Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers Hijacked Cannot Update Windows - Hijack This Log Included


  • This topic is locked This topic is locked
54 replies to this topic

#1 NHGuy

NHGuy

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 19 February 2010 - 11:19 AM

Hi everyone,

I've been working on this problem since I got it yesterday morning: Both Firefox and IE get re-directed. Not always but from certain websites. Also Windows update has just started to repeatedly fail. I've have tried AVG, Avirus, Malwarebytes, MS Malware remover, ADaware, Spybot, CWshedder and a much more with no success. Please HELP! Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:37 AM, on 2/19/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Owner\Desktop\Virus Problem\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/news?FORM=Z9LH6
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E00315CF-CC3E-42CD-B6FF-E164438EFBDC} - (no file)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: hl_simple.dll,avgrsstx.dll
O20 - Winlogon Notify: ssqpnll - ssqpnll.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LDVGONHT - Lavasoft AB - (no file)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6876 bytes

I've also attached this log file.

Thank you

Edited by NHGuy, 19 February 2010 - 01:37 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 20 February 2010 - 02:09 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 20 February 2010 - 05:30 PM

Hi myrti,

Thanks so much for getting back to me. Thinks here are getting worst. My Internet browsers (IE & Firefox) seem to have a mind of their own! Some sites are re-directed some are not. And some are not for a second or two and then a new site opens up in its place. It seems particularly against any microsoft site. I cannot even perform a daily windows update. It connects for a few seconds and then hangs until it stops with an error message!

The PC takes along time to turn on and a long term to get on the Internet. OK enough. Below is a the info you requested. I have also included the latest Hijack This log file (logfile3). Here goes and thanks again for what appears to be an impossible situation.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:58 PM, on 2/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\svchost.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E00315CF-CC3E-42CD-B6FF-E164438EFBDC} - (no file)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: hl_simple.dll,avgrsstx.dll
O20 - Winlogon Notify: ssqpnll - ssqpnll.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LDVGONHT - Lavasoft AB - (no file)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9015 bytes


