Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird IE bug + HJT Log


  • This topic is locked This topic is locked
26 replies to this topic

#1 Zmaz

Zmaz

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 10 February 2010 - 05:06 PM

Alright, I've been having a really weird bug on my Vista system as of late... Sometime yesterday, a bug started occurring whereby every few minutes or so, a window pops up saying "Internet Explorer has stopped working." (Problem details below) I'll click "close the program" but the message reappears in a few minutes. The bizarre thing is, I don't use Internet Explorer! I looked in Task Manager immediately after I closed the message and could not find any instances of iexplore.exe, so it seems like something may be automatically starting the program. I've tried rebooting my system, but no luck.

Any ideas?

The full error message was:

Problem signature:
Problem Event Name: APPCRASH
Application Name: IEXPLORE.EXE
Application Version: 8.0.6001.18882
Application Timestamp: 4b3ed243
Fault Module Name: StackHash_933a
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 4b0d8400
OS Version: 6.0.6001.2.1.0.256.1
Locale ID: 1033
Additional Information 1: 933a
Additional Information 2: 5841fbe465424e2e30ba643c1ee05195
Additional Information 3: d696
Additional Information 4: 74345f70200604e027b6c9b15c076b34


-------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:27 PM, on 2/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\iprntctl.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe sojs.smo nlxyat
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: ReceiverBho - {DBAF53D4-11FE-482D-B516-B3103BC71F87} - C:\Program Files\linksador\ShowInfo\IeShowInfo.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [iPrint Tray] C:\Windows\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9a5b17eedccb0) (gupdate1c9a5b17eedccb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



I'm not at all an expert on HJT, but that F2 entry seemed to stick out at me. The guide on these forums said not to fix F2 entries without expert help, so I didn't, but I think that might be the cause of problems.

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 17 February 2010 - 05:14 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
[We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Zmaz

Zmaz
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 17 February 2010 - 08:28 PM

Here's my OTL reports. I described the problem in my first post; please let me know if you need any more info. Thanks so much for your help.

OTL logfile created on: 2/17/2010 8:04:30 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Zac\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
7.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 127.83 Gb Free Space | 21.44% Space Free | Partition Type: NTFS
Drive D: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 601.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 232.88 Gb Total Space | 72.16 Gb Free Space | 30.98% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZAC-PC
Current User Name: Zac
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/17 20:03:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Zac\Downloads\OTL.exe
PRC - [2010/02/17 20:03:03 | 000,103,736 | ---- | M] () -- c:\Program Files\Steam\steamapps\zmaz\team fortress 2\hl2.exe
PRC - [2010/02/04 20:23:50 | 001,091,368 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\GameOverlayUI.exe
PRC - [2010/01/22 19:16:38 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2010/01/07 20:06:46 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/05 19:06:43 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/01/05 19:06:43 | 000,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2009/12/18 10:42:45 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/30 23:41:24 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Zac\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/24 14:12:15 | 001,217,808 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2009/10/03 04:08:05 | 000,353,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
PRC - [2009/09/27 17:47:00 | 000,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/28 18:48:08 | 000,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
PRC - [2009/08/28 18:48:02 | 000,245,288 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
PRC - [2009/07/27 12:35:37 | 000,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/07/26 23:17:29 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/25 14:38:18 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2009/05/19 00:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/04/01 11:53:08 | 000,107,008 | ---- | M] () -- C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/22 11:49:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/02/11 10:28:48 | 005,308,416 | ---- | M] (mpc-hc@Sourceforge) -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/06 12:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/28 10:15:14 | 000,066,832 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntctl.exe
PRC - [2008/01/20 21:22:13 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/02/17 20:03:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Zac\Downloads\OTL.exe
MOD - [2008/01/20 21:21:54 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/01/05 19:06:43 | 000,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2009/10/31 15:16:57 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/27 17:47:00 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/07/26 23:17:29 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/15 16:03:26 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a5b17eedccb0) Google Update Service (gupdate1c9a5b17eedccb0)
SRV - [2009/02/22 11:49:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/06/24 16:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:21:35 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\Windows\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/02 07:34:14 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 04:46:05 | 000,017,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\irmon.dll -- (Irmon)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/09/27 16:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/30 12:09:26 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/30 12:09:25 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/05/25 14:38:19 | 002,158,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/10/20 16:15:22 | 000,034,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/06/12 01:28:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/03/31 18:07:56 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/02/06 03:00:00 | 000,044,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/01/20 21:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:21:34 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/20 21:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:21:30 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 21:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/11 20:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/08 16:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/30 10:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/12/20 19:23:00 | 000,023,872 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys -- (FXDrv32)
DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/02/04 09:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF DA A9 0B 98 AA CA 01 [binary data]
IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\S-1-5-21-4009435946-1734834586-2344784175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\S-1-5-21-4009435946-1734834586-2344784175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.0.13
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.4.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.7
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:1.0.10
FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.5
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3
FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7
FF - prefs.js..extensions.enabledItems: {6542b200-4374-11dd-ae16-0800200c9a66}:2.5b1
FF - prefs.js..extensions.enabledItems: {8181B740-5255-11D9-9FF6-0090995D2DCA}:0.8.09.07.17
FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.0.1
FF - prefs.js..extensions.enabledItems: stratareloaded@addons.mozilla.org:2.3.0
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.87
FF - prefs.js..extensions.enabledItems: {a81bafeb-b6ed-4501-aa17-15a2b3857e56}:3.5
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:2.20091115
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.87

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/06/27 21:49:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/03 19:40:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/03 19:40:59 | 000,000,000 | ---D | M]

