Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

have i been compromised ?


  • This topic is locked This topic is locked
15 replies to this topic

#1 websitewendy

websitewendy

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 18 February 2010 - 08:50 PM

i run trend paid internet security 2010 .. a colleague was hit by gumbar and another by hacktool rootkit ... my machine slowed to a crawl last night, minute between clicks .. but a reboot and i 'seem' to be running normally and have had a clean scan from that, prevx, and malwarebytes, but I'm still paranoid, so I really appreciate any insight into the logs I'm posting per the instructions here http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ (i included hijackthis log too just in case)
i'm on a vista 64bit .. and running GMER, i only had services/registry/files / ADS available for selection.. system devices.. etc .. all were grayed out.


DDS (Ver_09-12-01.01) - NTFSX64
Run by websitewendy at 11:55:02.28 on Thu 02/18/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4094.1108 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\STacSV64.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Trustwave\Agent\tkagent.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DigitalPersona\Bin\x64\DPAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\Internet Security\UfLogUi.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\websitewendy\Downloads\putty.exe
C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\websitewendy\Desktop\Defogger.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\websitewendy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files (x86)\hp\smart web printing\hpswp_framework.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files (x86)\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: []
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files (x86)\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files (x86)\winhttrack\WinHTTrackIEBar.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files (x86)\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=13ab015b1806d65c7449e832ecdcc116&url=http%3A%2F%2Fd.66.155.171.162.downloads.estara.com.%2Fas%2FOneCCDM.php&template=309786&sessionid=1122735049_66.155.171.162_52594&=&req=1223064066329OneCC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli DPPWDFLT
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc64.dll,nvsvcStart
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [LogMeIn GUI] "c:\program files (x86)\logmein\x64\LogMeInSystray.exe"
mRun-x64: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Hosts: 82.165.139.65 dva1.com
Hosts: 74.208.65.215 www.dianadennis.com
Hosts: 74.208.65.245 gem-coins.com
Hosts: 74.208.65.245 www.gem-coins.com
Hosts: 74.208.12.130 bikinisass.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\users\websit~1\appdata\roaming\mozilla\firefox\profiles\ifllk064.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\websitewendy\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\websitewendy\appdata\roaming\mozilla\firefox\profiles\ifllk064.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\websitewendy\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-2-18 34656]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2008-7-25 332328]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-2-11 200720]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files (x86)\hp\quickplay\000.fcl [2008-8-23 32240]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-2-18 6583336]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\logmein\x64\rainfo.sys [2008-7-24 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-4 72216]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-2-18 45968]
R2 tkagent;TrustKeeper Agent;c:\program files (x86)\trustwave\agent\tkagent.exe [2008-11-13 145408]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-2-11 42000]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-2-11 339984]
R3 AVerFx2hbtv64;AVerMedia A321 MiniCard Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [2008-8-23 279552]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-8-23 53248]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-2-18 22296]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-2-11 595960]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-2-11 917768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2007-12-6 391680]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-3-31 93184]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw4v64.sys [2008-8-23 3148288]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]

=============== Created Last 30 ================

2010-02-18 19:53:35 0 ----a-w- c:\users\websitewendy\defogger_reenable
2010-02-18 19:27:11 45968 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-02-18 19:27:11 34656 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-02-18 19:27:09 22296 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-02-18 19:27:09 0 d-----w- c:\program files\Prevx
2010-02-18 19:23:11 0 d-----w- c:\programdata\PrevxCSI
2010-02-18 18:53:29 0 d-----w- c:\program files (x86)\TrendMicro
2010-02-12 03:32:40 0 d-----w- c:\programdata\Trend Micro
2010-02-12 03:32:15 0 d-----w- c:\program files\Trend Micro
2010-02-12 03:30:56 1883152 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-02-12 03:30:55 42000 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-02-12 03:30:55 339984 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-02-12 03:30:55 258064 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-02-12 03:30:55 200720 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-02-12 03:30:55 107536 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-01-22 01:29:22 0 d-----w- c:\users\websit~1\appdata\roaming\Kayako
2010-01-22 01:28:33 0 d-----w- c:\program files (x86)\Kayako
2010-01-21 21:52:25 0 d-----w- c:\program files (x86)\Artisteer

==================== Find3M ====================

2010-02-18 16:49:10 150456 ----a-w- c:\users\websit~1\appdata\roaming\nvModes.dat
2010-02-12 03:36:54 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-12 03:36:54 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-12 03:36:53 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-11 18:11:52 56096 ----a-w- c:\windows\fonts\Copperplate Gothic Bold.ttf
2010-01-11 18:11:04 47152 ----a-w- c:\windows\fonts\Copperplate Gothic Bold BT.ttf
2010-01-08 00:07:06 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-04 17:53:22 2426 ----a-w- c:\users\websit~1\appdata\roaming\wklnhst.dat
2008-08-30 10:26:58 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-25 19:20:41 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-02-25 19:20:41 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-02-25 19:20:41 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-04-12 17:03:29 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-04-12 17:03:29 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-04-12 17:03:29 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 11:56:54.83 ===============


THANK YOU for any assistance/insight/recommendations smile.gif

Wendy Jo

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 20 February 2010 - 02:04 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 websitewendy

websitewendy
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 20 February 2010 - 02:46 PM

NO apology necessary .. i really appreciate there are good guys like you out here thumbup2.gif
I haven't done anything more than automated daily Trend scans, and Prevx is still running(it should be noted that Prevx was not on my system prior to my finding there might be an issue)
I still have defogger set to disable cd emulator drivers.
.. the results of my OTL are below..
again.. thank you !
(fingers crossed ;)