OTL logfile created on: 2/20/2010 4:56:34 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.11 Gb Total Space | 28.81 Gb Free Space | 19.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.04 Gb Total Space | 130.32 Gb Free Space | 87.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 16:54:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/02/19 10:47:28 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2010/02/18 21:31:49 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/18 21:31:49 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/24 22:12:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/24 22:10:32 | 011,944,112 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/23 15:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/08 20:18:10 | 026,805,255 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/09/13 18:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/09/01 06:38:47 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/01 06:38:47 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/01 06:38:43 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/01 06:38:40 | 002,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/01 06:38:37 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/09/01 06:38:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/02 17:36:52 | 000,203,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 01:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/21 21:18:54 | 000,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/04/28 05:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/01/19 02:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2006/12/19 08:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\IoctlSvc.exe
PRC - [2006/11/22 20:45:28 | 000,425,648 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2006/11/22 20:08:12 | 000,409,264 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2006/11/20 15:15:14 | 000,446,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2006/11/09 13:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 04:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 16:54:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2009/12/23 16:11:18 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/09/01 06:38:47 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/03/29 23:42:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll
MOD - [2007/04/22 17:12:44 | 000,018,432 | ---- | M] () -- C:\Windows\System32\hl_simple.dll
MOD - [2007/01/19 09:13:58 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\detoured.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (THAS)
SRV - File not found [On_Demand | Stopped] -- -- (RBKKM)
SRV - File not found [On_Demand | Stopped] -- -- (LDVGONHT)
SRV - [2010/02/18 21:31:49 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/23 15:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/13 17:56:46 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/21 15:36:02 | 000,545,568 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/01 06:38:37 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/09/01 06:38:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/21 21:18:54 | 000,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c99493f0cdb976) Google Update Service (gupdate1c99493f0cdb976)
SRV - [2008/12/12 07:31:10 | 000,537,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/12/02 14:29:52 | 000,877,864 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 02:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/06/21 00:25:50 | 000,606,208 | ---- | M] (ATI Technologies Inc.) [Disabled | Stopped] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/04/25 18:12:14 | 000,237,568 | ---- | M] (SOFTWIN S.R.L.) [Disabled | Stopped] -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2006/12/19 08:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/22 20:45:28 | 000,425,648 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/09/12 11:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/07/20 15:54:28 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/12/07 16:18:28 | 000,073,728 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/08 06:23:29 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/01 06:38:47 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/01 06:38:47 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/18 20:14:47 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/18 18:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/06/18 18:48:04 | 000,042,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/06/10 14:35:53 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/06/04 13:35:58 | 000,182,456 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pfmfs_2D5.sys -- (pfmfs_2D5)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 01:32:26 | 000,019,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atapi.sys -- (atapi)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/20 06:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/17 13:17:17 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/12/17 13:17:16 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/08/29 18:32:26 | 000,036,736 | ---- | M] (Advanced Card Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a38ccid.sys -- (A38CCID)
DRV - [2008/07/29 04:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/06/21 00:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/21 00:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/19 21:26:58 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/06/19 21:26:54 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/06/19 21:26:52 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/04/10 09:08:46 | 000,596,480 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov550i.sys -- (APL531)
DRV - [2007/03/08 16:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2006/11/21 22:24:46 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/11/08 22:09:24 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 22:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/09/16 17:23:06 | 000,047,360 | ---- | M] (DigitalPersona®, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbdpfp.sys -- (usbdpfp)
DRV - [2006/08/31 09:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/05/18 03:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/02/14 13:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/10/11 06:17:32 | 000,031,872 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CyUsb.sys -- (CyUsb)
DRV - [2005/09/27 18:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2005/06/09 20:07:52 | 000,041,344 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/07/29 19:35:52 | 000,031,654 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)
DRV - [2004/04/13 16:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/03/17 06:00:00 | 000,044,256 | ---- | M] (Accapella Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CoachVc.sys -- (CoachVc)
DRV - [2004/03/17 05:59:56 | 000,046,944 | ---- | M] (FotoNation Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CoachUsb.sys -- (CoachUsb)
DRV - [2001/04/19 03:26:20 | 000,016,112 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Print Server\BIADMIN\PCANDIS4.SYS -- (PCANDIS4)
DRV - [2000/06/22 00:52:42 | 000,047,232 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serport.sys -- (Serport)
DRV - [2000/04/05 19:43:30 | 000,107,464 | ---- | M] (Alaris, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DVC2USB.sys -- (DCamUSBAlaris)
DRV - [1999/01/10 06:00:00 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DLPortIO.sys -- (DLPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\S-1-5-21-2488973047-2308359479-2647972124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\S-1-5-21-2488973047-2308359479-2647972124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?hl=en&tab=iw"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {21d9fc16-931c-4295-b8cf-f01c16168089}:0.7.5
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.3
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.foxtor.browser.search.update: false
FF - prefs.js..extensions.foxtor.network.proxy.http: ""
FF - prefs.js..extensions.foxtor.network.proxy.http_port: 0
FF - prefs.js..extensions.foxtor.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.foxtor.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.foxtor.network.proxy.type: 0
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/01 06:39:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/18 15:23:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2010/01/05 21:36:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/17 20:24:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/24 22:12:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/02/18 23:08:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/12/09 20:06:11 | 000,000,000 | ---D | M]