[2009/02/21 00:03:42 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Extensions
[2009/02/21 00:03:42 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\4woxhesn.default\extensions
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions
[2009/02/21 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/02/21 17:19:55 | 000,000,000 | ---D | M] (Phoenity Reborn) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2009/02/21 17:19:56 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/02/21 17:19:56 | 000,000,000 | ---D | M] (Just Black (A Cylence theme for Firefox 3)) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{1a45a8a0-3278-11dd-bd11-0800200c9a66}
[2009/02/21 17:19:56 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2009/02/21 17:19:56 | 000,000,000 | ---D | M] (Qute) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009/02/21 17:19:56 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (Aero Silver Fox Basic) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (Flook Theme) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{6542b200-4374-11dd-ae16-0800200c9a66}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (iFox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009/02/21 17:19:44 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\amazonsearch@throttled.org
[2009/02/21 17:19:45 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\chromifox@altmusictv.com
[2009/02/21 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\CrystalFox_Qute@BigRedBrent
[2009/02/21 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\moveplayer@movenetworks.com
[2009/02/21 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\stratareloaded@addons.mozilla.org
[2009/02/21 17:19:55 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\zotero@chnm.gmu.edu
[2009/02/21 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\chromifox@altmusictv.com\chrome\mozapps\extensions
[2009/02/21 17:19:51 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.0x\aero\mozapps\extensions
[2009/02/21 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.0x\mozapps\extensions
[2009/02/21 17:19:54 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.1x\mozapps\extensions
[2009/12/14 17:50:26 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\dgz1keb0.Zac\extensions
[2009/12/14 17:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\dgz1keb0.Zac\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/14 17:50:26 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\dgz1keb0.Zac\extensions\staged-xpis
[2010/02/14 21:11:02 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions
[2009/02/21 17:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/02/07 17:48:31 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2010/01/12 21:49:04 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/01/01 15:14:19 | 000,000,000 | ---D | M] (Cluster Tabs for Firefox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{0A0BD32B-1F34-4F19-A2F9-4B4594950181}
[2010/02/10 16:25:10 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/02/21 17:20:04 | 000,000,000 | ---D | M] (Just Black (A Cylence theme for Firefox 3)) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{1a45a8a0-3278-11dd-bd11-0800200c9a66}
[2009/02/21 17:20:04 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2009/08/18 20:32:58 | 000,000,000 | ---D | M] (Qute) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009/12/05 13:40:33 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/02/07 17:48:36 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/02/21 17:20:05 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2009/12/05 13:40:21 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/07/25 16:11:09 | 000,000,000 | ---D | M] (Aero Fox Silver) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2009/07/25 16:11:11 | 000,000,000 | ---D | M] (Flook Theme) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{6542b200-4374-11dd-ae16-0800200c9a66}
[2009/08/18 20:32:58 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2009/12/05 13:40:24 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2009/07/25 13:38:31 | 000,000,000 | ---D | M] (iFox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2010/02/07 17:48:35 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2010/02/07 17:48:35 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/12 12:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/02/12 12:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2009/12/05 13:40:15 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2010/02/07 17:48:42 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/02/21 17:20:07 | 000,000,000 | ---D | M] (Tweak Network) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
[2010/01/12 21:49:02 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009/07/25 16:11:41 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\amazonsearch@throttled.org
[2009/07/25 16:11:50 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\askopensearch-VTS@ask.com
[2010/02/10 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\autopager@mozilla.org
[2009/06/29 19:23:24 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\battlefieldheroespatcher@ea.com
[2009/08/21 22:21:28 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\chromifox@altmusictv.com
[2009/07/07 21:08:31 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\CrystalFox_Qute@BigRedBrent
[2010/02/07 17:48:36 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\ctrl-tab@design-noir.de
[2010/02/07 17:48:35 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\ddfirefox@dynamitedata
[2009/12/05 13:40:33 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\firefox@tvunetworks.com
[2010/01/12 21:49:20 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\isreaditlater@ideashower.com
[2010/01/12 21:49:22 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\piclens@cooliris.com
[2009/02/21 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\smartbookmarksbar@remy.juteau
[2010/02/07 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\stratareloaded@addons.mozilla.org
[2009/05/13 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\zotero@chnm.gmu.edu
[2010/01/12 21:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2009/07/25 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\browser\extensions
[2009/07/25 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\mozapps\extensions
[2009/07/25 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\browser\extensions
[2009/07/25 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions
[2009/12/05 13:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2009/12/05 13:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/01/12 21:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010/02/07 17:49:20 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.0x\mozapps\extensions
[2010/02/07 17:49:19 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.5x\mozapps\extensions
[2010/02/07 17:49:20 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.6x\mozapps\extensions
[2010/02/07 17:49:20 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.7x\mozapps\extensions
[2010/02/16 18:09:13 | 000,002,580 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\amazon-search-suggestions.xml
[2010/02/14 21:11:04 | 000,002,257 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\anagrammer.xml
[2010/02/14 21:11:04 | 000,002,671 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\demonoid.xml
[2010/02/14 21:11:04 | 000,002,303 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\gamespot.xml
[2010/02/14 21:11:04 | 000,001,905 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\isohunt---bittorrent.xml
[2010/02/14 21:11:04 | 000,001,145 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\mininova.xml
[2010/02/14 21:11:05 | 000,001,846 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\the-pirate-bay.xml
[2008/07/17 19:46:30 | 000,001,108 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\wikipedia.xml
[2008/03/18 20:09:44 | 000,001,062 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\wiktionary-en.xml
[2008/04/21 17:30:29 | 000,001,546 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\wowhead.xml
[2009/06/03 15:49:25 | 000,007,155 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\yahoo-search--win-moola-m.xml
[2010/02/14 21:11:04 | 000,002,099 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\youtube---videos.xml
[2010/02/14 21:11:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/29 07:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/10/28 10:15:22 | 000,255,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npnipp.dll
[2008/10/28 10:15:24 | 000,107,792 | ---- | M] (Novell Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npnisp.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (ReceiverBho Class) - {DBAF53D4-11FE-482D-B516-B3103BC71F87} - C:\Program Files\linksador\ShowInfo\IeShowInfo.dll (IeShowInfo)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iPrint Tray] C:\Windows\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 132.162.1.32 132.162.1.31
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zac\Pictures\3284777931_66e15ca203_b.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zac\Pictures\3284777931_66e15ca203_b.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/25 10:50:52 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]
O32 - AutoRun File - [2006/09/25 11:01:39 | 004,386,816 | R--- | M] () - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/25 11:01:39 | 000,000,046 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005/03/17 19:35:15 | 000,000,077 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/01/17 23:10:24 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{78d3c46b-ffe5-11dd-9456-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{78d3c46b-ffe5-11dd-9456-806e6f6e6963}\Shell\AutoRun\command - "" = E:\PsychoLauncher.exe -- [2005/03/23 22:29:04 | 000,991,232 | R--- | M] (Double Fine Productions)
O33 - MountPoints2\{963e6c0e-87d8-11de-8b91-001fe26a9fc2}\Shell\sorthb\command - "" = C:\Program Files\PSP Brew\PSPbrew.exe -- File not found
O33 - MountPoints2\{dd8e61b4-79b3-11de-90dd-001fe26a9fc2}\Shell\sorthb\command - "" = C:\Program Files\PSP Brew\PSPbrew.exe -- File not found
O33 - MountPoints2\{ecd06193-012e-11de-9206-001fe26a9fc2}\Shell\sorthb\command - "" = C:\Program Files\PSP Brew\PSPbrew.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:32:53 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Zac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: COMODO Internet Security - hkey= - key= - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe File not found
MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Zac\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: iPrint Event Monitor - hkey= - key= - File not found
MsConfig - StartUpReg: iPrint Tray - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: McAfeeUpdaterUI - hkey= - key= - C:\Program Files\McAfee\Common Framework\udaterui.exe File not found
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RGSC - hkey= - key= - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found
MsConfig - StartUpReg: ShStatEXE - hkey= - key= - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A41432D-5A41-5A41-5A41-5A41432D5043} - "C:\WINDOWS\Cursors\lsass.exe" /s
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {78028BE9-3B2E-46E9-B588-BB9AEE0F4088} - .NET Framework
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX: {B3C76690-6A72-4470-BF14-0C4BE1D27C80} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.HFYU - C:\Windows\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: VIDC.VIFP - C:\Windows\System32\VFCodec.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 22:35:34 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/02/11 22:35:29 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/02/11 22:35:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/02/11 22:35:28 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/02/11 22:35:28 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/02/11 22:35:28 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/02/11 22:35:28 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/02/11 22:35:28 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/02/11 22:35:28 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/02/11 22:35:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/02/11 22:35:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/02/11 22:35:28 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/02/11 22:35:25 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/10 21:52:52 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\Malwarebytes
[2010/02/10 21:52:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/10 21:52:48 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/10 21:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/10 21:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/10 20:53:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/02/10 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/10 06:24:54 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 06:24:54 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 06:24:48 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 06:24:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 06:24:48 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 06:24:48 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 06:24:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/02/03 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/03 19:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/03 19:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/19 20:12:18 | 000,000,000 | ---D | C] -- C:\Users\Zac\Desktop\Dirty Projectors
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Zac\Documents\*.tmp files -> C:\Users\Zac\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/17 20:05:27 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F126F98D-F447-474D-9B9F-3157D5A1E91D}.job
[2010/02/17 20:04:46 | 009,175,040 | -HS- | M] () -- C:\Users\Zac\NTUSER.DAT
[2010/02/17 19:46:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4009435946-1734834586-2344784175-1000UA.job
[2010/02/17 19:43:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/17 19:00:03 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/17 19:00:03 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/17 00:46:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4009435946-1734834586-2344784175-1000Core.job
[2010/02/16 20:43:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/16 19:26:13 | 000,033,280 | ---- | M] () -- C:\Users\Zac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 21:06:19 | 001,774,444 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/14 21:06:19 | 000,633,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/14 21:06:19 | 000,475,528 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2010/02/14 21:06:19 | 000,389,652 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2010/02/14 21:06:19 | 000,117,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/14 21:06:19 | 000,100,292 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2010/02/14 21:06:19 | 000,084,382 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2010/02/14 21:00:39 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/14 21:00:38 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/14 21:00:23 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2010/02/14 21:00:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/14 21:00:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/14 20:59:52 | 3486,842,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/12 13:34:46 | 000,524,288 | -HS- | M] () -- C:\Users\Zac\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/02/12 13:34:46 | 000,065,536 | -HS- | M] () -- C:\Users\Zac\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/02/12 13:34:44 | 005,332,094 | -H-- | M] () -- C:\Users\Zac\AppData\Local\IconCache.db
[2010/02/11 21:47:54 | 000,002,032 | ---- | M] () -- C:\Users\Zac\Desktop\Google Chrome.lnk
[2010/02/11 20:20:52 | 000,022,016 | ---- | M] () -- C:\Windows\System32\sojs.smo
[2010/02/10 23:57:56 | 000,050,688 | ---- | M] () -- C:\Users\Zac\Documents\Chapter 24-27 World Study Guide.doc
[2010/02/10 21:52:51 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/10 20:54:40 | 000,000,036 | ---- | M] () -- C:\Users\Zac\AppData\Local\housecall.guid.cache
[2010/02/10 16:47:36 | 000,001,874 | ---- | M] () -- C:\Users\Zac\Desktop\HijackThis.lnk
[2010/02/08 23:35:16 | 000,032,256 | ---- | M] () -- C:\Users\Zac\Documents\TTL Essay RD Outline.doc
[2010/02/08 23:22:27 | 000,037,376 | ---- | M] () -- C:\Users\Zac\Documents\To the Lighthouse Essay (RD).doc
[2010/02/07 02:45:27 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 19:45:53 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/03 19:40:45 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/02/02 21:08:46 | 000,039,424 | ---- | M] () -- C:\Users\Zac\Desktop\2009 Foreclosure Outreach Day Clinic Final Report.doc
[2010/01/31 22:16:02 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/01/31 21:12:32 | 042,058,007 | ---- | M] () -- C:\Users\Zac\Desktop\Art and Craft of Problem Solving 22nd Ed~tqw~_darksiderg.pdf
[2010/01/30 00:42:15 | 000,034,304 | ---- | M] () -- C:\Users\Zac\Documents\Direct ALTERNATE.doc
[2010/01/28 23:31:17 | 000,031,232 | ---- | M] () -- C:\Users\Zac\Documents\Opening FINAL.doc
[2010/01/28 21:19:46 | 000,030,208 | ---- | M] () -- C:\Users\Zac\Documents\Drama journal 1.doc
[2010/01/27 20:24:14 | 000,029,696 | ---- | M] () -- C:\Users\Zac\Documents\Dell Cross.doc
[2010/01/27 00:56:52 | 000,032,256 | ---- | M] () -- C:\Users\Zac\Documents\To the Lighthouse part 3 reflection.doc
[2010/01/25 21:39:43 | 000,032,256 | ---- | M] () -- C:\Users\Zac\Documents\Telluride -- seminars.doc
[2010/01/25 20:46:00 | 000,036,864 | ---- | M] () -- C:\Users\Zac\Documents\Telluride -- conflict.doc
[2010/01/25 18:51:29 | 000,033,792 | ---- | M] () -- C:\Users\Zac\Documents\Opening 1-25-2010.doc
[2010/01/25 01:15:42 | 000,039,424 | ---- | M] () -- C:\Users\Zac\Documents\To the Lighthouse Important Passages 3.doc
[2010/01/20 22:33:31 | 000,031,744 | ---- | M] () -- C:\Users\Zac\Documents\Opening updated (hopefully final).doc
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Zac\Documents\*.tmp files -> C:\Users\Zac\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/17 17:53:49 | 042,058,007 | ---- | C] () -- C:\Users\Zac\Desktop\Art and Craft of Problem Solving 22nd Ed~tqw~_darksiderg.pdf
[2010/02/10 21:52:51 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/10 20:54:40 | 000,000,036 | ---- | C] () -- C:\Users\Zac\AppData\Local\housecall.guid.cache
[2010/02/10 19:55:58 | 000,050,688 | ---- | C] () -- C:\Users\Zac\Documents\Chapter 24-27 World Study Guide.doc
[2010/02/10 16:47:36 | 000,001,874 | ---- | C] () -- C:\Users\Zac\Desktop\HijackThis.lnk
[2010/02/09 21:55:32 | 000,022,016 | ---- | C] () -- C:\Windows\System32\sojs.smo
[2010/02/08 23:34:24 | 000,032,256 | ---- | C] () -- C:\Users\Zac\Documents\TTL Essay RD Outline.doc
[2010/02/07 02:45:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 22:41:07 | 000,037,376 | ---- | C] () -- C:\Users\Zac\Documents\To the Lighthouse Essay (RD).doc
[2010/02/03 19:45:53 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/03 19:40:45 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/02/02 21:08:44 | 000,039,424 | ---- | C] () -- C:\Users\Zac\Desktop\2009 Foreclosure Outreach Day Clinic Final Report.doc
[2010/01/29 23:47:54 | 000,034,304 | ---- | C] () -- C:\Users\Zac\Documents\Direct ALTERNATE.doc
[2010/01/28 21:19:38 | 000,030,208 | ---- | C] () -- C:\Users\Zac\Documents\Drama journal 1.doc
[2010/01/27 23:42:15 | 000,031,232 | ---- | C] () -- C:\Users\Zac\Documents\Opening FINAL.doc
[2010/01/26 23:28:09 | 000,032,256 | ---- | C] () -- C:\Users\Zac\Documents\To the Lighthouse part 3 reflection.doc
[2010/01/25 17:26:06 | 000,033,792 | ---- | C] () -- C:\Users\Zac\Documents\Opening 1-25-2010.doc
[2010/01/24 23:37:18 | 000,039,424 | ---- | C] () -- C:\Users\Zac\Documents\To the Lighthouse Important Passages 3.doc
[2010/01/21 20:11:53 | 000,036,864 | ---- | C] () -- C:\Users\Zac\Documents\Telluride -- conflict.doc
[2010/01/20 22:33:27 | 000,031,744 | ---- | C] () -- C:\Users\Zac\Documents\Opening updated (hopefully final).doc
[2009/11/28 21:32:05 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/22 17:07:20 | 000,034,705 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/22 17:07:20 | 000,034,705 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/21 01:40:22 | 001,124,787 | ---- | C] () -- C:\Windows\System32\wjmpocra.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/06/01 18:41:04 | 000,870,128 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\mcs.rma
[2009/06/01 18:41:04 | 000,000,004 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\DF7311
[2009/04/03 09:50:18 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/03/15 16:23:52 | 000,000,388 | ---- | C] () -- C:\Windows\System32\gmsblist.dll
[2009/03/10 21:17:22 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009/03/10 21:17:22 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009/03/10 21:17:22 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009/03/10 21:17:22 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/03/10 21:17:22 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009/03/10 21:17:21 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009/03/09 20:35:09 | 000,000,002 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\ceville_console_history.txt
[2009/03/06 22:36:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/03 16:43:33 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/03/03 16:43:31 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/02/24 20:22:35 | 000,229,376 | ---- | C] () -- C:\Windows\System32\HPPCPR01.DLL
[2009/02/22 22:49:52 | 000,138,736 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/02/22 22:49:51 | 000,022,328 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\PnkBstrK.sys
[2009/02/21 21:37:18 | 000,033,280 | ---- | C] () -- C:\Users\Zac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/21 20:55:57 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/21 20:23:00 | 000,000,201 | ---- | C] () -- C:\Windows\wininit.ini
[2009/02/21 20:22:31 | 000,034,592 | ---- | C] () -- C:\Windows\System32\drivers\nipplpt.sys
[2009/02/21 18:53:48 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/02/21 00:12:20 | 000,001,321 | ---- | C] () -- C:\Windows\ntbackup.ini
[2009/02/20 23:39:01 | 000,000,680 | ---- | C] () -- C:\Users\Zac\AppData\Local\d3d9caps.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2000/07/22 15:49:46 | 000,431,104 | ---- | C] () -- C:\Windows\System32\VFCodec.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/12/18 08:01:57 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2008/01/20 21:22:49 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 21:22:45 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: AHCIX86.SYS >
[2008/01/17 00:21:36 | 000,175,112 | ---- | M] (AMD Technologies Inc.) MD5=982A695ACD015B71F417932D46A9CF9F -- C:\Users\Zac\Desktop\64-Bit bleep\WinXP (RAID Driver)\x86\ahcix86.sys