OTL logfile created on: 2/20/2010 11:17:27 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\websitewendy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
10.00 Gb Paging File | 7.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 6141 10141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.63 Gb Total Space | 97.22 Gb Free Space | 34.16% Space Free | Partition Type: NTFS
Drive D: | 13.46 Gb Total Space | 2.32 Gb Free Space | 17.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 31.98 Gb Total Space | 8.02 Gb Free Space | 25.08% Space Free | Partition Type: FAT32
Drive G: | 5.30 Gb Total Space | 1.99 Gb Free Space | 37.57% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRACO
Current User Name: websitewendy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 11:07:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\websitewendy\Desktop\OTL.exe
PRC - [2010/02/18 11:53:04 | 000,050,477 | ---- | M] () -- C:\Users\websitewendy\Desktop\Defogger.exe
PRC - [2010/01/20 15:52:40 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/31 13:40:32 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\websitewendy\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
PRC - [2009/10/02 21:44:15 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/19 17:11:46 | 000,145,408 | ---- | M] () -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe
PRC - [2009/01/08 06:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/11/25 23:00:00 | 001,873,280 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2008/10/02 08:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/09/03 23:22:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/08/28 22:26:49 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Users\websitewendy\Downloads\putty.exe
PRC - [2008/06/01 23:55:22 | 000,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/01/20 18:50:38 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe
PRC - [2007/12/19 18:28:34 | 000,271,760 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/10/24 15:02:16 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/09/20 10:12:02 | 000,671,744 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2007/09/20 10:02:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2007/09/13 08:47:52 | 000,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/08/31 11:30:42 | 000,181,600 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Smart Web Printing\hpswp_clipbook.exe
PRC - [2007/06/29 16:42:58 | 027,792,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Fireworks CS3\Fireworks.exe
PRC - [2007/05/16 10:43:06 | 000,677,432 | R--- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/05/08 15:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/05/02 10:39:08 | 000,184,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/03/20 17:06:52 | 016,087,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
PRC - [2007/01/09 02:25:30 | 000,272,024 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/08 15:53:06 | 000,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006/05/02 15:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 11:07:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\websitewendy\Desktop\OTL.exe
MOD - [2008/01/20 18:50:15 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2008/01/20 18:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 18:49:15 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2008/01/20 18:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 01:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2006/11/02 01:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/18 11:27:09 | 006,583,336 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV:64bit: - [2010/02/11 19:30:45 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2010/02/11 19:30:45 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2010/02/11 19:30:44 | 000,836,432 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2010/02/11 19:30:44 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/11/12 16:33:14 | 000,660,256 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/09/05 08:25:06 | 000,236,544 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\STacSV64.exe -- (STacSV)
SRV:64bit: - [2006/11/02 03:16:35 | 000,051,200 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV - [2009/09/28 18:35:02 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/23 13:00:06 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/19 17:11:46 | 000,145,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Trustwave\Agent\tkagent.exe -- (tkagent)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/05 20:42:11 | 000,376,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/09/03 23:22:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/27 10:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/24 17:46:08 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2007/12/19 18:28:34 | 000,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 18:28:34 | 000,112,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/10/24 15:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/20 10:02:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2007/09/19 17:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/09 02:25:30 | 000,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 05:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/05/02 15:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/18 11:27:11 | 000,045,968 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)
DRV:64bit: - [2010/02/18 11:27:11 | 000,034,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan)
DRV:64bit: - [2010/02/18 11:27:09 | 000,022,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pxkbf.sys -- (pxkbf)
DRV:64bit: - [2010/02/11 19:30:56 | 001,883,152 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/02/11 19:30:55 | 000,339,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/02/11 19:30:55 | 000,258,064 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/02/11 19:30:55 | 000,200,720 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010/02/11 19:30:55 | 000,107,536 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/02/11 19:30:55 | 000,042,000 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2009/09/28 18:35:32 | 000,087,384 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/07/25 18:25:36 | 000,022,568 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2008/07/25 18:25:36 | 000,016,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2008/07/25 18:25:34 | 000,332,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Si3531.sys -- (Si3531)
DRV:64bit: - [2008/07/24 17:46:08 | 000,072,216 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/07/24 17:45:20 | 000,011,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/04/28 18:10:55 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2008/04/28 18:10:51 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2008/03/28 02:06:00 | 000,324,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/01/20 18:47:28 | 000,048,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 18:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 18:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 18:47:03 | 000,023,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2008/01/20 18:47:02 | 000,115,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2008/01/20 18:47:02 | 000,036,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\winusb.sys -- (winusb)
DRV:64bit: - [2008/01/20 18:46:57 | 003,154,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 18:46:57 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 18:46:57 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 18:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 18:46:57 | 000,058,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 18:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 18:46:53 | 000,061,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2008/01/20 18:46:52 | 000,062,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2008/01/20 18:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008/01/20 18:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/12/06 09:51:00 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/10/28 18:54:50 | 000,279,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerFx2hbtv64.sys -- (AVerFx2hbtv64)
DRV:64bit: - [2007/09/30 04:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/18 05:12:34 | 000,095,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2007/09/18 05:12:34 | 000,089,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2007/09/18 05:12:34 | 000,019,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2007/09/05 08:25:32 | 000,414,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/08/31 18:58:18 | 000,020,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2007/08/28 14:46:46 | 000,217,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV:64bit: - [2007/06/28 07:09:56 | 003,148,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/06/20 12:49:34 | 000,053,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/04/19 10:09:42 | 000,198,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2007/04/19 10:09:42 | 000,113,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2007/04/19 10:09:42 | 000,113,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2007/03/26 18:48:24 | 000,055,808 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 11:09:36 | 000,055,808 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/02/27 15:10:38 | 000,053,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/11/30 10:26:06 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\eabfiltr64.sys -- (eabfiltr)
DRV:64bit: - [2006/11/01 21:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/09 18:09:03 | 000,742,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 18:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/06/28 09:40:00 | 000,012,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\cpqbttn64.sys -- (HBtnKey)
DRV - [2008/08/23 15:30:56 | 000,000,000 | ---D | M] [Kernel | On_Demand | Running] -- C:\Windows\ITECIR -- (itecir)
DRV - [2008/07/24 17:46:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2008/01/20 18:49:57 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (winusb)
DRV - [2007/12/19 18:27:36 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2006/09/18 13:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 13:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1256768010-1201122213-764085576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-1256768010-1201122213-764085576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1256768010-1201122213-764085576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1256768010-1201122213-764085576-1000\S-1-5-21-1256768010-1201122213-764085576-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1256768010-1201122213-764085576-1000\S-1-5-21-1256768010-1201122213-764085576-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/20 15:52:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/20 15:52:45 | 000,000,000 | ---D | M]

