/16 21:52:52 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2009/11/16 21:52:52 | 00,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2009/11/16 21:52:52 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll
[2009/11/16 21:52:52 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2009/11/16 21:52:52 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2009/11/16 21:52:52 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2009/11/16 21:52:52 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2009/11/16 21:52:52 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2009/11/16 21:52:52 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2009/11/16 21:52:51 | 03,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2009/11/16 21:52:51 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2009/11/16 21:52:51 | 01,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2009/11/16 21:52:51 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2009/11/16 21:52:51 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2009/11/16 21:52:51 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2009/11/16 21:52:51 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2009/11/16 21:52:51 | 00,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2009/11/16 21:52:51 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2009/11/16 21:52:51 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2009/11/16 21:52:51 | 00,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2009/11/16 21:52:51 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2009/11/16 21:52:51 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2009/11/16 21:52:51 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2009/11/16 21:52:51 | 00,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2009/11/16 21:52:51 | 00,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2009/11/16 21:52:51 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2009/11/16 21:52:51 | 00,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2009/11/16 21:52:51 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2009/11/16 21:52:51 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2009/11/16 21:52:51 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2009/11/16 21:52:51 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2009/11/16 21:52:51 | 00,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2009/11/16 21:52:51 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2009/11/16 21:52:51 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2009/11/16 21:52:51 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2009/11/16 21:52:51 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2009/11/16 21:52:51 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2009/11/16 21:52:51 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2009/11/16 21:52:50 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2009/11/16 21:52:50 | 01,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2009/11/16 21:52:50 | 01,142,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2009/11/16 21:52:50 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2009/11/16 21:52:50 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2009/11/16 21:52:50 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2009/11/16 21:51:53 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2009/11/16 21:51:53 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2009/11/16 21:51:52 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2009/11/16 21:51:46 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2009/11/16 21:51:46 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2009/11/16 21:51:46 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2009/11/16 21:51:46 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2009/11/16 21:51:45 | 02,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2009/11/16 21:51:45 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2009/11/16 21:51:45 | 00,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2009/11/16 21:51:45 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2009/11/16 21:51:45 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2009/11/16 21:51:45 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2009/11/16 21:51:45 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2009/11/16 21:51:45 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2009/11/16 21:51:45 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2009/11/16 21:51:45 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2009/11/16 21:51:45 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2009/11/16 21:51:45 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2009/11/16 21:51:45 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2009/11/16 21:51:45 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2009/11/16 21:51:45 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2009/11/16 21:51:45 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2009/11/16 21:48:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2009/11/16 21:48:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2009/11/16 21:48:58 | 00,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2009/11/16 21:48:58 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2009/11/16 21:48:58 | 00,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2009/11/09 20:17:05 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/11/09 20:17:05 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/11/09 20:17:05 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/11/08 18:26:21 | 00,000,000 | ---D | C] -- C:\Users\Steve\Documents\BUS630