< MD5 for: AHCIX86S.SYS >
[2009/02/20 23:50:29 | 000,174,608 | ---- | M] (AMD Technologies Inc.) MD5=353DCD8971D6D1DA809B2C3718C70A4D -- C:\Users\Zac\Desktop\FOR NEW COMPUTER\Mobo Stuff\AMD-WinVista-3.100.1540.38\WinVista\x86\ahcix86s.sys
[2008/01/16 19:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\ATI\SUPPORT\8-5_vista32_dd_ccc_wdm_enu_63036\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2007/04/16 17:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\ATI\SUPPORT\8-5_vista32_dd_ccc_wdm_enu_63036\Packages\Drivers\SBDrv\SB6xx\RAID\LH64A\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 21:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 21:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:322EAACD
< End of report >

OTL Extras logfile created on: 2/17/2010 8:04:30 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Zac\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
7.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 127.83 Gb Free Space | 21.44% Space Free | Partition Type: NTFS
Drive D: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 601.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 232.88 Gb Total Space | 72.16 Gb Free Space | 30.98% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZAC-PC
Current User Name: Zac
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbs [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4009435946-1734834586-2344784175-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4009435946-1734834586-2344784175-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10962D16-E19A-4264-B1B4-39D39FD6032B}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{14320219-CD94-4704-A8F4-0917F685C044}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2A3C0CA9-9188-4BEA-8423-2F949C1BFABB}" = rport=445 | protocol=6 | dir=out | app=system |
"{369569D2-98C5-44A4-8112-09EC4FA5E7EA}" = lport=139 | protocol=6 | dir=in | app=system |
"{3AFF875D-4E13-4A85-9632-0FB629DE245A}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{46FC46DA-2681-45CD-BA23-7BFACBE48D0C}" = rport=138 | protocol=17 | dir=out | app=system |
"{5108D0E2-18F5-463F-8727-A18435966E14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{659FDD0F-C296-4BF2-A33C-9473BBAB4088}" = rport=137 | protocol=17 | dir=out | app=system |
"{87DF15AF-B6E1-4C3F-8606-836D7728A0CB}" = rport=139 | protocol=6 | dir=out | app=system |
"{8FA7A4F5-58CC-4201-B2FD-6ADB2E8D3127}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{A17416D9-CD27-4DD1-BABD-871E22E2853D}" = lport=137 | protocol=17 | dir=in | app=system |
"{A2328D81-D35D-4701-BA74-C3098580E7F6}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{BADE4EF0-52B7-4E89-8A6E-0C20D5482A67}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{E2FF854E-5C23-4806-956A-587688193210}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF2051A7-8F1B-4143-A305-64D932B9962E}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{FDBE8031-C12F-48C7-B9A4-E7FA476A8EA3}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0564CF60-6D4C-4BF7-B452-F4EBE4D1261C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{05C2BF49-062A-4355-BC7A-B6DEFC812AC6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{06CE5FB0-B449-4D3F-8505-1FC6A457C5C7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{07ECF14E-205E-42C7-8997-73CA3FD3E922}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{0A48BC9A-8341-47DC-A0DA-A468A028D578}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_ds.exe |
"{0BDCC494-09CB-4EA9-83B5-A2FA768C596B}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{10A5F9FA-9DA4-4B24-9B0C-8DCC60511EE9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\monster trucks nitro\monstertrucksnitro.exe |
"{12C00807-0CC0-4C2D-BCAA-C5551F41B723}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_ds.exe |
"{13ADB2BB-9294-48EC-A6E9-9AE9AD64DD2C}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{15254D34-6086-484B-8AD7-5758C051E296}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trials 2 second edition\launcher.exe |
"{1673166F-3128-4191-9C02-C035CFC7DD72}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{19F24F64-2500-44CB-87D0-66667E2687F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{28E30624-B8F5-4BAE-B3F1-5522BADD8085}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E5C942E-042D-4630-9BE4-045B493D4788}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{31124EB2-CB0A-473C-912B-4FD0970DA4B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3A8ACF5F-6BEA-42FB-A384-356E29CC6886}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3CFC1E30-E125-4E61-87B0-1340B8B6F940}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{42792C26-0CD2-4ECB-A44B-FBA73A913FBF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{46EA2FED-9019-4EFC-80BC-2529E986464C}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{490AE3D7-84A2-4E8A-A4C8-5ECD78FC79C3}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{4ABEBA11-425C-440D-84AB-F0A85B47FE3A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4B8B62DC-B628-420D-A438-B9B5D42DEAB4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{551E9014-647A-485B-A471-F282CEF2F7DC}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{56B1083E-CF79-4257-9BC4-195174F77DE2}" = protocol=6 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod.exe |
"{5E519472-A6C1-42E0-8BFE-6C9647ECAAF5}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{6044E17A-74AE-45D3-B472-1A37EADD0D84}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{617EAEB4-4BCB-4AE7-B353-1B47C9764C73}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{64BF074D-63E0-4377-A2EC-4C6AD27B5D43}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe |
"{6869D349-E559-4BD9-A528-746B484AC2B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6911E671-6739-40C5-A7F0-7B6B47B74FED}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{6B647890-03B7-4A50-A6AD-737EFE4EDE16}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{6BDC8950-523D-4CCA-9D2C-1F103B73FA10}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{7015891E-E42E-4C36-9997-4A87FEADDA43}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{7BEB92DC-940A-4BEF-8F91-505213BAEB68}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{7E699639-FFC6-4A2A-B40F-E4CD3ECDD726}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic.exe |
"{82256F91-03B6-477E-BEEB-3B7EC4ADC9DF}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{858D2DE1-6A7E-4A04-A18F-FF1679F7FD28}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{8656FF19-CBBD-4DF2-8432-4A98C8283977}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{8EA46BAB-2DE4-4A8E-8AF8-E9A291D84F33}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{8F318773-1A5C-411C-8801-FDE20311BC39}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic.exe |
"{91A47BAC-0CC8-43FF-9F5A-25ECE94D076E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{93A5D042-22E6-4FFA-A3D8-79295285CE7B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{9437BFA4-AA39-49FF-86ED-0E82A665F53E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{972EF91E-54B7-4A82-B273-0927A7C6F216}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{97DA9952-66C4-425A-87B6-326E505AF212}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9860E984-20B4-4EBE-B543-42CF1D22D1F4}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_online.exe |
"{9996091E-8892-4212-AF02-46D53AC66CC3}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{9BE594D6-6300-42C4-AEA2-562F95E059DA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9D5B80B6-86F0-4727-B5DB-54A7EE17E1EC}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{9EC5AF61-1721-42D9-8595-FB08EEA66830}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{9EEC2FE0-8B71-4419-AE6E-7EC520E86900}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{9F3D35F9-87BD-4853-83C5-AEB8995AA1BC}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{9F4579C2-3AD2-4CA3-80BE-EDA632F93043}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A1093D04-928B-482B-AABA-FBD4A183FBE3}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{A37400FF-BA3A-4DB8-B0A0-0BEB31462E6A}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{A8A260F6-ABB3-4BA5-B80F-D377CB5C6F18}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\monster trucks nitro\monstertrucksnitro.exe |
"{A9FF9B53-24EF-4103-A71D-617995224511}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{BB45643C-A37E-4AF3-9EC8-9FFFDB8AB3F9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BE23E9F5-B8BA-4301-B8CD-5B453475E000}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BE2A0B6F-73B3-49BF-BA8B-C6D779D88B5A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{C1FCEE36-D6E6-43A6-A678-A8AE31500F73}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C6509D69-FBF5-4F1C-B6A4-F20020DEC5C2}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{C6BBD6F7-DCCC-494A-89C0-3B00F441A2E9}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{C8AE6793-50EE-43F4-9D07-56A72A1A81BA}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_online.exe |
"{CABC7C2E-BBE1-4E71-9F3A-A117C0F00255}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{CB90C466-8A74-43D7-B118-5DF808760EFC}" = protocol=17 | dir=in | app=c:\program files\stardock games\demigod\bin\demigod.exe |
"{D324DE58-D860-4302-B8D1-005C689C7630}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{D46D0872-D4CC-41CD-A224-8D8170BB0F60}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{D733850B-8A6C-4574-9501-2FEF7972F557}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D9E6C45C-F34C-4DF1-A2AA-48B98F47A0F4}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{DC6CE8D9-6EB4-468F-88B7-D3CBF516CB43}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{E32CFC51-C3BF-4DC1-B4E2-80FF41C0BA8F}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{E3622753-A87F-49AF-B759-BA05E747BDF2}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{E6833FCC-52BE-4823-A5F6-7505C4ECEFA6}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E7624928-3AEB-4F57-8ED6-C786E1FB9305}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe |
"{EB7D2002-8170-4D06-8835-BAE3ACBBAF22}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{ECEA9B9C-D156-4923-B7F2-F7CDCE3402D2}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{EEF31DA7-66DF-4BCB-827F-FB72C4FC915A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EF7C2F23-8F27-4AAC-AE28-2E0248E472DC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trials 2 second edition\launcher.exe |
"{F042F67F-DC31-4D1F-894B-47C5B285D260}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{F31F9B61-85B9-47AF-BF6A-23AACD23DC5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FA2986F3-5FDE-435D-9F8F-CF8C3BF682E6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FA6D0A89-AFF4-40FF-8974-4F72C6012CB8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FF938A2F-61AC-4774-84E9-7BAAE3ED21D8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{10C7D242-569A-45FB-9158-814B60DE26BA}C:\users\zac\desktop\ldc ++\ldcplusplus.exe" = protocol=6 | dir=in | app=c:\users\zac\desktop\ldc ++\ldcplusplus.exe |
"TCP Query User{170701B0-EC2E-4A90-A1D5-2051D1D0B171}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{6D33D770-6524-4D69-83B0-1C2B371370E2}C:\program files\steam\steamapps\zmaz\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\zmaz\team fortress 2\hl2.exe |
"TCP Query User{C925682B-652A-4C81-901F-CC6E15DE0EBE}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{226E4F0D-0996-42A2-A120-5E2C3EFC0A91}C:\program files\steam\steamapps\zmaz\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\zmaz\team fortress 2\hl2.exe |
"UDP Query User{4A16A426-FF40-47C4-A06F-8CFF26318C57}C:\users\zac\desktop\ldc ++\ldcplusplus.exe" = protocol=17 | dir=in | app=c:\users\zac\desktop\ldc ++\ldcplusplus.exe |
"UDP Query User{78F5EF56-BA60-4594-AEFA-E906511A5852}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{A68873B2-9F54-4FBF-8BBF-6AFC1FA339CE}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0166E190-92D7-482A-A220-DE8B7354383A}" = Demigod
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{24F2E03B-ACF2-42FB-8A2A-5F015ACBDD16}" = FOX ONE
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5701EFCA-EFA0-4109-BB33-BB461F63088A}" = ShowInfo
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{6304587B-3C05-4031-A8E7-7938CB9162E7}_is1" = meta-iPod, the iTunes Cleaner 1.61
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6854A2CA-361F-4DD9-A8D8-C229E5EF4654}" = FOX DMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{766EEFE5-15BE-48AE-A69B-AAFC1692A339}_is1" = And Yet It Moves 1.0.4 patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EC9E7A1-A576-43C8-9CBB-31BD5625EBCA}" = FOX LiveUpdate
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110246513}" = Catan - The Computer Game
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A556A5AD-2A0D-48ED-A8E8-EA524CA0D366}_is1" = LyricsFetcher v0.5.1
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE667894-44ED-4CF9-98B0-C875150E4A27}" = FOX LOGO
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3E699B5-7EEE-4AB1-A7BB-A43B7B4D94ED}" = Windows NT Backup - Restore Utility
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 3.0262
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8 Ultra Edition HD
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F0F0802E-94B6-C513-0594-F4F96917A031}" = ATI Catalyst Install Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Across Lite 2.0" = Across Lite 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AIM MusicLink 4.1.0.0" = AIM MusicLink 4.1.0.0
"AIM_6" = AIM 6
"And Yet It Moves 1.50" = And Yet It Moves 1.50
"AviSynth" = AviSynth 2.5
"CameraUserGuide-PSSX120IS" = Canon PowerShot SX120 IS Camera User Guide
"Catan Online Welt" = Catan Online World
"Ceville" = Ceville 1.0
"Cinema Craft Encoder SP" = Cinema Craft Encoder SP
"Cinema Craft Encoder SP for Adobe Premiere" = Cinema Craft Encoder SP for Adobe Premiere
"Cinema Craft Encoder SP2" = Cinema Craft Encoder SP2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crysis WARHEAD®" = Crysis WARHEAD®
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Defraggler" = Defraggler
"Demigod" = Demigod
"Digital Guitar Tuner 2.3_is1" = Digital Guitar Tuner 2.3
"DVD2SVCD Software Bundle_is1" = DVD2SVCD 1.2.3 Build 1
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FeedDemon_is1" = FeedDemon
"FeedStation_is1" = FeedStation
"foldit" = foldit
"foobar2000" = foobar2000 v0.9.6.3
"GamesBar" = GamesBar 2.0.1.12
"GSAK_is1" = GSAK 7.5.1.28 (Final)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"iLyrics" = iTunes Lyrics Importer
"Impulse" = Impulse
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Standard)
"linksadoor_is1" = linksadoor 1.29
"Loki Browser Plugin" = Loki Browser Plugin
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Novell iPrint Client" = Novell iPrint Client v05.12.00
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Peggle" = Peggle (remove only)
"Peggle Nights Deluxe1.023" = Peggle Nights Deluxe
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PowerISO" = PowerISO
"Proxy Finder Enterprise Edition" = Proxy Finder Enterprise Edition
"PSP Video 9" = PSP Video 9 1.74
"PunkBusterSvc" = PunkBuster Services
"SafeConnect" = SafeConnect
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SopCast" = SopCast 3.2.4
"Starcraft" = Starcraft
"Steam App 16600" = Trials 2: Second Edition
"Steam App 16620" = Monster Trucks Nitro
"Steam App 17550" = Eternal Silence
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"The Rosetta Stone" = The Rosetta Stone
"The Wonderful End of the World_is1" = The Wonderful End of the World
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"UnityWebPlayer" = Unity Web Player
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Videora iPod touch Converter" = Videora iPod touch Converter 4.08
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4009435946-1734834586-2344784175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"HuluDesktop" = HuluDesktop
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2010 1:06:44 PM | Computer Name = Zac-PC | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 7.0.6001.18385, time stamp
0x4b2b560f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x4b0d8400, process id 0xd98, application start time
0x01caac05a80116f3.