[2009/10/05 18:44:01 | 000,000,000 | ---D | M] -- C:\Users\websitewendy\AppData\Roaming\Mozilla\Extensions
[2009/10/05 18:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\websitewendy\AppData\Roaming\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2010/02/18 13:02:08 | 000,000,000 | ---D | M] -- C:\Users\websitewendy\AppData\Roaming\Mozilla\Firefox\Profiles\ifllk064.default\extensions
[2008/09/03 20:50:58 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\websitewendy\AppData\Roaming\Mozilla\Firefox\Profiles\ifllk064.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009/08/03 14:18:54 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\websitewendy\AppData\Roaming\Mozilla\Firefox\Profiles\ifllk064.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2008/08/29 00:06:27 | 000,000,000 | ---D | M] -- C:\Users\websitewendy\AppData\Roaming\Mozilla\Firefox\Profiles\ifllk064.default\extensions\LogMeInClient@logmein.com
[2009/05/17 14:35:08 | 000,000,000 | ---D | M] -- C:\Users\websitewendy\AppData\Roaming\Mozilla\Firefox\Profiles\ifllk064.default\extensions\moveplayer@movenetworks.com
[2009/10/02 21:44:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/02/18 15:13:04 | 000,000,774 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1256768010-1201122213-764085576-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL ()
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1256768010-1201122213-764085576-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} https://as00.estara.com/UI/proxyhttps.php?a...066329OneCC.cab (OneCCCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\websitewendy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\websitewendy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/01 16:14:55 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2004/12/20 16:05:30 | 000,000,028 | -H-- | M] () - F:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/12/20 16:05:30 | 000,000,028 | -H-- | M] () - G:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{939a573d-75cf-11dd-8db5-0021866cc3be}\Shell - "" = AutoRun
O33 - MountPoints2\{939a573d-75cf-11dd-8db5-0021866cc3be}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 19:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PC Monitor.lnk - C:\Program Files (x86)\Wireless Sync\Client\Monitor.exe - (Intellisync Corporation)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrustKeeper Agent Status.lnk - C:\Windows\Installer\{1961F1D2-A639-49DB-9909-22153B7F4A26}\Icon9B6790CD.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^websitewendy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe_ID0EYTHM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DpAgent - hkey= - key= - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\websitewendy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: OnScreenDisplay - hkey= - key= - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QPService - hkey= - key= - C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {42C818DF-B077-9FCB-1906-27C1BCF783FA} - Viewpoint Media Player
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll ()
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.MP42 - MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - xvidvfw.dll ()
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 11:07:20 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\websitewendy\Desktop\OTL.exe
[2010/02/18 18:19:40 | 000,000,000 | ---D | C] -- C:\Users\websitewendy\Desktop\CjOD
[2010/02/18 18:03:40 | 000,000,000 | ---D | C] -- C:\Users\websitewendy\Desktop\toolcraft
[2010/02/18 11:57:35 | 000,000,000 | ---D | C] -- C:\Users\websitewendy\Desktop\bleepingcomputer
[2010/02/18 11:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/02/18 11:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010/02/18 10:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/02/14 22:39:02 | 000,000,000 | ---D | C] -- C:\Users\websitewendy\Desktop\advanced-xml-image-gallery
[2010/02/12 17:31:43 | 000,000,000 | ---D | C] -- C:\Users\websitewendy\Desktop\house
[2010/02/11 19:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2010/02/11 19:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/04 22:38:56 | 000,000,000 | ---D | C] -- C:\Users\websitewendy\AppData\Local\HP
[2010/02/04 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\websitewendy\AppData\Local\Opera
[2010/02/04 21:26:31 | 000,000,000 | ---D | C] -- C:\Users\websitewendy\AppData\Roaming\Opera
[2010/02/04 21:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010/01/28 07:42:03 | 000,000,000 | ---D | C] -- C:\Users\websitewendy\Desktop\modern-help-cancel
[2010/01/21 17:29:22 | 000,000,000 | ---D | C] -- C:\Users\websitewendy\AppData\Roaming\Kayako
[2010/01/21 17:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kayako
[2010/01/21 13:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Artisteer
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\websitewendy\AppData\Local\*.tmp files -> C:\Users\websitewendy\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/20 11:18:44 | 005,505,024 | -HS- | M] () -- C:\Users\websitewendy\ntuser.dat
[2010/02/20 11:18:27 | 000,000,774 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2010/02/20 11:17:50 | 000,000,774 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2010/02/20 11:07:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\websitewendy\Desktop\OTL.exe
[2010/02/20 10:45:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1256768010-1201122213-764085576-1000UA.job
[2010/02/20 09:41:39 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/20 09:41:39 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/19 16:55:29 | 000,000,600 | ---- | M] () -- C:\Users\websitewendy\AppData\Local\PUTTY.RND
[2010/02/19 14:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1256768010-1201122213-764085576-1000Core.job
[2010/02/18 18:03:36 | 000,150,456 | ---- | M] () -- C:\Users\websitewendy\AppData\Roaming\nvModes.001
[2010/02/18 18:01:25 | 000,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/18 18:01:24 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/18 18:01:24 | 000,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/18 15:13:04 | 000,000,774 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/02/18 11:53:56 | 000,524,288 | ---- | M] () -- C:\Users\websitewendy\Desktop\dds.scr
[2010/02/18 11:53:35 | 000,000,000 | ---- | M] () -- C:\Users\websitewendy\defogger_reenable
[2010/02/18 11:53:04 | 000,050,477 | ---- | M] () -- C:\Users\websitewendy\Desktop\Defogger.exe
[2010/02/18 11:27:11 | 000,045,968 | ---- | M] () -- C:\Windows\SysNative\drivers\pxrts.sys
[2010/02/18 11:27:11 | 000,034,656 | ---- | M] () -- C:\Windows\SysNative\drivers\pxscan.sys
[2010/02/18 11:27:09 | 000,022,296 | ---- | M] () -- C:\Windows\SysNative\drivers\pxkbf.sys
[2010/02/18 08:49:10 | 000,150,456 | ---- | M] () -- C:\Users\websitewendy\AppData\Roaming\nvModes.dat
[2010/02/18 03:41:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/18 03:41:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/18 03:41:22 | 4294,238,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/18 03:40:25 | 000,524,288 | -HS- | M] () -- C:\Users\websitewendy\ntuser.dat{e7234823-d9f0-11de-aa35-0021866cc3be}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 03:40:25 | 000,065,536 | -HS- | M] () -- C:\Users\websitewendy\ntuser.dat{e7234823-d9f0-11de-aa35-0021866cc3be}.TM.blf