[2009/11/06 17:09:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2009/11/06 17:09:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2009/11/06 17:09:23 | 00,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2009/11/06 17:06:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/11/06 10:59:54 | 15,406,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xlive.dll
[2009/11/06 10:59:54 | 13,642,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xlivefnt.dll
[2009/11/06 03:11:34 | 00,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Leadertech
[2009/11/04 19:36:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SureThing CD Labeler 5
[2009/11/04 19:34:15 | 23,416,624 | ---- | C] (MicroVision Development, Inc. ) -- C:\Users\Steve\Desktop\stcd5setup.exe
[2008/07/11 15:51:46 | 00,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/02 21:34:15 | 05,242,880 | -HS- | M] () -- C:\Users\Steve\ntuser.dat
[2009/12/02 21:32:25 | 00,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/02 21:32:25 | 00,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/02 21:29:14 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2009/12/02 18:45:02 | 00,000,380 | ---- | M] () -- C:\Windows\tasks\Kodak AiO Scheduled Maintenance.job
[2009/12/02 06:26:30 | 00,132,683 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/12/02 06:26:24 | 00,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{56bae728-6b62-11de-9fe9-8b136e33df8c}.TMContainer00000000000000000001.regtrans-ms
[2009/12/02 06:26:24 | 00,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{56bae728-6b62-11de-9fe9-8b136e33df8c}.TM.blf
[2009/12/01 20:18:20 | 03,933,753 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2009/12/01 19:33:51 | 00,793,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/12/01 19:33:51 | 00,666,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/12/01 19:33:51 | 00,129,750 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/26 05:37:53 | 00,132,683 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/26 05:32:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/26 05:31:59 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/26 05:31:38 | 42,945,00352 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/25 21:15:50 | 00,060,992 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
[2009/11/25 21:15:50 | 00,060,992 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
[2009/11/25 21:15:50 | 00,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
[2009/11/24 19:06:35 | 00,472,064 | ---- | M] ( ) -- C:\Users\Steve\Desktop\RootRepeal.exe
[2009/11/24 18:55:55 | 00,524,800 | ---- | M] () -- C:\Users\Steve\Desktop\dds.scr
[2009/11/17 18:28:35 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/17 18:25:25 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/16 20:49:57 | 00,000,435 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2009/11/16 12:13:30 | 00,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2009/11/11 19:52:21 | 02,397,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/06 19:41:53 | 03,670,016 | ---- | M] () -- C:\Users\Steve\digital dreams brochure 1.pub
[2009/11/06 17:11:36 | 00,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2009/11/06 17:11:36 | 00,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2009/11/06 10:59:54 | 15,406,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xlive.dll
[2009/11/06 10:59:54 | 13,642,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xlivefnt.dll
[2009/11/06 10:58:04 | 00,178,975 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/04 21:43:13 | 00,139,256 | ---- | M] () -- C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/04 19:36:56 | 00,000,920 | ---- | M] () -- C:\Users\Public\Desktop\SureThing CD Labeler Deluxe 5.lnk
[2009/11/04 19:34:19 | 23,416,624 | ---- | M] (MicroVision Development, Inc. ) -- C:\Users\Steve\Desktop\stcd5setup.exe
[2009/11/04 18:33:26 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2009/11/04 18:31:03 | 00,092,672 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 18:55:52 | 00,524,800 | ---- | C] () -- C:\Users\Steve\Desktop\dds.scr