Error - 2/14/2010 10:01:33 PM | Computer Name = Zac-PC | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 7.0.6001.18385, time stamp
0x4b2b560f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x4b0d8400, process id 0xe10, application start time
0x01caade2aaa217c1.

Error - 2/14/2010 10:01:35 PM | Computer Name = Zac-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/14/2010 10:04:48 PM | Computer Name = Zac-PC | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 7.0.6001.18385, time stamp
0x4b2b560f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x4b0d8400, process id 0x520, application start time
0x01caade30ae49b40.

Error - 2/14/2010 10:51:58 PM | Computer Name = Zac-PC | Source = Application Error | ID = 1000
Description = Faulting application Steam.exe, version 1.0.0.0, time stamp 0x4aaadaf8,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0000006c, process id 0xfc4, application start time 0x01caade2f2059250.

Error - 2/15/2010 3:09:28 PM | Computer Name = Zac-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/15/2010 9:24:17 PM | Computer Name = Zac-PC | Source = Application Error | ID = 1000
Description = Faulting application Steam.exe, version 1.0.0.0, time stamp 0x4aaadaf8,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc000001d, fault offset 0x05634ec4, process id 0xfc4, application start time 0x01caade2f2059250.

Error - 2/16/2010 5:15:43 PM | Computer Name = Zac-PC | Source = Application Error | ID = 1000
Description = Faulting application Steam.exe, version 1.0.0.0, time stamp 0x4aaadaf8,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0000006c, process id 0x58c, application start time 0x01caaf4d04910560.

Error - 2/17/2010 12:23:39 AM | Computer Name = Zac-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, time stamp 0x4b302c34,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0xf60, application start time 0x01caade2b9260ff0.

Error - 2/17/2010 5:14:38 PM | Computer Name = Zac-PC | Source = Application Error | ID = 1000
Description = Faulting application Steam.exe, version 1.0.0.0, time stamp 0x4aaadaf8,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000033, process id 0x1a40, application start time 0x01cab0161beeac20.

[ Media Center Events ]
Error - 2/24/2009 10:17:05 PM | Computer Name = Zac-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 8/20/2009 3:33:39 AM | Computer Name = Zac-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/13/2009 3:02:38 AM | Computer Name = Zac-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/13/2009 3:02:38 AM | Computer Name = Zac-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/13/2009 3:02:38 AM | Computer Name = Zac-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/13/2009 3:02:38 AM | Computer Name = Zac-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/13/2009 3:12:28 AM | Computer Name = Zac-PC | Source = HTTP | ID = 15016
Description =

Error - 8/13/2009 3:13:54 AM | Computer Name = Zac-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/13/2009 3:13:54 AM | Computer Name = Zac-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/18/2009 2:33:01 PM | Computer Name = Zac-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/18/2009 2:33:01 PM | Computer Name = Zac-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/3/2009 8:57:09 AM | Computer Name = Zac-PC | Source = bowser | ID = 8003
Description =


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 18 February 2010 - 07:51 AM

Hi,

other programs will use IE to display things, so it can be that internet explorer is opened without you knowing it, because you think you are using a specific program. Can you let me know, next time you get the error, which programs were open and running?

I don't see an iexplore.exe in your running tasks, which is a good sign. smile.gif

Please try running FixIE:
Download the tool here: WindowsClub and save it to your Desktop. Extract the files from the zip-folder to your Desktop. Run it by double-clicking it. Press Run Utility and let it do it's job.
This may fix your problem with InternetExplorer.

PLease also run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Zmaz

Zmaz
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 18 February 2010 - 11:50 PM

Alright, I first tried to use FixIE; I closed the "Internet Explorer has crashed" window and quickly ran the program before the crash window popped up again, and it ran successfully, but the problem stayed.

After that, I tried running GMER. At first, I left the crash window open while running it, and it initially loaded up correctly and had one entry in its initial display, and then I clicked scan, it went for a bit, a few more entries popped up, and eventually it froze up and crashed my whole system. (It was obviously frozen, but nothing popped up with the normal crash window that lets you "end task," and I couldn't right-click on the bottom toolbar to access Task Manager, so I hit Alt-Ctrl-Del, clicked on Task Manager, and then my screen went black and I rebooted after waiting a few minutes.)

Then I tried running GMER after closing the crash dialogue and before it popped up again, but a similar crash occurred and had to hit the power button.

Finally, I booted into Safe Mode and tried running GMER. (Notably, the IE crash dialogue did NOT appear in Safe Mode, although I'm not sure exactly how long it takes to launch, so it's possible I ran the program before the dialogue would have appeared, but I'm pretty sure I waited long enough. Also, there was no entry in GMER's initial scan, as in my other two attempts. Dunno if that's significant, but I thought it might be noteworthy.) Here, in Safe Mode, GMER crashed, however I got a normal crash dialogue and it didn't take down the whole system. Still though, I wasn't able to run GMER.

Here's the Windows-provided "more problem details" for the GMER crash in Safe Mode:

Problem signature:
Problem Event Name: APPCRASH
Application Name: t1ddvy9v.exe
Application Version: 1.0.15.15281
Application Timestamp: 4b2763f0
Fault Module Name: t1ddvy9v.exe
Fault Module Version: 1.0.15.15281
Fault Module Timestamp: 4b2763f0
Exception Code: c0000005
Exception Offset: 0000c4b1
OS Version: 6.0.6001.2.1.0.256.1
Locale ID: 1033
Additional Information 1: fd00
Additional Information 2: ea6f5fe8924aaa756324d57f87834160
Additional Information 3: fd00
Additional Information 4: ea6f5fe8924aaa756324d57f87834160

Again, thanks so much for your help!

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 20 February 2010 - 05:47 AM

Hi,

does Internet Explorer also crash when you open it normally?

Gmer will not run on all systems, sadly.

Please run RootRepeal instead:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Zmaz

Zmaz
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 22 February 2010 - 03:12 PM

Well, I tried multiple times to get RootRepeal to go -- but no dice. It would run for a while, but eventually it'd stop, putting up an error box (but the box was transparent, no message or even a plain white box) and then freezing.

However, I did something, not sure what -- I ran MBAM to fix something else, so that might have been it -- and anyway, the IE box isn't popping up any longer. However, my computer seems rather sluggish. Anything in my HJT log or anything else that might suggest a problem?

Edited by Zmaz, 22 February 2010 - 03:13 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 22 February 2010 - 05:54 PM

Hi,

we need to run a rootkit scan. Hijackthis can not see those infections.

There may be some interference from other programs. Please try RootRepeal again, but before the scan do the following:
Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Zmaz

Zmaz
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 23 February 2010 - 04:12 PM

Hmm. I moved the access level to the highest one possible, and I unchecked the MBR check box, but it still froze.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 26 February 2010 - 09:02 AM

Hi,

please try to run sophos ARK then:
lease download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Zmaz

Zmaz
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 27 February 2010 - 11:38 PM

Sophos ran perfectly. Nothing was recommended for removal, and here's the log (FYI, F: is my DVD-drive; I don't think any of it is a problem -- I had in a legitimate copy of Battlefield 2142.)


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 2/27/2010 at 16:00:14 PM
User "Zac" on computer "ZAC-PC"
Windows version 6.0 SP 1.0 Service Pack 1 build 6001 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Zac\Desktop\Old Desktop\eBooks and Such\Psychology Complete\Research psychology\Personality psychology\The Psychology of Self-Esteem A Revolutionary Approach to Self-Understanding that Launched a New Era in Modern Psychology - Nathaniel Branden.pdf
Hidden: file C:\Users\Zac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VQ06BTR\k%2F5113%2F485371%2F0%2F5%2FAdId%3D257249%3BBnId%3D1%3Bitime%3D234867820%3Bkvmn%3D93245511%3Bkvag%3Dam4%3Aua46%3Bkvug%3D1%3Bnodecode%3Dyes%3Blink%3D;ord=234867820[1]
Hidden: file C:\system32\winupdae.exe.exe
Info: Starting disk scan of F: (NTFS).
Hidden: file F:\Documents and Settings\Administrator\Local Settings\Temp\Blizzard Installer Temporary Data - 97c9bea0\patch.html
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-FA6D-8B0200C2CB35}_21_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthashemiocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-FA6D-8B0200C2CB35}_21_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-FA6D-8B0200C2CB35}_21_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhasstaticglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-D16D-8B0200C2CB35}_79_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthashemiocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-D16D-8B0200C2CB35}_79_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-D16D-8B0200C2CB35}_79_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhasstaticglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-A26B-8B0200C2CB35}_39_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthashemiocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-A26B-8B0200C2CB35}_39_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-A26B-8B0200C2CB35}_39_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhasstaticglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-8C63-8B0200C2CB35}_21_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthashemiocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-8C63-8B0200C2CB35}_21_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-8C63-8B0200C2CB35}_21_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhasstaticglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-8A6A-8B0200C2CB35}_39_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthashemiocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-8A6A-8B0200C2CB35}_39_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-8A6A-8B0200C2CB35}_39_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhasstaticglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-3B6E-8B0200C2CB35}_39_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthashemiocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-3B6E-8B0200C2CB35}_39_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\My Documents\Battlefield 2142\mods\bf2142\cache\{D7B71E3E-4740-11CF-3B6E-8B0200C2CB35}_39_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhasstaticglosshasdot3alphatesthasshadowocclusion.cfx
Hidden: file F:\Documents and Settings\Administrator\Application Data\SecuROM\UserData\???????????p?????????
Hidden: file F:\Documents and Settings\Administrator\Application Data\SecuROM\UserData\???????????p?????????
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\5c7dfd01de58170a5d5f6471eea104f5\update\spcustom.dll
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\5c7dfd01de58170a5d5f6471eea104f5\update\update_SP2QFE.inf
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\5c7dfd01de58170a5d5f6471eea104f5\sp2gdr\w3svc.dll
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\5c7dfd01de58170a5d5f6471eea104f5\sp2qfe\w3svc.dll
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\c3ac365e4b2838218901863dc4044758\update\update_SP2GDR.inf
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\c3ac365e4b2838218901863dc4044758\update\update_SP2QFE.inf
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\c3ac365e4b2838218901863dc4044758\sp2gdr\infocomm.dll
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\7e08dede92a04e75c1faf75d2825e500\update\spcustom.dll
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\7e08dede92a04e75c1faf75d2825e500\update\update_SP2GDR.inf
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\7e08dede92a04e75c1faf75d2825e500\update\update_SP3QFE.inf
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\7e08dede92a04e75c1faf75d2825e500\sp2qfe\msw3prt.dll
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\7e08dede92a04e75c1faf75d2825e500\sp3gdr\msw3prt.dll
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\a10941d3ebcdfeb11377b3f7f464e0e2\sp2gdr\asp51.dll
Hidden: file F:\WINDOWS\SoftwareDistribution\Download\a10941d3ebcdfeb11377b3f7f464e0e2\sp2qfe\asp51.dll
Hidden: file F:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\2YXCB37W\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[1].adp%253Fmagic%253D93245511%2526width%253D120%2526height%253D90%2526sn%253Dzmaz299
Hidden: file F:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\2YXCB37W\dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[2].adp%253Fmagic%253D93245511%2526width%253D120%2526height%253D90%2526sn%253Dzmaz299
Stopped logging on 2/27/2010 at 18:27:57 PM