[2010/01/11 18:44:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/01/11 18:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/02/19 15:23:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions
[2010/01/09 18:58:07 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/12/10 04:59:27 | 000,000,000 | ---D | M] (PatentlyUseful For The USPTO) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{21d9fc16-931c-4295-b8cf-f01c16168089}
[2009/10/19 21:39:18 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/06/17 18:14:29 | 000,000,000 | ---D | M] (HamInfoBar Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{380d8a93-650c-4c55-8c93-3a3dce49af12}(150)
[2010/02/09 07:02:02 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2007/11/25 18:57:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{7adf87fb-c108-4a73-8135-1cca9779fb5b}
[2007/11/25 15:02:40 | 000,000,000 | ---D | M] (HamLinks Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{7adf87fb-c108-4a73-8135-1cca9779fb5b}(141)
[2009/12/30 19:49:46 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2008/06/17 18:14:30 | 000,000,000 | ---D | M] (Sage) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}(152)
[2007/11/25 15:02:38 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(142)
[2008/06/18 20:33:10 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(153)
[2010/01/24 22:13:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2007/11/25 15:02:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(143)
[2010/01/09 18:58:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007/11/25 15:02:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(144)
[2008/06/18 20:33:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(154)
[2010/02/03 17:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2007/11/25 15:02:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\filtersetg@updater(140)
[2009/07/15 07:36:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\hidenavbar@jaybaldwin
[2010/02/03 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\linkalert.conlan@addons.mozilla.com
[2009/12/10 04:59:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\max@subfighter.com
[2008/11/18 19:46:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\secureLogin@blueimp.net
[2009/06/22 20:46:33 | 000,000,682 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\ask.xml
[2008/01/13 17:18:48 | 000,000,981 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\askcom.xml
[2009/06/14 20:53:15 | 000,002,164 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\bing.xml
[2007/10/09 18:51:35 | 000,005,349 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\clusty.xml
[2007/11/08 18:59:11 | 000,001,793 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\filetubecom.xml
[2007/10/21 18:30:31 | 000,002,312 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\hakia.xml
[2009/07/17 14:20:12 | 000,002,525 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\juice.xml
[2007/10/09 18:52:53 | 000,000,858 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\searchmash.xml
[2007/09/02 07:33:33 | 000,002,386 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\siteadvisor.xml
[2007/11/01 18:59:11 | 000,003,547 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\technorati-search.xml
[2010/02/19 15:22:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/24 20:59:27 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/02/20 13:56:44 | 000,342,540 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11345 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E00315CF-CC3E-42CD-B6FF-E164438EFBDC} - No CLSID value found.
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000..\Run: [MRC] C:\Program Files\PC Tune-Up\PCTuneUp.exe (Large Software)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NARDat = 0
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (hl_simple.dll) - C:\Windows\System32\hl_simple.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ssqpnll: DllName - ssqpnll.dll - File not found
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\x-35.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\x-35.jpg
O30 - LSA: Authentication Packages - (C:\Windows\system32\awvtq.dll) - C:\Windows\System32\awvtq.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/01 21:11:57 | 000,000,000 | ---D | M] - C:\AutoRuns Utility -- [ NTFS ]
O33 - MountPoints2\{0c1137d8-ffd5-11dc-8577-0016d490f247}\Shell\AutoRun\command - "" = G:\PMB_Portable.exe -- File not found
O33 - MountPoints2\{64d9dd67-a196-11dc-9b45-0016d490f247}\Shell\AutoRun\command - "" = G:\LargeS~1.exe -- File not found
O33 - MountPoints2\{64d9dd67-a196-11dc-9b45-0016d490f247}\Shell\open\command - "" = G:\LargeS~1.exe -- File not found
O33 - MountPoints2\{64d9dd6c-a196-11dc-9b45-0016d490f247}\Shell - "" = AutoRun
O33 - MountPoints2\{64d9dd6c-a196-11dc-9b45-0016d490f247}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c1405e4a-0e36-11de-ad24-86c842a4826d}\Shell - "" = AutoRun
O33 - MountPoints2\{c1405e4a-0e36-11de-ad24-86c842a4826d}\Shell\AutoRun\command - "" = E:\MuzeeApp.exe -- File not found