[2009/11/17 18:28:35 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/17 18:25:25 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/13 18:29:30 | 42,945,00352 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/06 19:41:53 | 03,670,016 | ---- | C] () -- C:\Users\Steve\digital dreams brochure 1.pub
[2009/11/06 17:11:36 | 00,143,387 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2009/11/06 17:11:36 | 00,104,987 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/04 19:36:56 | 00,000,920 | ---- | C] () -- C:\Users\Public\Desktop\SureThing CD Labeler Deluxe 5.lnk
[2009/10/06 18:04:04 | 00,132,683 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/06 18:04:04 | 00,132,683 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/07 17:12:37 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/07 17:11:48 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/04 16:37:43 | 02,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/01/07 20:23:53 | 00,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/02 20:57:45 | 00,000,093 | ---- | C] () -- C:\Users\Steve\AppData\Local\fusioncache.dat
[2008/12/02 20:21:16 | 00,807,770 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/10/31 10:30:20 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/10/31 10:29:35 | 00,000,925 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/10/31 10:29:35 | 00,000,161 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/10/31 10:28:16 | 00,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/10/31 10:28:14 | 00,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/29 19:30:19 | 00,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2008/09/29 19:30:19 | 00,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2008/09/29 19:30:19 | 00,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2008/09/27 18:05:47 | 00,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2008/09/27 17:33:28 | 00,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/09/27 17:33:28 | 00,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/09/27 17:33:28 | 00,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/09/27 17:33:28 | 00,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/09/27 17:33:28 | 00,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/09/27 17:33:28 | 00,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/09/26 10:31:35 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/09/24 18:22:43 | 00,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2008/09/24 18:22:43 | 00,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2008/09/24 18:22:43 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2008/09/24 18:22:43 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2008/09/24 18:22:43 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2008/09/24 18:22:43 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2008/09/24 18:20:53 | 00,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2008/09/24 18:20:53 | 00,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2008/08/22 20:34:38 | 00,000,435 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/08/22 20:34:23 | 00,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/08/22 20:34:23 | 00,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2008/08/22 20:34:23 | 00,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008/08/22 20:34:21 | 00,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2008/08/22 20:34:20 | 00,008,975 | ---- | C] () -- C:\Windows\HL-2070N.INI
[2008/08/11 18:16:30 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/07/15 16:35:42 | 00,030,305 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2008/07/11 16:22:30 | 00,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/07/11 15:50:28 | 00,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2008/06/28 12:36:51 | 00,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/05/07 19:49:25 | 00,000,359 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/05/03 19:24:33 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/05/03 18:19:39 | 00,108,544 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/05/03 18:19:39 | 00,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/05/03 18:09:31 | 00,000,732 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps64.dat
[2008/05/03 10:00:46 | 00,092,672 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/03 09:46:06 | 00,009,052 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2008/05/02 16:51:36 | 00,000,148 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/04/30 19:31:19 | 00,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/02/20 20:00:12 | 00,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBURST.DLL
[2008/01/20 21:49:10 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/08/13 19:45:02 | 00,077,824 | ---- | C] () -- C:\Windows\SysWow64\CTMMACTL.DLL
[2006/10/02 16:25:18 | 00,000,307 | ---- | C] () -- C:\Windows\SysWow64\KILL.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:57B4E612
< End of report >