[2010/02/18 03:39:22 | 002,689,511 | -H-- | M] () -- C:\Users\websitewendy\AppData\Local\IconCache.db
[2010/02/17 20:21:09 | 000,016,973 | ---- | M] () -- C:\Users\websitewendy\Desktop\photo_coming_soon.jpg
[2010/02/14 22:08:01 | 000,054,272 | ---- | M] () -- C:\Users\websitewendy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 22:03:00 | 001,962,621 | ---- | M] () -- C:\Users\websitewendy\Desktop\advanced-xml-image-gallery.zip
[2010/02/12 10:53:52 | 000,001,078 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2010/02/11 19:30:56 | 001,883,152 | ---- | M] () -- C:\Windows\SysNative\drivers\vsapint.sys
[2010/02/11 19:30:55 | 000,339,984 | ---- | M] () -- C:\Windows\SysNative\drivers\tmwfp.sys
[2010/02/11 19:30:55 | 000,258,064 | ---- | M] () -- C:\Windows\SysNative\drivers\tmxpflt.sys
[2010/02/11 19:30:55 | 000,200,720 | ---- | M] () -- C:\Windows\SysNative\drivers\tmlwf.sys
[2010/02/11 19:30:55 | 000,107,536 | ---- | M] () -- C:\Windows\SysNative\drivers\tmtdi.sys
[2010/02/11 19:30:55 | 000,042,000 | ---- | M] () -- C:\Windows\SysNative\drivers\tmpreflt.sys
[2010/02/11 06:17:54 | 000,188,544 | ---- | M] () -- C:\Users\websitewendy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/11 04:28:05 | 002,739,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/11 04:12:32 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/02/10 10:36:10 | 000,136,823 | ---- | M] () -- C:\Users\websitewendy\Desktop\com_flexicontact_Joomla_v2.16.zip
[2010/02/04 10:48:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/22 23:48:18 | 000,011,549 | ---- | M] () -- C:\Users\websitewendy\Desktop\7b-tolv-internal_emails.xlsx
[2010/01/22 09:15:24 | 000,075,539 | ---- | M] () -- C:\Users\websitewendy\Desktop\totc_logo_550.jpg
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\websitewendy\AppData\Local\*.tmp files -> C:\Users\websitewendy\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/18 11:53:51 | 000,524,288 | ---- | C] () -- C:\Users\websitewendy\Desktop\dds.scr
[2010/02/18 11:53:35 | 000,000,000 | ---- | C] () -- C:\Users\websitewendy\defogger_reenable
[2010/02/18 11:53:03 | 000,050,477 | ---- | C] () -- C:\Users\websitewendy\Desktop\Defogger.exe
[2010/02/18 11:27:11 | 000,045,968 | ---- | C] () -- C:\Windows\SysNative\drivers\pxrts.sys
[2010/02/18 11:27:11 | 000,034,656 | ---- | C] () -- C:\Windows\SysNative\drivers\pxscan.sys
[2010/02/18 11:27:09 | 000,022,296 | ---- | C] () -- C:\Windows\SysNative\drivers\pxkbf.sys
[2010/02/17 17:21:19 | 000,016,973 | ---- | C] () -- C:\Users\websitewendy\Desktop\photo_coming_soon.jpg
[2010/02/14 22:03:00 | 001,962,621 | ---- | C] () -- C:\Users\websitewendy\Desktop\advanced-xml-image-gallery.zip
[2010/02/11 19:30:56 | 001,883,152 | ---- | C] () -- C:\Windows\SysNative\drivers\vsapint.sys
[2010/02/11 19:30:55 | 000,339,984 | ---- | C] () -- C:\Windows\SysNative\drivers\tmwfp.sys
[2010/02/11 19:30:55 | 000,258,064 | ---- | C] () -- C:\Windows\SysNative\drivers\tmxpflt.sys
[2010/02/11 19:30:55 | 000,200,720 | ---- | C] () -- C:\Windows\SysNative\drivers\tmlwf.sys
[2010/02/11 19:30:55 | 000,107,536 | ---- | C] () -- C:\Windows\SysNative\drivers\tmtdi.sys
[2010/02/11 19:30:55 | 000,042,000 | ---- | C] () -- C:\Windows\SysNative\drivers\tmpreflt.sys
[2010/02/10 10:36:06 | 000,136,823 | ---- | C] () -- C:\Users\websitewendy\Desktop\com_flexicontact_Joomla_v2.16.zip
[2010/01/22 23:48:16 | 000,011,549 | ---- | C] () -- C:\Users\websitewendy\Desktop\7b-tolv-internal_emails.xlsx
[2010/01/22 09:15:24 | 000,075,539 | ---- | C] () -- C:\Users\websitewendy\Desktop\totc_logo_550.jpg
[2009/10/05 18:48:08 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/10/01 18:12:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/18 07:40:10 | 000,524,886 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\dd_ATL80SP1_KB973923MSI56B4.txt
[2009/09/18 07:40:09 | 000,017,314 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\dd_ATL80SP1_KB973923UI56B4.txt
[2009/09/18 07:39:56 | 000,525,848 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\dd_ATL80SP1_KB973923MSI5683.txt
[2009/09/18 07:39:54 | 000,017,362 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\dd_ATL80SP1_KB973923UI5683.txt
[2009/09/01 08:35:31 | 000,138,702 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/09/01 08:35:12 | 000,005,554 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\uxeventlog.txt
[2009/09/01 08:35:12 | 000,001,190 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\dd_dotnetfx3error.txt
[2009/09/01 08:35:11 | 000,114,502 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\dd_dotnetfx3install.txt
[2009/06/27 19:05:44 | 000,000,036 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\housecall.guid.cache
[2009/04/22 10:38:16 | 000,000,032 | ---- | C] () -- C:\Windows\wininit.ini
[2009/03/14 11:44:33 | 000,002,426 | ---- | C] () -- C:\Users\websitewendy\AppData\Roaming\wklnhst.dat
[2009/02/22 07:36:04 | 000,000,680 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\d3d9caps.dat
[2009/01/22 16:36:50 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/11/02 12:11:35 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008/11/02 12:11:35 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/10/15 14:41:11 | 000,150,456 | ---- | C] () -- C:\Users\websitewendy\AppData\Roaming\nvModes.001
[2008/10/15 14:41:10 | 000,150,456 | ---- | C] () -- C:\Users\websitewendy\AppData\Roaming\nvModes.dat
[2008/09/27 21:33:25 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008/09/27 21:33:25 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2008/09/06 21:12:35 | 000,054,272 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/29 11:16:47 | 000,000,600 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\PUTTY.RND
[2008/08/29 09:13:50 | 000,000,000 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\QSwitch.txt
[2008/08/29 09:13:50 | 000,000,000 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\DSwitch.txt
[2008/08/29 09:13:50 | 000,000,000 | ---- | C] () -- C:\Users\websitewendy\AppData\Local\AtStart.txt
[2008/08/29 00:00:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/28 22:52:21 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/02/25 03:38:23 | 000,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/09/30 04:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/09/30 04:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\SwSetup\Drivers\MISC4\Winall\Driver64\IaStor.sys
[2007/09/30 04:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007/09/30 04:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\SwSetup\Drivers\MISC4\Winall\Driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 18:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 18:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 18:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 18:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:B879A65B
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:76C85903
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D4810DBE
< End of report >