O33 - MountPoints2\{c7586c03-1185-11df-89da-851cf5d97364}\Shell - "" = AutoRun
O33 - MountPoints2\{c7586c03-1185-11df-89da-851cf5d97364}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/03/19 19:40:40 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GPLog.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GreenPrint Printer Notify.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GreenPrint TrayIcon.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk - C:\Program Files\eFax Messenger 4.4\J2GTray.exe - (j2 Global Communications, Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeUpdater - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CarMD - hkey= - key= - C:\Program Files\CarMD\CarMD.exe (CarMD.com Corp)
MsConfig - StartUpReg: DPAgnt - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: eFax 4.4 - hkey= - key= - C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: GPPrinterNotify - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MRC - hkey= - key= - C:\Program Files\PC Tune-Up\PCTuneUp.exe (Large Software)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig - StartUpReg: SynTPStart - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - File not found
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - msh263.drv File not found
Drivers32: VIDC.JPEG - C:\Windows\System32\JpegCode.dll (Zoran Microelectronics Ltd.)
Drivers32: VIDC.MJPG - C:\Windows\System32\JpegCode.dll (Zoran Microelectronics Ltd.)
Drivers32: VIDC.MP42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.VGPX - C:\Windows\System32\vgpix32d.dll (Alaris, Inc.)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.Y411 - C:\Windows\System32\icmyuy2.dll (Alaris, Inc.)
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2011/08/31 23:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CraftEdge
[2010/02/20 16:54:34 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/02/20 13:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/02/20 13:55:08 | 000,502,168 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Owner\Desktop\SpyHunter-Installer.exe
[2010/02/20 07:45:50 | 365,230,920 | ---- | C] (Microsoft Corporation) -- C:\Users\Owner\Desktop\Windows6.0-KB948465-X86.exe
[2010/02/19 15:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/02/19 15:24:38 | 009,034,488 | ---- | C] (Microsoft Corporation) -- C:\Users\Owner\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/02/19 10:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/19 10:46:51 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThisInstaller.exe
[2010/02/19 10:12:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus Problem
[2010/02/19 08:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\Cookienator
[2010/02/18 21:32:12 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/02/18 21:32:07 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/02/18 21:30:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/17 20:00:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Eltima Software
[2010/02/17 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\FILEminimizerPictures
[2010/02/16 21:58:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Stellarium
[2010/02/16 20:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nano-Hive
[2010/02/16 20:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Stellarium
[2010/02/15 17:14:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\inkscape
[2010/02/15 16:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2010/02/12 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\thecleaner
[2010/02/12 11:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\The Cleaner
[2010/02/11 21:49:23 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\Turning MSI Wind Into a MAC
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\Toshiba Netbook Possible solution
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\Sansa Media Converter
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\My Garmin
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\My Games
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\My Digital Editions
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\JFC Firefox bookmarks 17Jan10
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\InterVideo
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\Flight Simulator X Files
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\Downloads
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\AnyBizSoft PDF to Word
[2010/02/11 06:45:16 | 000,000,000 | ---D | C] -- E:\Users\Owner\Documents\1AVCapture
[2010/02/10 08:58:37 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 08:58:37 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 08:58:32 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 08:58:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 08:58:31 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 08:58:31 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/03 17:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/02/03 16:35:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/02/03 16:35:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/02/03 16:35:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/31 21:31:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder
[2010/01/27 13:48:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\For sale Jan2010
[2010/01/26 08:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\AnyBizSoft
[2010/01/22 07:48:41 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/22 07:48:39 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 07:48:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/01/22 07:48:34 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/01/21 18:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/20 17:01:50 | 009,961,472 | ---- | M] () -- C:\Users\Owner\ntuser.dat
[2010/02/20 16:54:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/02/20 16:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/20 15:10:02 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/20 15:10:02 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/20 13:56:44 | 000,342,540 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/20 13:55:29 | 000,502,168 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Owner\Desktop\SpyHunter-Installer.exe
[2010/02/20 13:12:26 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/02/20 13:10:37 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/02/20 13:10:14 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/20 13:10:14 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/02/20 13:10:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/20 13:09:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/20 10:34:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/20 10:33:53 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TMContainer00000000000000000001.regtrans-ms
[2010/02/20 10:33:53 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TM.blf
[2010/02/20 10:33:38 | 003,908,310 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/02/20 08:00:38 | 365,230,920 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\Desktop\Windows6.0-KB948465-X86.exe
[2010/02/19 15:25:37 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/02/19 15:25:30 | 009,034,488 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/02/19 10:46:59 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThisInstaller.exe
[2010/02/19 09:50:26 | 000,002,101 | ---- | M] () -- C:\Users\Owner\Desktop\Call of Duty 4 - Modern Warfare.lnk
[2010/02/18 21:32:05 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/02/18 21:32:02 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/02/18 21:30:40 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/02/18 20:19:10 | 001,311,906 | ---- | M] () -- E:\Users\Owner\Documents\Icom R71 bobsamerica-com_r71a-mods-html_aefw5glm.pdf
[2010/02/18 19:33:57 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/02/18 07:18:29 | 000,020,480 | ---- | M] () -- E:\Users\Owner\Documents\It was late afternoon when all the participants in this case exited the courtroom and were presented with a surprising spectacle.doc
[2010/02/17 20:32:01 | 055,784,199 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/17 19:52:39 | 000,000,417 | ---- | M] () -- C:\Users\Owner\Desktop\Downloads C.lnk
[2010/02/17 12:33:20 | 002,984,302 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/17 12:33:20 | 000,993,586 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/17 12:33:20 | 000,954,886 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/17 10:01:07 | 000,093,696 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 20:58:17 | 000,000,702 | ---- | M] () -- C:\Users\Owner\HiveKeeper.ini
[2010/02/16 20:56:53 | 000,000,159 | ---- | M] () -- C:\Users\Owner\HK_Simulation.ini
[2010/02/16 20:56:50 | 000,001,052 | ---- | M] () -- C:\Users\Owner\Desktop\HiveKeeper.lnk
[2010/02/16 20:56:46 | 000,001,140 | ---- | M] () -- C:\Users\Owner\Desktop\Nano-Hive.lnk
[2010/02/16 15:16:03 | 002,475,437 | ---- | M] () -- E:\Users\Owner\Documents\Westinghouse LTV-32W1 User_Manual.pdf
[2010/02/16 15:14:44 | 000,719,060 | ---- | M] () -- E:\Users\Owner\Documents\Westinghouse LTV-32W2 User_Manual.pdf
[2010/02/15 18:17:56 | 000,002,404 | ---- | M] () -- C:\Users\Owner\.recently-used.xbel
[2010/02/15 17:05:43 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2010/02/15 16:51:30 | 002,044,802 | ---- | M] () -- E:\Users\Owner\Documents\Convert-a-JPEG-to-a-svg-file Tutorial.pdf
[2010/02/15 09:03:04 | 001,401,451 | ---- | M] () -- E:\Users\Owner\Documents\A Pilots Guide to Online Air Combat.pdf
[2010/02/14 09:44:47 | 000,000,697 | ---- | M] () -- C:\Windows\System32\PCTuneUp.config
[2010/02/12 11:20:33 | 000,000,381 | ---- | M] () -- C:\Users\Owner\Desktop\Downloads E.lnk
[2010/02/12 10:30:22 | 000,036,180 | ---- | M] () -- C:\Users\Owner\Desktop\Amex Shane Due 24Feb2010.jpg
[2010/02/11 20:28:28 | 000,012,099 | ---- | M] () -- E:\Users\Owner\Documents\Chase 1559 13Feb10.pdf