#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 01 March 2010 - 10:07 AM

Hi,

the log looks fine. Files aren't always hidden for "bad" reasons, the files may be hidden without being a problem. This was probably the case for your Battlefield CD. They definitely don't look malicious.

Please provide a new OTL log and if you can find it the log from Malwarebytes where it removed the couple of things you mentioned. There were leftovers of malware showing in your first OTL log.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Zmaz

Zmaz
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 02 March 2010 - 11:59 PM

I can try to find my Malwarebytes log if you want -- any suggestions on where to find it? -- but here's the OTL log I just made.

OTL logfile created on: 3/2/2010 11:33:47 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Zac\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 143.16 Gb Free Space | 24.01% Space Free | Partition Type: NTFS
Drive D: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 601.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 232.88 Gb Total Space | 72.16 Gb Free Space | 30.98% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZAC-PC
Current User Name: Zac
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/25 22:46:04 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Users\Zac\AppData\Local\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2010/02/18 23:30:31 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/17 20:03:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Zac\Desktop\OTL.exe
PRC - [2010/01/22 19:16:38 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2010/01/05 19:06:43 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/01/05 19:06:43 | 000,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2009/09/27 17:47:00 | 000,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/07/26 23:17:29 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/25 14:38:18 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2009/04/01 11:53:08 | 000,107,008 | ---- | M] () -- C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/28 10:15:14 | 000,066,832 | ---- | M] (Novell, Inc.) -- C:\Windows\System32\iprntctl.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/02/17 20:03:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Zac\Desktop\OTL.exe
MOD - [2008/01/20 21:21:54 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/01/05 19:06:43 | 000,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2009/10/31 15:16:57 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/27 17:47:00 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/07/26 23:17:29 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/15 16:03:26 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a5b17eedccb0) Google Update Service (gupdate1c9a5b17eedccb0)
SRV - [2009/02/22 11:49:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/06/24 16:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:21:35 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\Windows\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/02 07:34:14 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 04:46:05 | 000,017,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\irmon.dll -- (Irmon)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (MEMSWEEP2)
DRV - [2009/09/27 16:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/30 12:09:26 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/30 12:09:25 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/05/25 14:38:19 | 002,158,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/10/20 16:15:22 | 000,034,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/06/12 01:28:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/03/31 18:07:56 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/02/06 03:00:00 | 000,044,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/01/20 21:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:21:34 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/20 21:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:21:30 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/20 21:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/11 20:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/08 16:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/30 10:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/12/20 19:23:00 | 000,023,872 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys -- (FXDrv32)
DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/02/04 09:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF DA A9 0B 98 AA CA 01 [binary data]
IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\S-1-5-21-4009435946-1734834586-2344784175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\S-1-5-21-4009435946-1734834586-2344784175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.0.14
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.4.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.7
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:1.0.10
FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.5
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3
FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7
FF - prefs.js..extensions.enabledItems: {6542b200-4374-11dd-ae16-0800200c9a66}:2.5b1
FF - prefs.js..extensions.enabledItems: {8181B740-5255-11D9-9FF6-0090995D2DCA}:0.8.09.07.17
FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.0.1
FF - prefs.js..extensions.enabledItems: stratareloaded@addons.mozilla.org:2.3.0
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.87
FF - prefs.js..extensions.enabledItems: {a81bafeb-b6ed-4501-aa17-15a2b3857e56}:3.5
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:2.20091115
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.87

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/06/27 21:49:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 23:30:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 23:30:32 | 000,000,000 | ---D | M]