Extra.txt

OTL Extras logfile created on: 12/2/2009 9:31:02 PM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 41.40% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 51.08 Gb Free Space | 21.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 372.61 Gb Total Space | 282.38 Gb Free Space | 75.79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 698.63 Gb Total Space | 485.59 Gb Free Space | 69.51% Space Free | Partition Type: NTFS
Drive M: | 3.74 Gb Total Space | 0.10 Gb Free Space | 2.72% Space Free | Partition Type: FAT32
Drive N: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PARENTS-PC
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = C6 68 4A 63 F2 37 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18327086-C618-4FD1-8DBE-032B44100E0A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B97D672-CEF5-4604-940C-E1C2E544318A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1D13A46A-6F0C-40C8-9BAF-2F0DE2A24860}" = rport=138 | protocol=17 | dir=out | app=system |
"{277A7218-E47E-4A9F-B9A4-7C6AA73A9AA1}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{2D84C949-EBA7-4ED7-8650-1BA5AC0FDC16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30B0AD0F-C784-4A16-9291-05F0474E1460}" = rport=137 | protocol=17 | dir=out | app=system |
"{334E1A7F-8082-469B-9D7F-D7ADA6A007F0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4788CB5D-C2A2-436D-AC10-4D9BF3A20D78}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5D5579D5-0DB4-4448-A2BD-E49AB76C02D0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6987854D-AF1D-40DB-9CCD-6C045BF7EC80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6DFFB066-0E8B-4F04-A8E4-9F9F657B49AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{714A3EFA-F6C7-406B-90BA-EFEBDC1E4E3D}" = lport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{723172E6-F328-4DC8-B08C-D54EC9DC0702}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EECFB77-3D96-429F-B950-A5F650103C22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F585075-E429-4FF3-AD27-9DCE7E42E39C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86F1F842-855E-471F-8695-A131FED0B3BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87976594-2B8F-491C-8ECB-B810487DE0A1}" = rport=139 | protocol=6 | dir=out | app=system |
"{8C3AB5D7-1475-41A4-A5A6-3AF80490FFDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F03C67D-F5C7-4E4E-8341-8B3F19D3251F}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{93EA9213-D429-4924-8D02-D3EE12162E96}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{9F72B747-4FC6-45FA-A852-1F9ECA4D0725}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3718391-1ED5-4331-9A57-F38D3F346D28}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{AA24550F-048A-4B8D-9FB2-D2177BC97A62}" = lport=137 | protocol=17 | dir=in | app=system |
"{B877B71F-3C81-48B1-BF28-41426D80FF99}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8A5A72A-AE5E-4917-A360-1EBCF31D3A36}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C018ED28-2E45-4005-BCA4-5024466316A8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C4603834-EDC6-47CE-8668-C8F0D7776382}" = lport=138 | protocol=17 | dir=in | app=system |
"{D3B18EEC-CB28-4C68-8497-A64569EBA19D}" = rport=445 | protocol=6 | dir=out | app=system |
"{D66416FD-2356-4D33-96B8-18878826756F}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{DA73D7F0-9924-4302-824D-DEB3F9EC5CC8}" = lport=445 | protocol=6 | dir=in | app=system |
"{E04C369F-E9F0-4C5B-BD56-C93191B16DE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF0E2EB4-2910-4A68-B095-061DB2D0ADA7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2895DB9-553D-4BC8-A98F-D386565F89C2}" = lport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{FD627CB8-9C9D-4E3B-8659-762322ACE7F6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00295180-C849-42FC-8957-18AD3A34B3DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{003A8AC8-9CC1-4C2E-968C-46BE9F335BDF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{11E2AF9E-DFBF-4A11-A1FD-24FE9B34C4D1}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{148979BF-7AB2-4B7A-AFD2-519515A3240D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{152B00C4-BB7A-4220-B51C-A4F8921B7CA2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{16EDADE0-12C4-4F2A-928D-3CEFC305B2CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F2A84B8-EE0E-45AA-91FB-DD767715B513}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{208208FE-B7DA-465A-A76D-1C2DE98415D6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{24863125-9810-49C8-B43D-A1261A9F7B6F}" = protocol=6 | dir=in | app=c:\program files (x86)\canon\eos utility\wftpairing\eosupnpsv.exe |
"{2A5EEF5A-FC79-4BCC-8E24-FC4337F0879C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2E1D67C2-3990-4889-904C-611938D3451C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{35B86EB5-67F5-41CF-AC50-68252A25A3EA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{408A153F-44F8-45E0-9005-88ACB57F71A6}" = protocol=17 | dir=in | app=c:\program files (x86)\canon\eos utility\wftpairing\eosupnpsv.exe |