[2010/02/11 06:33:47 | 000,001,304 | ---- | M] () -- C:\Users\Owner\Desktop\Important Documents DO NOT Erase - Shortcut.lnk
[2010/02/10 19:34:44 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TMContainer00000000000000000002.regtrans-ms
[2010/02/10 19:19:06 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TMContainer00000000000000000001.regtrans-ms
[2010/02/10 19:19:06 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TM.blf
[2010/02/09 06:56:25 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/02/04 07:19:13 | 000,036,655 | ---- | M] () -- E:\Users\Owner\Documents\Discover Card_ Feb 11 2010 Payment.pdf
[2010/02/03 17:43:41 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/02/03 11:47:57 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/02/01 19:51:14 | 000,000,873 | ---- | M] () -- C:\Users\Owner\Desktop\Slide Conversions - Shortcut.lnk
[2010/01/30 23:09:45 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TMContainer00000000000000000002.regtrans-ms
[2010/01/30 23:04:09 | 000,046,116 | ---- | M] () -- E:\Users\Owner\Documents\Etrade Tax Info tax yr 2009.pdf
[2010/01/30 22:13:04 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TMContainer00000000000000000002.regtrans-ms
[2010/01/30 22:13:04 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TMContainer00000000000000000001.regtrans-ms
[2010/01/30 22:13:04 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TM.blf
[2010/01/30 22:03:22 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{cce6cca5-fdf4-11de-a15f-abde2c998365}.TMContainer00000000000000000001.regtrans-ms
[2010/01/30 22:03:22 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{cce6cca5-fdf4-11de-a15f-abde2c998365}.TM.blf
[2010/01/29 17:06:39 | 003,200,320 | R--- | M] () -- C:\Users\Owner\Desktop\ham mag 13.pdf
[2010/01/29 14:26:01 | 000,810,570 | ---- | M] () -- E:\Users\Owner\Documents\Repairing Laptop Battery Pack.pdf
[2010/01/27 22:15:53 | 003,441,467 | R--- | M] () -- E:\Users\Owner\Documents\Sony XV-AL100 User Manual.pdf
[2010/01/26 08:09:11 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\AnyBizSoft PDF to Word.lnk
[2010/01/23 22:38:37 | 000,021,504 | ---- | M] () -- E:\Users\Owner\Documents\Gettimg Email.doc
[2010/01/21 18:59:00 | 000,000,771 | ---- | M] () -- C:\Users\Owner\Desktop\nLite.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/20 07:25:17 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/02/19 15:25:37 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/02/19 07:50:36 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/02/19 07:30:05 | 000,000,960 | ---- | C] () -- C:\Users\Owner\Desktop\Internet Explorer.lnk
[2010/02/18 21:30:40 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/02/18 20:19:03 | 001,311,906 | ---- | C] () -- E:\Users\Owner\Documents\Icom R71 bobsamerica-com_r71a-mods-html_aefw5glm.pdf
[2010/02/18 19:33:57 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/02/18 07:18:28 | 000,020,480 | ---- | C] () -- E:\Users\Owner\Documents\It was late afternoon when all the participants in this case exited the courtroom and were presented with a surprising spectacle.doc
[2010/02/17 19:52:39 | 000,000,417 | ---- | C] () -- C:\Users\Owner\Desktop\Downloads C.lnk
[2010/02/16 20:56:53 | 000,000,159 | ---- | C] () -- C:\Users\Owner\HK_Simulation.ini
[2010/02/16 20:56:51 | 000,000,702 | ---- | C] () -- C:\Users\Owner\HiveKeeper.ini
[2010/02/16 20:56:50 | 000,001,052 | ---- | C] () -- C:\Users\Owner\Desktop\HiveKeeper.lnk
[2010/02/16 20:56:46 | 000,001,140 | ---- | C] () -- C:\Users\Owner\Desktop\Nano-Hive.lnk
[2010/02/16 15:16:03 | 002,475,437 | ---- | C] () -- E:\Users\Owner\Documents\Westinghouse LTV-32W1 User_Manual.pdf
[2010/02/16 15:14:44 | 000,719,060 | ---- | C] () -- E:\Users\Owner\Documents\Westinghouse LTV-32W2 User_Manual.pdf
[2010/02/15 18:17:56 | 000,002,404 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2010/02/15 17:05:43 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2010/02/15 16:51:30 | 002,044,802 | ---- | C] () -- E:\Users\Owner\Documents\Convert-a-JPEG-to-a-svg-file Tutorial.pdf
[2010/02/15 08:58:13 | 001,401,451 | ---- | C] () -- E:\Users\Owner\Documents\A Pilots Guide to Online Air Combat.pdf
[2010/02/12 11:20:33 | 000,000,381 | ---- | C] () -- C:\Users\Owner\Desktop\Downloads E.lnk
[2010/02/12 10:30:22 | 000,036,180 | ---- | C] () -- C:\Users\Owner\Desktop\Amex Shane Due 24Feb2010.jpg
[2010/02/11 20:28:24 | 000,012,099 | ---- | C] () -- E:\Users\Owner\Documents\Chase 1559 13Feb10.pdf
[2010/02/11 06:45:19 | 000,288,779 | ---- | C] () -- E:\Users\Owner\Documents\USS Manchester History.pdf
[2010/02/11 06:45:18 | 017,718,029 | ---- | C] () -- E:\Users\Owner\Documents\tims case.wma
[2010/02/11 06:45:18 | 003,441,467 | R--- | C] () -- E:\Users\Owner\Documents\Sony XV-AL100 User Manual.pdf
[2010/02/11 06:45:18 | 002,531,312 | R--- | C] () -- E:\Users\Owner\Documents\RM_Kit.pdf
[2010/02/11 06:45:17 | 001,177,359 | ---- | C] () -- E:\Users\Owner\Documents\Narnia Prince Caspian Walkthrough.pdf
[2010/02/11 06:45:17 | 000,866,136 | ---- | C] () -- E:\Users\Owner\Documents\Motorola Cordless Phone MD750Series User Manual.pdf