[2009/02/21 00:03:42 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Extensions
[2009/02/21 00:03:42 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\4woxhesn.default\extensions
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions
[2009/02/21 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/02/21 17:19:55 | 000,000,000 | ---D | M] (Phoenity Reborn) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2009/02/21 17:19:56 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/02/21 17:19:56 | 000,000,000 | ---D | M] (Just Black (A Cylence theme for Firefox 3)) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{1a45a8a0-3278-11dd-bd11-0800200c9a66}
[2009/02/21 17:19:56 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2009/02/21 17:19:56 | 000,000,000 | ---D | M] (Qute) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009/02/21 17:19:56 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (Aero Silver Fox Basic) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (Flook Theme) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{6542b200-4374-11dd-ae16-0800200c9a66}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (iFox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2009/02/21 17:19:57 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009/02/21 17:19:44 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\amazonsearch@throttled.org
[2009/02/21 17:19:45 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\chromifox@altmusictv.com
[2009/02/21 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\CrystalFox_Qute@BigRedBrent
[2009/02/21 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\moveplayer@movenetworks.com
[2009/02/21 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\stratareloaded@addons.mozilla.org
[2009/02/21 17:19:55 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\zotero@chnm.gmu.edu
[2009/02/21 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\chromifox@altmusictv.com\chrome\mozapps\extensions
[2009/02/21 17:19:51 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.0x\aero\mozapps\extensions
[2009/02/21 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.0x\mozapps\extensions
[2009/02/21 17:19:54 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\9in8d1sy.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.1x\mozapps\extensions
[2009/12/14 17:50:26 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\dgz1keb0.Zac\extensions
[2009/12/14 17:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\dgz1keb0.Zac\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/14 17:50:26 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\dgz1keb0.Zac\extensions\staged-xpis
[2010/03/01 02:01:49 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions
[2009/02/21 17:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/02/07 17:48:31 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2010/01/12 21:49:04 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/01/01 15:14:19 | 000,000,000 | ---D | M] (Cluster Tabs for Firefox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{0A0BD32B-1F34-4F19-A2F9-4B4594950181}
[2010/02/27 15:33:54 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/02/21 17:20:04 | 000,000,000 | ---D | M] (Just Black (A Cylence theme for Firefox 3)) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{1a45a8a0-3278-11dd-bd11-0800200c9a66}
[2009/02/21 17:20:04 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2009/08/18 20:32:58 | 000,000,000 | ---D | M] (Qute) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009/12/05 13:40:33 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/02/07 17:48:36 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/02/21 17:20:05 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2009/12/05 13:40:21 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/07/25 16:11:09 | 000,000,000 | ---D | M] (Aero Fox Silver) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2009/07/25 16:11:11 | 000,000,000 | ---D | M] (Flook Theme) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{6542b200-4374-11dd-ae16-0800200c9a66}
[2009/08/18 20:32:58 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2009/12/05 13:40:24 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2009/07/25 13:38:31 | 000,000,000 | ---D | M] (iFox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2010/02/07 17:48:35 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2010/02/07 17:48:35 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/12 12:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/02/12 12:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2009/12/05 13:40:15 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2010/02/07 17:48:42 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/02/21 17:20:07 | 000,000,000 | ---D | M] (Tweak Network) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
[2010/01/12 21:49:02 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009/07/25 16:11:41 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\amazonsearch@throttled.org
[2009/07/25 16:11:50 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\askopensearch-VTS@ask.com
[2010/02/27 15:33:54 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\autopager@mozilla.org
[2009/06/29 19:23:24 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\battlefieldheroespatcher@ea.com
[2009/08/21 22:21:28 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\chromifox@altmusictv.com
[2009/07/07 21:08:31 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\CrystalFox_Qute@BigRedBrent
[2010/02/07 17:48:36 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\ctrl-tab@design-noir.de
[2010/02/27 15:33:54 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\ddfirefox@dynamitedata
[2009/12/05 13:40:33 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\firefox@tvunetworks.com
[2010/01/12 21:49:20 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\isreaditlater@ideashower.com
[2010/01/12 21:49:22 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\piclens@cooliris.com
[2009/02/21 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\smartbookmarksbar@remy.juteau
[2010/02/07 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\stratareloaded@addons.mozilla.org
[2009/05/13 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\zotero@chnm.gmu.edu
[2010/01/12 21:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2009/07/25 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\browser\extensions
[2009/07/25 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\mozapps\extensions
[2009/07/25 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\browser\extensions
[2009/07/25 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions
[2009/12/05 13:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2009/12/05 13:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/01/12 21:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010/02/07 17:49:20 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.0x\mozapps\extensions
[2010/02/07 17:49:19 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.5x\mozapps\extensions
[2010/02/07 17:49:20 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.6x\mozapps\extensions
[2010/02/07 17:49:20 | 000,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.7x\mozapps\extensions
[2010/02/23 22:32:08 | 000,002,580 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\amazon-search-suggestions.xml
[2010/03/01 00:51:50 | 000,002,257 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\anagrammer.xml
[2010/03/01 00:51:50 | 000,002,671 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\demonoid.xml
[2010/03/01 00:51:50 | 000,002,303 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\gamespot.xml
[2010/03/01 00:51:50 | 000,001,905 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\isohunt---bittorrent.xml
[2010/03/01 00:51:50 | 000,001,145 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\mininova.xml
[2010/03/01 00:51:51 | 000,001,846 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\the-pirate-bay.xml
[2008/07/17 19:46:30 | 000,001,108 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\wikipedia.xml
[2008/03/18 20:09:44 | 000,001,062 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\wiktionary-en.xml
[2008/04/21 17:30:29 | 000,001,546 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\wowhead.xml
[2009/06/03 15:49:25 | 000,007,155 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\yahoo-search--win-moola-m.xml
[2010/03/01 00:51:50 | 000,002,099 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\iqy3lf5r.default\searchplugins\youtube---videos.xml
[2010/03/01 02:01:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/29 07:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/10/28 10:15:22 | 000,255,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npnipp.dll
[2008/10/28 10:15:24 | 000,107,792 | ---- | M] (Novell Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npnisp.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/02/21 21:33:28 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iPrint Tray] C:\Windows\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000..\Run: [Google Update] C:\Users\Zac\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-4009435946-1734834586-2344784175-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 132.162.1.32 132.162.1.31
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zac\Pictures\3284777931_66e15ca203_b.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zac\Pictures\3284777931_66e15ca203_b.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/25 10:50:52 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]
O32 - AutoRun File - [2006/09/25 11:01:39 | 004,386,816 | R--- | M] () - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/25 11:01:39 | 000,000,046 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005/03/17 19:35:15 | 000,000,077 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/01/17 23:10:24 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{78d3c46b-ffe5-11dd-9456-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{78d3c46b-ffe5-11dd-9456-806e6f6e6963}\Shell\AutoRun\command - "" = E:\PsychoLauncher.exe -- [2005/03/23 22:29:04 | 000,991,232 | R--- | M] (Double Fine Productions)
O33 - MountPoints2\{963e6c0e-87d8-11de-8b91-001fe26a9fc2}\Shell\sorthb\command - "" = C:\Program Files\PSP Brew\PSPbrew.exe -- File not found
O33 - MountPoints2\{dd8e61b4-79b3-11de-90dd-001fe26a9fc2}\Shell\sorthb\command - "" = C:\Program Files\PSP Brew\PSPbrew.exe -- File not found
O33 - MountPoints2\{ecd06193-012e-11de-9206-001fe26a9fc2}\Shell\sorthb\command - "" = C:\Program Files\PSP Brew\PSPbrew.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:32:53 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Zac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: COMODO Internet Security - hkey= - key= - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe File not found
MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Zac\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: iPrint Event Monitor - hkey= - key= - File not found
MsConfig - StartUpReg: iPrint Tray - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: McAfeeUpdaterUI - hkey= - key= - C:\Program Files\McAfee\Common Framework\udaterui.exe File not found
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RGSC - hkey= - key= - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found
MsConfig - StartUpReg: ShStatEXE - hkey= - key= - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5A41432D-5A41-5A41-5A41-5A41432D5043} - "C:\WINDOWS\Cursors\lsass.exe" /s
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {78028BE9-3B2E-46E9-B588-BB9AEE0F4088} - .NET Framework
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX: {B3C76690-6A72-4470-BF14-0C4BE1D27C80} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.HFYU - C:\Windows\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: VIDC.VIFP - C:\Windows\System32\VFCodec.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/02 18:43:28 | 000,000,000 | ---D | C] -- C:\Users\Zac\Documents\BFBC2
[2010/03/01 21:00:55 | 000,000,000 | ---D | C] -- C:\Users\Zac\Desktop\Fall Novice 2009
[2010/02/28 20:43:41 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\DiskSpaceFan
[2010/02/28 20:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\DiskSpaceFan
[2010/02/27 15:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/02/26 12:48:56 | 000,000,000 | ---D | C] -- C:\Users\Zac\Documents\BFBC2Beta
[2010/02/26 12:47:37 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010/02/26 12:47:37 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/02/26 12:47:37 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/02/26 12:47:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010/02/26 12:47:37 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010/02/26 12:47:36 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010/02/26 12:47:36 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010/02/26 12:47:35 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010/02/26 12:47:35 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010/02/26 12:47:35 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/02/26 12:47:34 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010/02/26 12:47:34 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010/02/26 12:47:33 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/02/26 12:47:33 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010/02/26 12:47:33 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010/02/26 12:47:32 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/02/26 12:47:32 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/02/26 12:47:32 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/02/26 12:47:32 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/02/26 12:47:31 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/02/26 12:47:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/02/26 12:47:31 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/02/26 12:47:30 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/02/26 12:47:30 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/02/23 19:12:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/21 22:00:59 | 000,000,000 | ---D | C] -- C:\Users\Zac\Desktop\Quiz Bowl Questions