OTL Extras logfile created on: 2/20/2010 11:17:27 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\websitewendy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
10.00 Gb Paging File | 7.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 6141 10141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.63 Gb Total Space | 97.22 Gb Free Space | 34.16% Space Free | Partition Type: NTFS
Drive D: | 13.46 Gb Total Space | 2.32 Gb Free Space | 17.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 31.98 Gb Total Space | 8.02 Gb Free Space | 25.08% Space Free | Partition Type: FAT32
Drive G: | 5.30 Gb Total Space | 1.99 Gb Free Space | 37.57% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRACO
Current User Name: websitewendy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1256768010-1201122213-764085576-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B69C67-5101-41A2-8E57-2A003A001731}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{0359E6A8-0ADA-41B9-B262-0AEDBB9018C5}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{077481F2-DAD4-4495-A930-8DB9F165E596}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{07B99F67-68A6-476F-BD90-4819EA851F76}" = lport=139 | protocol=6 | dir=in | app=system |
"{0AA2E605-FAD7-49B1-B6B3-8B3B2963D9C2}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{0CA9BD6A-DF3C-4D86-A020-DA5542250E0C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{11008AC0-2BEE-4CF3-ACA2-B46A40018EF8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{1C58ED87-9CEC-4B1C-99E6-3EEC05600B67}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20D3F0CF-85D2-40D2-8A89-8A37EFB0D6C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{2E282878-C8BE-4EB7-9520-B2942D9B0382}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2E7031EC-110D-4306-B6E0-5ABDC9CBD367}" = rport=137 | protocol=17 | dir=out | app=system |
"{331F3E1E-D334-480B-9816-32DB259CC951}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{341022D1-5B25-41B2-A05B-84B459B29C62}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{38C355E9-76EA-409C-B129-87F9B47CF45F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3E85913E-4442-4AB3-A1A8-052CDE6B589D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4840AFE3-9476-489D-9E09-7FE9B81FAB1E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4A5F2832-6864-489D-A62C-3C0A33BD5402}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4E10DFFB-7BFD-4DCA-9DF7-2879D414A49C}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{4F62891A-E84F-4F8C-851F-0DEA43F1B919}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{5079C2F2-0E8C-4034-A392-C58AD32FACB9}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{522E22E2-282C-4A80-8CA7-829FDF279F4C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{5828CDA2-DC85-4EEC-B268-A9A1084C20BD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{62B25F8B-2529-43D1-988A-F074449F60B8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6AA7651B-F5C5-49F4-B097-41AB95C2DAB8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6ABED13B-4CDD-4A83-9466-D96B73824FE2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6D615401-8A95-484D-B7CD-5775A4E5851B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6DEA7623-2701-489C-AEB1-CBDC8A0B2024}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{71D9EE31-3FC3-4446-BC87-F640269258BA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{72A2F667-3C19-420C-ACBE-8D3D651ADF4C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{79829DD7-9993-432F-B3BD-F4868B31A8AE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{815C84BE-9AF1-4FD8-A057-08D869B07DF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{8A54A416-327D-469E-8654-29A7BC6F064B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91DD104B-6FB6-49DD-9FED-3C84FB7DAFE7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{981F16B0-6B75-47D4-8D3E-8BD84AE6A92F}" = lport=445 | protocol=6 | dir=in | app=system |
"{98C0490A-0A99-4BFC-8CAD-0988C247FAAB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{99D306F6-44A7-4C28-ADDA-6E92BC835D91}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{99F91B94-C07F-4379-BC7D-70BFBA03E83C}" = lport=445 | protocol=6 | dir=in | app=system |
"{9BB19C12-895B-4F0C-AEE9-48D23D89015A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1E16877-CAAE-4502-87F3-DEAD8FFAAF49}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A3566223-CE2D-40F0-8411-EE7324D5EB3C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A6FA6AE3-BC54-4E8E-9E9C-BF28E7F02F29}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{A79A08AC-EF34-46F7-866F-75FF49A41D12}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A8B98A7E-496C-4688-916C-B9C251613766}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AF37EE58-67F3-4417-96F6-D39BEACBCBBD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{AF77D322-A8D0-4E0C-9556-8F8702B49570}" = lport=138 | protocol=17 | dir=in | app=system |
"{B09199FA-6449-424F-B841-90903CB85C86}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B4887D4B-EA67-4651-92E7-9091BCFEBA57}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B55FB474-2837-4E40-BD4F-E76BC9A2E2C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF55C6FE-B56B-41A3-B511-64A187FE1611}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C5B9E4E0-6CB2-4224-8BDE-400359B89F7F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C73E8366-1DE9-4BFD-B191-6881EB74AF12}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CA31568A-42F4-481C-AB28-3DD8BB573187}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CB1F136C-E7EC-48CA-9471-7C61D084C6D8}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CE3C62D2-916C-4810-959D-8F16B0E3AD05}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFB82CCF-2688-4A7B-A981-A1E2847A1A39}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0B9400B-38FE-4CAE-98C0-FDFB069B75C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D1B7CEE8-929D-4F6A-8741-40E743D3B3B2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D29ED00B-AECE-4F9A-84CE-2BDC38297B90}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D4EE54F0-0C8A-4335-B8C2-BBCA0DE3A747}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D62974AB-2704-462D-9602-DAD7DD658F7B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D8B174C9-6E67-4050-9D0D-27154AEDF191}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{DF6694B4-A91D-4B3B-94B6-275F515A1B8C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E73E5F95-4D95-4F86-A916-6F994B392E52}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EB05A8FD-FB1A-4F23-8F8E-F26F38E3D3F3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{EC263F71-AC5A-49B8-BC40-62D581D0D264}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC27901C-011D-4D55-86F5-E5879AF0EB70}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC2E733B-7C18-407F-8838-93805852D684}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F07A4021-AD7D-4020-BC46-EA7EC1F26D38}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F8D03B62-62A8-44BC-B413-34D63C7A7EFD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FACEB0B7-AFA7-47F0-8709-3B275ED6B7C6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FCFAEA61-45FF-4FDF-8E9B-C2ABBB1E7C14}" = rport=445 | protocol=6 | dir=out | app=system |
"{FE801614-4D68-4501-BA56-47434A051B1A}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0023B885-0320-479C-848A-E9354CCE75F4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{04DD5545-6E38-46FA-90C8-3F27D58EA1A0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{05319013-47D4-405E-B821-908AAFBF9218}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0715F9B2-8EFE-4D04-9D70-7DE495DD0437}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{08BF77A1-A2AD-493D-BDCA-7760A8D803F5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{08F2D540-23C9-4CE3-9390-2357B2CBDB61}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0CB9C0B0-9B61-4D65-9BF8-8A631FE4CB84}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0D485919-56EB-4806-8B86-E11858DE0AE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0DA97EDA-5113-48DF-87B7-970BA09268F5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0F938748-B786-4AFF-9C2A-6A4B4628D68F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{178DE060-C844-4C80-AB30-4BD2190DFD13}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1B4DC7FA-4655-46B3-AEBE-C554B1B68A7E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1BB1E449-C286-40CE-93BC-1608E7DD30E8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1C985F0E-C13A-4F39-B39E-6AD47149EAA8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{20E8C797-82F2-423A-9646-4F80D405BFCF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2537DD63-0A25-4B2B-BCE1-7CB68737B70B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{25D1BD18-D656-485A-9FBC-AD5C0B379964}" = protocol=6 | dir=in | app=c:\users\websitewendy\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{27302907-DD79-4D6D-B63A-D6CDAA352CB1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{27C11A39-478E-41CE-8736-482BE36AB31E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{28414EF9-BB86-4B09-9D26-6B80B4C75E83}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A482EE1-29E6-4BB6-94E1-341AA7A29F59}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2D9D8D5E-3EBA-415D-8C68-53D73C79241C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{304255AE-FF93-4157-8E70-68CBFA9F7C17}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{31D76D16-5014-495F-8386-4934FB09074A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3207DDE5-F689-4B67-8499-B5FC4631C095}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{326B9FD0-2A50-4892-873F-8D919725888E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{33EC95DA-C3A2-483E-89EB-1C78CA511B51}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3B7DB2DC-149A-43D0-B301-55C4D2C892CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4199E97C-FD57-49AA-AA30-CA673B65A1B7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{43A2D82F-0D8D-4CD0-A764-39ACEFBB152B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4A12DDEF-F891-4B7A-8EFB-6BD8C5778DDB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{4C5BA7A3-B4CE-402D-A9C5-7BDFB3B89E2E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{52247B11-4520-488B-BCB1-1E194EFC4C41}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{56C7C2BA-1724-48D7-A342-76C24E27488D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{594AF249-F68C-4EC4-8F3C-D8A1EC273A5A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5A55EDFD-229F-40F4-83E9-A36A95DA2070}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{65982B34-8EF2-4014-A5BE-F34A7B685FF3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6C1099D8-BFA1-45D5-85BE-FB6B1B8D663A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6DE859F8-D60E-43B7-A709-2E83BF781C29}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7014A44E-96CB-41FE-819D-5D81BCC8E780}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{71DE3C19-57D8-4198-B84B-CC2A3A886B8B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7602559B-F631-494F-A288-B748E2068A9D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{76877B78-1557-4519-B72E-BFCA21ECC6AB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7A404C1E-7CFB-4172-92C1-57FECCE17BE6}" = protocol=17 | dir=in | app=c:\users\websitewendy\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{8099D659-4F91-4773-9FD5-33D8BD375ACE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{844A0A4E-BEAF-40C3-AAE3-1B5ED561CF46}" = dir=in | name=rdp |
"{87CC1115-9F9C-496B-8551-956A237312FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8E000F59-6042-4C2D-959E-943CA69F333D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8E2AC30E-DE8C-43D7-A711-61A3BCB709AB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{95B2AD8C-4D28-4E65-BC4A-03AE7F1245A6}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{969B63EB-5621-4EFE-97CE-E636FCBC6BA6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9967AF54-1B96-40A4-A197-55B313912B2F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9BA63BCA-731F-434D-BDE9-A407EB805518}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9C17F2FB-6334-4AC1-812C-F6D02D825776}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9E7E26F0-871C-4D95-B5C6-C6ACCF41C662}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A2EC70CC-2B2F-48B6-98ED-5893E720BA58}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ADA24F00-DB11-4D5F-BD93-269EA50F58F7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B0660B11-2015-4447-A772-843EF51A9FDB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B1FD8AF5-443B-4B68-BDD3-442D7B09E59B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B529573A-2B66-4268-A527-C955A8F39AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B5F07F11-37BD-470B-A7D2-F38AE1AD00D1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B9C5E375-AC1E-4809-A08D-48098ABEE25A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BDC727C1-C0F0-4D84-874B-7A8A2023307C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0F6450A-9980-4717-BFD8-F2F34CFA8552}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C32B81C1-06A8-496A-A13C-B7C12EB6D782}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CA756D92-9A59-49E7-900C-C5D31D478FF9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{CF004343-70F5-42B5-82FB-6D02DAE38832}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CFB67214-E563-4EAE-BFA6-9178FCFCE5F3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DF503DC7-74D4-4C51-A1A7-1601A1999561}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E5096293-6622-4C74-891C-F6B0ED8F4727}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E54EDC8F-0505-414A-9E0B-CCB233E0477B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E8B0EC6B-CF3B-4DDC-9681-3E1CAFEED076}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EB86FBDC-3058-4E5E-A97A-DA2F52937E64}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{EEC6E6FC-2C7C-4481-B033-823EAF5DAB2C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F4B84844-3F28-4E46-B232-F8636E1C6B76}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F6A0551C-E161-46CB-8B78-B9BF01A688EC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{FE4D6A62-10CC-4F53-A43D-AEF5D66A36BD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FF698D40-85BB-46D2-91F7-01BAB602E492}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1EE7FAFF-D618-4890-9B3C-2214ED8BCCFA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{40909E29-890F-4C8B-87FB-BD472E911F4F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{4DF4BDF5-E927-425B-9D1D-8AD71ED29F51}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{6A93BFF7-CDE6-4FA7-85C4-55833B56029E}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{D5976E78-08AC-4D22-9976-25CF9272F072}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{EA22C26B-D78E-4D09-A5DE-52EC80CC088C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{F27A99CA-F4D6-4E13-92FC-2349F0F2C729}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{0DBCA38C-6314-493E-8401-1696283763E6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{20A51412-3D58-48D0-9EAD-F1B6D6B527A5}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{2322CC08-052A-4A7F-9FE4-FF3079EEDBE7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7AA4DB34-F18B-421D-B796-A3087D5630E7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{82BFD092-B929-4F76-999E-9ABCCB020DCB}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{B22B2F78-ACBE-4389-80C1-CACE7D701AFE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E5955DC9-2C6A-4762-9079-6BCC05DC76A5}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Driver
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A6A95C2E-D8F9-4A19-8C87-4A0088844396}" = DigitalPersona Personal 3.0.0
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"2EFF310ED3BF3BFB24E6CC25AEB5491813E56803" = Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (06/20/2007 5.0.0004.2)
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PamFax_is1" = PamFax (novaPDF Server OEM 6.3 printer)
"PCSI" = Prevx
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1" = Sothink Video Converter
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{185E5BA3-64B1-4BE2-8326-923D3483CA83}_is1" = Sothink DVD Ripper
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{1961F1D2-A639-49DB-9909-22153B7F4A26}" = TrustKeeper Agent
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F2
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{63581557-EFA1-4D1E-8CD8-E912AC40C865}" = Clone My CD
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C03BEFC-E8BA-4D35-B8DE-EFAA426550D1}" = HP User Guides 0096
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DBA47D0-7BE5-4512-A6DE-D8FF475FD2AF}" = 3531-W-D
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FC18E06-247F-4878-BCC6-A8850F980975}" = muvee autoProducer 6.1
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A75107A3-DB3A-4224-80EB-42F1ED13372B}" = LogMeIn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A869A1DA-9571-4287-B170-4A7246994C84}" = Serif WebPlus 10 Resources
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{BCDDB9D5-8818-420A-B276-5A140639019E}" = Wireless Sync PC Software
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C92A5A89-B218-46F7-8898-77C52113FFE0}" = Adobe Setup
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F27B8353-1F12-4814-B9F2-82A87C438315}" = Clone My DVD
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F74DBE66-5C9F-CCE9-050C-CB3574B4AE77}" = svBuilder
"{F86B6D9F-FA9A-4164-A66A-EAFF7C067272}_is1" = Sothink Video Encoder for Adobe Flash
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_bbef028176efa5abf0233d3e1747be8" = Adobe Fireworks CS3
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AIM_6" = AIM 6
"Any Flv Player_is1" = Any Flv Player 2.5.1
"Artisteer 2" = Artisteer 2
"AVerMedia MCE Encoder x64" = AVerMedia MCE Encoder x64 4.2.1.79
"AVS Image Converter_is1" = AVS Image Converter 1.1.3.71
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Decompile Flash Free Version_is1" = Decompile Flash Free Version 2.0.2.1437
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.90
"Google Calendar Sync" = Google Calendar Sync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Integrated HP Hybrid TV Tuner" = Integrated HP Hybrid TV Tuner 0.0.64.6a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"Picasa 3" = Picasa 3
"PINs 4" = PINs 4
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"STANDARDR" = Microsoft Office Standard 2007
"svBuilder.B6F3C1D6D38B1C756F6811928A0ADD2133895C94.1" = svBuilder
"Trillian" = Trillian
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZAccess Manager" = VZAccess Manager
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1256768010-1201122213-764085576-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2010 9:23:02 PM | Computer Name = draco | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 12.0.6331.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1580 Start Time: 01caaea66e85b120 Termination Time: 7