"{43205F7D-69E2-4D61-B4B8-274CC4734F12}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4358EE76-5303-4458-B063-A618671E1EB3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{44A5208A-EA2E-4772-A267-F9E87883CC39}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{4E50BBFD-6FA1-4C49-ABA9-3DCE50121382}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4F393836-C987-4A05-AED6-C11497F99BEC}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{58E8D0E3-BDAE-49B4-BE33-39B6609E091C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5A675EDE-E4CC-48CA-878A-90B19B4B3204}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C5A974E-40E1-4539-9DBA-5F76F47B7EA8}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{62E0538D-0CFD-49F4-B56D-3D3303F5390D}" = protocol=6 | dir=out | app=system |
"{6467ABA3-2A1B-4323-B475-6CC0FE6B588A}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{676649BF-7CA1-4936-83A2-772C83A18064}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C372951-EBE8-48CD-B2B5-562AA2123E2F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{6CF1B27D-4513-4071-B90B-E9507F4BF2F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77636FD0-AC56-45CE-B21B-5D9265187C59}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79A824BB-384F-466D-9506-BE5346302CDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A537B91-7749-4B60-8F8A-94CE04793D35}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80D9A2DE-FC58-4AE0-B221-D7F0A7996DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{828CCAF4-014F-495F-99BD-6FC226601BF2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8A3FA00B-09A9-4315-822B-0585E0A7CA3F}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{8D5D36B5-D969-4795-A24D-137F44F52A57}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8F8DD961-575B-4EA8-AD7A-9C56C17C3CEC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{955F1DD0-9510-4CD0-A70B-B191CE7702AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{974138E0-9442-4860-834F-51E1136462AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9A08311A-5DF1-469E-A173-70E21402AF61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9EDC0631-AEC1-43F9-8082-CD172909AEB7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2126E82-D4E0-4AE7-8428-D0B850EE84A7}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{A8536903-FABD-4D45-82E4-7E99F6F8EFE4}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{A8951C99-63AE-4B00-ADFA-2A99BF5F8D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B0F8974B-B028-4D64-9037-BE3FCFF025BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C15200AA-65D4-46F9-9023-EB4813771691}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C34A7CCA-7F1A-442F-B0DE-670CB43C9EC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6CF4CC9-570A-48D2-9640-DFC1DFCE4B46}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CB3AED71-AEDC-43FB-A18C-677CCAFB5DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{DB27203D-75BB-4FD5-B2E7-FBD5A1556A6E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DE6CDEBE-BB94-446F-90C3-2AF76CC714F0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{DEA7727D-5C5C-48DB-8E0F-0351A13404C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F47A0DF8-D2A7-4129-ABE7-2483B9CAD0AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBB383BD-80E6-4995-A4A9-D704C2A2D5DB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{15E7AC85-CA1C-4452-86C2-976CAC8B6595}C:\program files (x86)\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nero\nero web\setupx.exe |
"TCP Query User{78387A3C-105A-474D-AEE2-E9833A90D5B5}D:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=d:\bin\ia\core\mdm_util.exe |
"TCP Query User{ECD2D48A-3720-4C5E-948B-8836D789A6AB}C:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{9343EB23-4570-480E-A9CF-2B3BFEF22024}C:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{B3DA89EE-BC5B-41A4-843F-4813855936F1}D:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=d:\bin\ia\core\mdm_util.exe |
"UDP Query User{EABA378C-8956-4DDE-BC58-9D7F180380EC}C:\program files (x86)\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nero\nero web\setupx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{724D384B-1BC6-4845-BBFF-793B041222C5}" = Brother HL-2070N
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94D16248-E39A-46A4-8CBD-0DAE9C7444B4}" = MSN Toolbar
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4B338BD-4C93-4531-B5BB-7F0E5EB7340B}" =
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}" = LightScribe System Software 1.17.90.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE58B061-6936-4913-AA5C-682E49356D86}" = TurboTax 2008 wmiiper
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"0ef4e3f59fa3b391922cad154cd754e8-1870963494" = SPSS Student Version 16.0 for Windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"AudioCS" = Creative Audio Console
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon RAW Codec" = Canon RAW Codec
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DPP" = Canon Utilities Digital Photo Professional 3.4
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"InfraRecorder" = InfraRecorder
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MyCamera" = Canon Utilities MyCamera
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Photodex Presenter" = Photodex Presenter
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProShow Gold" = ProShow Gold
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"TurboTax 2008" = TurboTax 2008
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3609477705-854863422-1007626608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/28/2009 9:40:33 PM | Computer Name = Parents-PC | Source = MsiInstaller | ID = 11721
Description =