[2010/02/21 20:47:45 | 000,000,000 | ---D | C] -- C:\Users\Zac\Documents\Bioshock2
[2010/02/21 20:47:45 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\Bioshock2
[2010/02/21 20:21:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010/02/21 20:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2010/02/18 23:19:59 | 000,000,000 | ---D | C] -- C:\Users\Zac\Desktop\Fix IE
[2010/02/17 20:03:14 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Zac\Desktop\OTL.exe
[2010/02/11 22:35:34 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/02/11 22:35:29 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/02/11 22:35:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/02/11 22:35:28 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/02/11 22:35:28 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/02/11 22:35:28 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/02/11 22:35:28 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/02/11 22:35:28 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/02/11 22:35:28 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/02/11 22:35:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/02/11 22:35:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/02/11 22:35:28 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/02/11 22:35:25 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/10 21:52:52 | 000,000,000 | ---D | C] -- C:\Users\Zac\AppData\Roaming\Malwarebytes
[2010/02/10 21:52:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/10 21:52:48 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/10 21:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/10 21:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/10 20:54:46 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/02/10 20:53:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/02/10 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/10 06:24:54 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 06:24:54 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 06:24:48 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 06:24:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 06:24:48 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 06:24:48 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 06:24:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/02/03 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/03 19:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/03 19:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Zac\Documents\*.tmp files -> C:\Users\Zac\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/02 23:33:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F126F98D-F447-474D-9B9F-3157D5A1E91D}.job
[2010/03/02 23:23:44 | 009,437,184 | -HS- | M] () -- C:\Users\Zac\NTUSER.DAT
[2010/03/02 22:51:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4009435946-1734834586-2344784175-1000UA.job
[2010/03/02 22:51:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4009435946-1734834586-2344784175-1000Core.job
[2010/03/02 22:48:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/02 22:38:24 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/02 22:38:24 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/02 20:34:18 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/03/02 20:34:18 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2010/03/02 19:46:39 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/02 18:50:17 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/02 18:50:16 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/02 18:42:37 | 000,138,056 | ---- | M] () -- C:\Users\Zac\AppData\Roaming\PnkBstrK.sys
[2010/03/02 18:42:04 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/03/02 18:37:19 | 000,001,742 | ---- | M] () -- C:\Users\Zac\Desktop\Battlefield Bad Company 2.lnk
[2010/03/02 02:48:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/01 00:53:17 | 000,032,768 | ---- | M] () -- C:\Users\Zac\Documents\suicide poetry reflection.doc
[2010/02/28 20:48:52 | 000,001,702 | ---- | M] () -- C:\Users\Zac\Desktop\Defraggler.lnk
[2010/02/28 20:43:40 | 000,000,880 | ---- | M] () -- C:\Users\Zac\Desktop\Disk Space Fan.lnk
[2010/02/28 20:00:20 | 000,036,864 | ---- | M] () -- C:\Users\Zac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/27 00:06:56 | 001,774,444 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/27 00:06:56 | 000,633,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/27 00:06:56 | 000,475,528 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2010/02/27 00:06:56 | 000,389,652 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2010/02/27 00:06:56 | 000,117,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/27 00:06:56 | 000,100,292 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2010/02/27 00:06:56 | 000,084,382 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2010/02/25 00:16:36 | 000,039,936 | ---- | M] () -- C:\Users\Zac\Documents\To the Lighthouse Essay Final.doc
[2010/02/25 00:02:25 | 000,032,256 | ---- | M] () -- C:\Users\Zac\Documents\TTL Essay RD Outline.doc
[2010/02/24 16:20:04 | 000,034,304 | ---- | M] () -- C:\Users\Zac\Documents\Chapter 28 study guide.doc
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/22 22:05:25 | 000,000,015 | ---- | M] () -- C:\Users\Zac\Desktop\settings.dat
[2010/02/22 10:37:55 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2010/02/22 10:37:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/22 10:37:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/22 10:37:26 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/22 10:36:33 | 000,524,288 | -HS- | M] () -- C:\Users\Zac\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/02/22 10:36:33 | 000,065,536 | -HS- | M] () -- C:\Users\Zac\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/02/22 10:36:32 | 006,291,456 | -H-- | M] () -- C:\Users\Zac\AppData\Local\IconCache.db
[2010/02/21 21:34:46 | 000,011,334 | -HS- | M] () -- C:\Users\Zac\AppData\Local\e1wnOl
[2010/02/21 21:33:28 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/21 21:26:46 | 000,010,752 | ---- | M] () -- C:\Windows\DCEBoot.exe
[2010/02/21 20:30:25 | 000,025,600 | ---- | M] () -- C:\Users\Zac\Documents\Recent and Upcoming Legislation.doc
[2010/02/21 20:26:54 | 000,001,187 | ---- | M] () -- C:\Users\Zac\Desktop\Bioshock 2.lnk
[2010/02/21 19:39:29 | 000,031,744 | ---- | M] () -- C:\Users\Zac\Documents\Making Home Affordable Program Summary.doc
[2010/02/18 23:19:23 | 000,293,376 | ---- | M] () -- C:\Users\Zac\Desktop\t1ddvy9v.exe
[2010/02/17 20:03:20 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Zac\Desktop\OTL.exe
[2010/02/11 21:47:54 | 000,002,032 | ---- | M] () -- C:\Users\Zac\Desktop\Google Chrome.lnk
[2010/02/10 23:57:56 | 000,050,688 | ---- | M] () -- C:\Users\Zac\Documents\Chapter 24-27 World Study Guide.doc
[2010/02/10 21:52:51 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/10 20:54:40 | 000,000,036 | ---- | M] () -- C:\Users\Zac\AppData\Local\housecall.guid.cache
[2010/02/10 16:47:36 | 000,001,874 | ---- | M] () -- C:\Users\Zac\Desktop\HijackThis.lnk
[2010/02/08 23:22:27 | 000,037,376 | ---- | M] () -- C:\Users\Zac\Documents\To the Lighthouse Essay (RD).doc
[2010/02/07 02:45:27 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 19:45:53 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/03 19:40:45 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/02/02 21:08:46 | 000,039,424 | ---- | M] () -- C:\Users\Zac\Desktop\2009 Foreclosure Outreach Day Clinic Final Report.doc
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Zac\Documents\*.tmp files -> C:\Users\Zac\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/02 18:37:19 | 000,001,742 | ---- | C] () -- C:\Users\Zac\Desktop\Battlefield Bad Company 2.lnk
[2010/02/28 20:54:02 | 000,032,768 | ---- | C] () -- C:\Users\Zac\Documents\suicide poetry reflection.doc
[2010/02/28 20:43:40 | 000,000,880 | ---- | C] () -- C:\Users\Zac\Desktop\Disk Space Fan.lnk
[2010/02/26 12:47:42 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/02/24 22:46:48 | 000,039,936 | ---- | C] () -- C:\Users\Zac\Documents\To the Lighthouse Essay Final.doc
[2010/02/23 18:43:57 | 000,034,304 | ---- | C] () -- C:\Users\Zac\Documents\Chapter 28 study guide.doc
[2010/02/21 21:26:46 | 000,010,752 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2010/02/21 21:17:05 | 000,011,334 | -HS- | C] () -- C:\Users\Zac\AppData\Local\e1wnOl
[2010/02/21 20:30:24 | 000,025,600 | ---- | C] () -- C:\Users\Zac\Documents\Recent and Upcoming Legislation.doc
[2010/02/21 20:26:54 | 000,001,187 | ---- | C] () -- C:\Users\Zac\Desktop\Bioshock 2.lnk
[2010/02/21 19:39:28 | 000,031,744 | ---- | C] () -- C:\Users\Zac\Documents\Making Home Affordable Program Summary.doc
[2010/02/20 16:40:48 | 000,000,015 | ---- | C] () -- C:\Users\Zac\Desktop\settings.dat
[2010/02/18 23:38:17 | 3488,931,840 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/18 23:19:22 | 000,293,376 | ---- | C] () -- C:\Users\Zac\Desktop\t1ddvy9v.exe
[2010/02/17 17:53:49 | 042,058,007 | ---- | C] () -- C:\Users\Zac\Desktop\Art and Craft of Problem Solving 22nd Ed~tqw~_darksiderg.pdf
[2010/02/10 21:52:51 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/10 20:54:40 | 000,000,036 | ---- | C] () -- C:\Users\Zac\AppData\Local\housecall.guid.cache
[2010/02/10 19:55:58 | 000,050,688 | ---- | C] () -- C:\Users\Zac\Documents\Chapter 24-27 World Study Guide.doc
[2010/02/10 16:47:36 | 000,001,874 | ---- | C] () -- C:\Users\Zac\Desktop\HijackThis.lnk
[2010/02/08 23:34:24 | 000,032,256 | ---- | C] () -- C:\Users\Zac\Documents\TTL Essay RD Outline.doc
[2010/02/07 02:45:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 22:41:07 | 000,037,376 | ---- | C] () -- C:\Users\Zac\Documents\To the Lighthouse Essay (RD).doc
[2010/02/03 19:45:53 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/03 19:40:45 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/02/02 21:08:44 | 000,039,424 | ---- | C] () -- C:\Users\Zac\Desktop\2009 Foreclosure Outreach Day Clinic Final Report.doc
[2009/11/28 21:32:05 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/22 17:07:20 | 000,034,705 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/22 17:07:20 | 000,034,705 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/06/01 18:41:04 | 000,870,128 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\mcs.rma
[2009/06/01 18:41:04 | 000,000,004 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\DF7311
[2009/04/03 09:50:18 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/03/15 16:23:52 | 000,000,388 | ---- | C] () -- C:\Windows\System32\gmsblist.dll
[2009/03/10 21:17:22 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009/03/10 21:17:22 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009/03/10 21:17:22 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009/03/10 21:17:22 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/03/10 21:17:22 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009/03/10 21:17:21 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009/03/09 20:35:09 | 000,000,002 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\ceville_console_history.txt
[2009/03/06 22:36:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/03 16:43:33 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/03/03 16:43:31 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/02/24 20:22:35 | 000,229,376 | ---- | C] () -- C:\Windows\System32\HPPCPR01.DLL
[2009/02/22 22:49:52 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/02/22 22:49:51 | 000,138,056 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\PnkBstrK.sys
[2009/02/21 21:37:18 | 000,036,864 | ---- | C] () -- C:\Users\Zac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/21 20:55:57 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/21 20:23:00 | 000,000,201 | ---- | C] () -- C:\Windows\wininit.ini
[2009/02/21 20:22:31 | 000,034,592 | ---- | C] () -- C:\Windows\System32\drivers\nipplpt.sys
[2009/02/21 18:53:48 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/02/21 00:12:20 | 000,001,321 | ---- | C] () -- C:\Windows\ntbackup.ini
[2009/02/20 23:39:01 | 000,000,680 | ---- | C] () -- C:\Users\Zac\AppData\Local\d3d9caps.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2000/07/22 15:49:46 | 000,431,104 | ---- | C] () -- C:\Windows\System32\VFCodec.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 21:22:49 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 21:22:45 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: AHCIX86.SYS >
[2008/01/17 00:21:36 | 000,175,112 | ---- | M] (AMD Technologies Inc.) MD5=982A695ACD015B71F417932D46A9CF9F -- C:\Users\Zac\Desktop\64-Bit bleep\WinXP (RAID Driver)\x86\ahcix86.sys