Error - 2/16/2010 3:57:53 AM | Computer Name = draco | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 2/16/2010 1:52:27 PM | Computer Name = draco | Source = Application Error | ID = 1000
Description = Faulting application Dreamweaver.exe, version 9.0.0.3481, time stamp
0x4600622f, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783,
exception code 0xc015000f, fault offset 0x0005b663, process id 0x1464, application
start time 0x01caaea954d80630.

Error - 2/17/2010 9:26:48 AM | Computer Name = draco | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 2/18/2010 12:51:01 AM | Computer Name = draco | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 2/18/2010 3:03:11 AM | Computer Name = draco | Source = Application Error | ID = 1000
Description = Faulting application Dreamweaver.exe, version 9.0.0.3481, time stamp
0x4600622f, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783,
exception code 0xc015000f, fault offset 0x0005b663, process id 0xd7c, application
start time 0x01caaf909c962f00.

Error - 2/18/2010 3:17:01 AM | Computer Name = draco | Source = Application Error | ID = 1000
Description = Faulting application Dreamweaver.exe, version 9.0.0.3481, time stamp
0x4600622f, faulting module Dreamweaver.exe, version 9.0.0.3481, time stamp 0x4600622f,
exception code 0xc0000005, fault offset 0x001dc8fc, process id 0x1b34, application
start time 0x01cab06a433a5a00.

Error - 2/18/2010 7:16:00 AM | Computer Name = draco | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18226 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12cc Start Time: 01caae8b70ba2a07 Termination Time: 0

Error - 2/18/2010 7:16:53 AM | Computer Name = draco | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 88c Start Time: 01caae95e599b487 Termination Time: 49

Error - 2/18/2010 7:30:21 AM | Computer Name = draco | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

[ DigitalPersona Pro Events ]
Error - 9/2/2008 3:40:18 AM | Computer Name = draco | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 9/3/2008 8:14:48 PM | Computer Name = draco | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 9/3/2008 8:38:36 PM | Computer Name = draco | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 9/4/2008 12:04:50 AM | Computer Name = draco | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 9/4/2008 12:22:47 AM | Computer Name = draco | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 9/4/2008 12:25:58 AM | Computer Name = draco | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 9/4/2008 3:15:14 AM | Computer Name = draco | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 9/4/2008 4:33:28 AM | Computer Name = draco | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 9/4/2008 5:10:46 AM | Computer Name = draco | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 9/4/2008 5:32:11 AM | Computer Name = draco | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

[ Media Center Events ]
Error - 9/25/2008 7:39:39 PM | Computer Name = draco | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/25/2009 11:41:00 PM | Computer Name = draco | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/25/2009 11:39:17 PM | Computer Name = draco | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/29/2009 11:31:16 PM | Computer Name = draco | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/5/2009 11:30:59 PM | Computer Name = draco | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 2:05:35 PM | Computer Name = draco | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/22/2009 2:46:34 AM | Computer Name = draco | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 11/4/2008 7:17:46 PM | Computer Name = draco | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 103459
seconds with 900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/12/2010 4:24:39 PM | Computer Name = draco | Source = Service Control Manager | ID = 7022
Description =

Error - 2/12/2010 4:24:39 PM | Computer Name = draco | Source = Service Control Manager | ID = 7001
Description =

Error - 2/15/2010 4:06:08 PM | Computer Name = draco | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:04:24 PM on 2/15/2010 was unexpected.

Error - 2/15/2010 4:06:10 PM | Computer Name = draco | Source = HTTP | ID = 15016
Description =

Error - 2/15/2010 4:07:46 PM | Computer Name = draco | Source = Service Control Manager | ID = 7022
Description =

Error - 2/15/2010 4:07:47 PM | Computer Name = draco | Source = Service Control Manager | ID = 7001
Description =

Error - 2/18/2010 7:39:35 AM | Computer Name = draco | Source = DCOM | ID = 10010
Description =

Error - 2/18/2010 7:41:29 AM | Computer Name = draco | Source = HTTP | ID = 15016
Description =

Error - 2/18/2010 7:43:23 AM | Computer Name = draco | Source = Service Control Manager | ID = 7022
Description =

Error - 2/18/2010 7:43:24 AM | Computer Name = draco | Source = Service Control Manager | ID = 7001
Description =


< End of report >






#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 20 February 2010 - 03:03 PM

Hi,

do you know these sites, did you add them:
QUOTE
Hosts: 82.165.139.65 dva1.com
Hosts: 74.208.65.215 www.dianadennis.com
Hosts: 74.208.65.245 gem-coins.com
Hosts: 74.208.65.245 www.gem-coins.com
Hosts: 74.208.12.130 bikinisass.com


The log looks pretty good otherwise?

Please run a scan with Malwarebytes next:
.Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 websitewendy

websitewendy
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 20 February 2010 - 04:29 PM

yes, i added those entries to the hosts file ..

I have completed the MB scan .. it was clean.
Malwarebytes' Anti-Malware 1.44
Database version: 3767
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

2/20/2010 1:23:29 PM
mbam-log-2010-02-20 (13-23-29).txt

Scan type: Quick Scan
Objects scanned: 117417
Time elapsed: 14 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



something jumped out at me in the OTL scan ... but it appears old..

[2009/10/05 18:48:08 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/10/01 18:12:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

googling, I found it may be related to Vundo .. which i thought I saw trend reporting finding a while ago .. but I can't find any record of it in trend.
but while checking my trend quarantine, I see it found something 2 days ago .. see attached.

so not knowing how these things work.. my paranoia is, could something have been on here and done some damage and been removed.. maybe a memory based virus ?
since i have about 50 ftp logins stored in my ftp client, I am specifically concerned about anything like gumblar, which as i understand, steals that ftp info to hack the related sites.
Any insight on that type of thing greatly appreciated.

thanks again for your time with this..




Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 20 February 2010 - 04:55 PM

Hi,

gumblar does indeed read your ftp login credentials and uses these to infect the homepages available. So far however I see no sign of you being infected.
You have the advantage of running a 64bit operating system. A lot of malware still isn't compatible with that type of OS.

The file listed in your quarantine is a temporary file. False positives are frequent on these type of files.