Error - 11/28/2009 9:40:58 PM | Computer Name = Parents-PC | Source = MsiInstaller | ID = 11721
Description =

Error - 11/28/2009 9:51:32 PM | Computer Name = Parents-PC | Source = MsiInstaller | ID = 11721
Description =

Error - 11/28/2009 9:52:05 PM | Computer Name = Parents-PC | Source = MsiInstaller | ID = 11721
Description =

Error - 11/28/2009 11:47:30 PM | Computer Name = Parents-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/29/2009 8:51:24 PM | Computer Name = Parents-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/30/2009 11:39:07 AM | Computer Name = Parents-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18828 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e44 Start Time: 01ca71d310152fe5 Termination Time: 38

Error - 11/30/2009 11:40:02 AM | Computer Name = Parents-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18828 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: eb4 Start Time: 01ca71d342482b48 Termination Time: 9

Error - 11/30/2009 11:42:39 AM | Computer Name = Parents-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18828 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 166c Start Time: 01ca71d3a83bd1cf Termination Time: 26

Error - 12/2/2009 7:24:24 PM | Computer Name = Parents-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 9/18/2008 11:44:00 PM | Computer Name = Parents-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/30/2009 5:56:16 AM | Computer Name = Parents-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/26/2009 6:35:30 AM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/26/2009 6:37:29 AM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/26/2009 6:40:04 AM | Computer Name = Parents-PC | Source = DCOM | ID = 10000
Description =

Error - 11/26/2009 12:51:09 PM | Computer Name = Parents-PC | Source = DCOM | ID = 10000
Description =

Error - 11/28/2009 10:10:47 AM | Computer Name = Parents-PC | Source = DCOM | ID = 10000
Description =

Error - 11/29/2009 10:14:09 AM | Computer Name = Parents-PC | Source = DCOM | ID = 10000
Description =

Error - 11/30/2009 6:31:10 PM | Computer Name = Parents-PC | Source = DCOM | ID = 10000
Description =

Error - 11/30/2009 10:09:18 PM | Computer Name = Parents-PC | Source = DCOM | ID = 10010
Description =

Error - 12/1/2009 7:25:49 PM | Computer Name = Parents-PC | Source = DCOM | ID = 10000
Description =

Error - 12/2/2009 7:28:39 PM | Computer Name = Parents-PC | Source = DCOM | ID = 10000
Description =


< End of report >


Thanks again

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:39 AM

Posted 03 December 2009 - 10:57 AM

Hi,

First please try to run the following tool to fix IE: FixIE.

If that doesn't can you please try to uninstall and reinstall Internet Explorer, does this help the issue?

Is the slowness only occuring in Internet Explorer, or do you also experience slowness with other applications?

Please run the following two scans to check for malware:

lease download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
As well as a scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 sjaj

sjaj
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 06 December 2009 - 03:11 PM

Thanks for all the info. Ran FixIE and all seems to be well with internet explorer.

I then downloaded and ran Sophos and had something rather peculiar happen. After starting scan I left the machine alone for a bit while the scan ran. Upon returning to the oomputer, I had the blue screen of death up with several memory locations with errors. I rebooted and noticed several errors after BIOS ran while windows was loading I received the windows warning that widows did not shut down properly and how I wanted to proceed. I selected safe mode and received another warning that my system registry was missing or corrupt. I made repairs with the Vista disk and everything came back fine although an extermely longboot up after repair. Also when I ran ARK scan I could not select running processes as it was greyed out and not selectable.

Here are the results of MBAM scan:

Malwarebytes' Anti-Malware 1.42
Database version: 3304
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

12/6/2009 3:01:15 PM
mbam-log-2009-12-06 (15-01-15).txt

Scan type: Quick Scan
Objects scanned: 132829
Time elapsed: 8 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 14
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.


Thanks
Steve

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:39 AM

Posted 11 December 2009 - 09:49 AM

Hi,

I'm terribly sorry for the delay. :( I had unexpected family issues to deal with, which left me without internet access for most of the week, but I'm back in the internet connected world now and I hope there won't be any more delays.

Glad to hear that the issues with your internet explorer seem to be resolved. :(
I don't entirely understand what you did with sophos? Where you able to run it without the running processes? Do you have a log you could show me? Or did you not want to run it again after the crash?

Malwarebytes removed MyWebSearch which is considererd as adware. Do you still have problems with your PC?


Sorry once more,
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:39 AM

Posted 21 December 2009 - 08:37 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users