< MD5 for: AHCIX86S.SYS >
[2009/02/20 23:50:29 | 000,174,608 | ---- | M] (AMD Technologies Inc.) MD5=353DCD8971D6D1DA809B2C3718C70A4D -- C:\Users\Zac\Desktop\FOR NEW COMPUTER\Mobo Stuff\AMD-WinVista-3.100.1540.38\WinVista\x86\ahcix86s.sys
[2008/01/16 19:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\ATI\SUPPORT\8-5_vista32_dd_ccc_wdm_enu_63036\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2007/04/16 17:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\ATI\SUPPORT\8-5_vista32_dd_ccc_wdm_enu_63036\Packages\Drivers\SBDrv\SB6xx\RAID\LH64A\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 21:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 21:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:322EAACD
< End of report >

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 03 March 2010 - 12:23 PM

Hi,

open Malwarebytes, click on the tab logs and double-click the dates to find the log in which something was removed.

What problems do you still have with the PC? Is IE still crashing?

rgeards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Zmaz

Zmaz
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 03 March 2010 - 05:45 PM

Here's my MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3772
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

2/22/2010 10:36:03 AM
mbam-log-2010-02-22 (10-36-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 680748
Time elapsed: 1 hour(s), 39 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ieshowinfo.receiverbho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{89ec0b92-2c0c-42e0-98b9-c049ef027140} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{46f03432-be65-4333-b524-04713c4c81fe} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dbaf53d4-11fe-482d-b516-b3103bc71f87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dbaf53d4-11fe-482d-b516-b3103bc71f87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{dbaf53d4-11fe-482d-b516-b3103bc71f87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbaf53d4-11fe-482d-b516-b3103bc71f87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieshowinfo.receiverbho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\linksador\ShowInfo\IeShowInfo.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.
C:\Users\Zac\AppData\Local\av.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Zac\Documents\Torrent Downloads\Proxy Finder\proxyfinderenterprise.exe (Worm.P2P) -> Quarantined and deleted successfully.
C:\Users\Zac\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.


The IE problem is gone, however, I fixed it by reverting back to IE7, and my computer still feels sluggish, so I'm worried that there might still be something sketchy on it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users