The other two files are frequently associated with malware, but are actually clean.
It has been scanned before: http://virscan.org/report/49645079ca7d8242...5b0d5c17f8.html
If you want to be absolutely sure you can upload them to www.virustotal.com to have about 40 ant virus scanner check the file, but I expect the file to be completely clean.

Just to be safe I would also like you to run a scan with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 websitewendy

websitewendy
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 20 February 2010 - 07:21 PM

2 hours 20 minutes .. and it is still running .. (only 19 % completed)
and one threat found ..
probably a variant of Win 32/Adware Agent application
.. i'll be back when it is done..
thanks again !



#8 websitewendy

websitewendy
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 21 February 2010 - 02:00 AM

took 9 hours and found 96 threats sad.gif

should i be worried about the integrity of the ftp sites i have stored ?


C:\SwSetup\Drivers\TVTnr\AVerMedia.exe probably a variant of Win32/Adware.Agent application deleted - quarantined
C:\Users\websitewendy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5da228e8-6c3baaba a variant of Java/TrojanDownloader.Agent.NAD trojan deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\index.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\javascript\tiny_mce\plugins\ibrowser\index.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\javascript\tiny_mce\plugins\ibrowser\images\index.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\javascript\tiny_mce\plugins\ibrowser\temp\index.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\english\index_new.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\english\help\doc\index.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\english\help\doc\index5.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\english\help\et\index4.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\espanol\index_new.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\espanol\help\doc\index.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\espanol\help\doc\index2.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\espanol\help\doc\index3.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\espanol\help\et\index2.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\espanol\help\et\index3.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\espanol\help\et\index4.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\espanol\help\et\index5.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\french\index.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\french\index_new.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\french\help\et\index.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\french\help\et\index3.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\french\help\et\index4.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\french\help\et\index5.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\german\index_new.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\german\help\doc\index4.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\admin\includes\languages\german\help\et\index3.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\includes\languages\english\index.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\includes\languages\english\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\includes\languages\german\index.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\includes\modules\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\includes\modules\payment\paypal\templates\default.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\0078\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\0078\mainpage_modules\default_specials.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\0078\mainpage_modules\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\content\index_default.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\content\index_nested.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\content\index_products.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\default\mainpage_modules\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\default\mainpage_modules\main_categories.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\E-vector_B2B\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\E-vector_B2B\mainpage_modules\default_specials.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\E-vector_B2B\mainpage_modules\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\Helius1_B2B\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\Original1_B2B\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\Original_B2B\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\Original_B2B\mainpage_modules\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\Original_B2B\mainpage_modules\main_categories.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\Pixame_v1_B2B\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\httpdocs\templates\Pixame_v1_B2B\mainpage_modules\main_categories.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\index.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\javascript\tiny_mce\plugins\ibrowser\index.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\javascript\tiny_mce\plugins\ibrowser\images\index.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\javascript\tiny_mce\plugins\ibrowser\temp\index.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\english\index_new.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\english\help\doc\index.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\english\help\doc\index5.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\english\help\et\index4.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\espanol\index_new.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\espanol\help\doc\index.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\espanol\help\doc\index2.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\espanol\help\doc\index3.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\espanol\help\et\index2.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\espanol\help\et\index3.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\espanol\help\et\index4.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\espanol\help\et\index5.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\french\index.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\french\index_new.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\french\help\et\index.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\french\help\et\index3.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\french\help\et\index4.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\french\help\et\index5.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\german\index_new.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\german\help\doc\index4.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\admin\includes\languages\german\help\et\index3.html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\includes\languages\english\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\includes\modules\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\includes\modules\payment\paypal\templates\default.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\0078\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\0078\mainpage_modules\default_specials.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\0078\mainpage_modules\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\content\index_default.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\content\index_nested.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\content\index_products.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\default\mainpage_modules\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\default\mainpage_modules\main_categories.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\E-vector_B2B\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\E-vector_B2B\mainpage_modules\default_specials.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\E-vector_B2B\mainpage_modules\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\Helius1_B2B\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\Original1_B2B\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\Original_B2B\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\Original_B2B\mainpage_modules\mainpage.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\Original_B2B\mainpage_modules\main_categories.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\Pixame_v1_B2B\main_page.tpl.php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\websitewendy\Desktop\sites\remsinfo.com\subdomains\rems2\httpdocs\templates\Pixame_v1_B2B\mainpage_modules\main_categories.php HTML/Iframe.B.Gen virus deleted - quarantined


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 21 February 2010 - 09:26 AM

Hi,

it could be that the detection by Eset are false positives, is there a javascript part that is common to all the deleted files? Maybe you could check the files in your editor and see whether any unknown code is present in it?

Another possibility is to upload one of the files to virustotal.com and see if other Anti virus programs detect the files as well?

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.


Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 websitewendy

websitewendy
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 21 February 2010 - 12:55 PM

a bit paranoid, if i select one item in the quarantine list, will it just restore that file so i can test it, or will it restor them all ?

and though most of those are from the same domain, these two are definitely not related..

C:\SwSetup\Drivers\TVTnr\AVerMedia.exe probably a variant of Win32/Adware.Agent application deleted - quarantined

C:\Users\websitewendy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5da228e8-6c3baaba a variant of Java/TrojanDownloader.Agent.NAD trojan

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 21 February 2010 - 01:54 PM

Hi,

the first is probably a false positive. You should be able to restore a single file, if you need it back. The second file is a temporary file in java cache. You don't need it anymore and it will be hard to determine if the file posed a threat to you or not.

I was referring to the HTML/Iframe.B.Gen detection in your (?) webpages.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 websitewendy

websitewendy
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 21 February 2010 - 08:03 PM

I restored and scanned one of the website files ESET quarantined
Scan finished. 4 out of 20 scanners reported malware

[Avast! antivirus] 2010-02-21 HTML:Illiframe

[CPsecure] 2010-02-21 Troj.Clicker.HTML.IFrame.js

[G DATA] 2010-02-22 HTML:Illiframe

[ESET NOD32] 2010-02-21 HTML/Iframe.B.Gen


this is a backup of a client's site .. not one i work on, but could it have done anything locally or how/what would they have done ?









#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 22 February 2010 - 12:48 PM

Hi,

there are infections that will inject an iframe into any html or php file it finds on th system. However from the looks of it, I suspect that it is a false positive and that your html files are not infected.
You can send in the file to Eset for example: Send in False Positives and see what they reply.

If you want to have a complete backup of the site, I suggest that you restore all the files Eset quarantined on your Desktop.

You also have some outdated software that should be update:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

Let me know if you run into any problems.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 websitewendy

websitewendy
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 26 February 2010 - 12:29 PM

sorry for the delayed reply..
i'm still not sure things are 100% clean, but i have some new tools now to keep an eye on things.


thank you so much for your assistance.



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:52 PM

Posted 26 February 2010 - 03:58 PM

Hi,

ok, then as a last step please remove the tools we used:
Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  2. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  3. Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!

Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users