[2010/02/11 06:45:17 | 000,810,570 | ---- | C] () -- E:\Users\Owner\Documents\Repairing Laptop Battery Pack.pdf
[2010/02/11 06:45:17 | 000,540,360 | ---- | C] () -- E:\Users\Owner\Documents\Rest Cert Club 59.pdf
[2010/02/11 06:45:17 | 000,104,309 | ---- | C] () -- E:\Users\Owner\Documents\HP Photosmart C3180 All-in-...pdf
[2010/02/11 06:45:17 | 000,098,417 | ---- | C] () -- E:\Users\Owner\Documents\Hertz FL Car Priceline agreement.pdf
[2010/02/11 06:45:17 | 000,067,840 | ---- | C] () -- E:\Users\Owner\Documents\Q8376A C4759 Specs.pdf
[2010/02/11 06:45:17 | 000,049,305 | ---- | C] () -- E:\Users\Owner\Documents\Narnia Prince Caspian Unlockables.pdf
[2010/02/11 06:45:17 | 000,021,504 | ---- | C] () -- E:\Users\Owner\Documents\Gettimg Email.doc
[2010/02/11 06:45:17 | 000,020,480 | ---- | C] () -- E:\Users\Owner\Documents\FRG-7 Cap List.doc
[2010/02/11 06:45:16 | 001,726,464 | ---- | C] () -- E:\Users\Owner\Documents\3210Binstructions.doc
[2010/02/11 06:45:16 | 000,532,359 | ---- | C] () -- E:\Users\Owner\Documents\Dining Cert Saunders.pdf
[2010/02/11 06:45:16 | 000,046,116 | ---- | C] () -- E:\Users\Owner\Documents\Etrade Tax Info tax yr 2009.pdf
[2010/02/11 06:45:16 | 000,036,655 | ---- | C] () -- E:\Users\Owner\Documents\Discover Card_ Feb 11 2010 Payment.pdf
[2010/02/10 19:20:47 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TMContainer00000000000000000002.regtrans-ms
[2010/02/10 19:20:47 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TMContainer00000000000000000001.regtrans-ms
[2010/02/10 19:20:47 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TM.blf
[2010/02/09 06:56:25 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 17:43:41 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/02/01 19:51:14 | 000,000,873 | ---- | C] () -- C:\Users\Owner\Desktop\Slide Conversions - Shortcut.lnk
[2010/01/30 22:14:53 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TMContainer00000000000000000002.regtrans-ms
[2010/01/30 22:14:53 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TMContainer00000000000000000001.regtrans-ms
[2010/01/30 22:14:53 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TM.blf
[2010/01/30 22:05:22 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TMContainer00000000000000000002.regtrans-ms
[2010/01/30 22:05:22 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TMContainer00000000000000000001.regtrans-ms
[2010/01/30 22:05:22 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TM.blf
[2010/01/29 17:06:44 | 003,200,320 | R--- | C] () -- C:\Users\Owner\Desktop\ham mag 13.pdf
[2010/01/26 08:09:11 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\AnyBizSoft PDF to Word.lnk
[2010/01/21 18:59:00 | 000,000,771 | ---- | C] () -- C:\Users\Owner\Desktop\nLite.lnk
[2010/01/09 15:45:44 | 000,068,608 | ---- | C] () -- C:\Windows\System32\Iforce2.dll
[2009/12/10 19:19:03 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/10 19:19:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/10 19:19:00 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/10 19:19:00 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/10 19:18:57 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/10 19:18:57 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/10/24 20:01:50 | 000,042,132 | ---- | C] () -- C:\Windows\XF2000.INI
[2009/10/15 21:23:20 | 000,000,583 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\A-OK! MCC Preferences
[2009/10/15 21:17:46 | 000,002,442 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\A-OK! WoM.ini
[2009/08/10 20:58:21 | 000,002,516 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/08/10 20:58:21 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\9B234576CB.sys
[2009/08/05 21:36:46 | 000,000,117 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\default.pls
[2009/07/18 20:14:47 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/05/30 20:43:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/30 20:42:45 | 000,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2009/04/20 14:42:35 | 000,000,024 | ---- | C] () -- C:\Windows\mtcap.ini
[2009/04/09 04:14:30 | 000,910,368 | ---- | C] () -- C:\Windows\System32\OWL52T.DLL
[2009/03/11 07:31:54 | 000,221,184 | ---- | C] () -- C:\Windows\System32\DSPlayer.dll
[2008/10/21 20:52:56 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2008/08/27 13:57:40 | 000,000,145 | ---- | C] () -- C:\Windows\HRDLog001.INI
[2008/08/26 09:36:51 | 000,000,340 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/07/29 19:57:15 | 000,000,082 | ---- | C] () -- C:\Users\Owner\AppData\Local\X-Plane Installer.prf
[2008/07/29 19:25:20 | 000,000,015 | ---- | C] () -- C:\Users\Owner\AppData\Local\x-plane_install.txt
[2008/07/27 19:25:07 | 000,000,021 | ---- | C] () -- C:\Windows\xinorbis3.ini
[2008/07/26 22:04:24 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/06/01 09:02:04 | 000,081,920 | ---- | C] () -- C:\Windows\asr32311.dll
[2008/05/31 05:05:12 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\8D99CD0B3E.dll
[2008/05/26 19:58:10 | 000,000,101 | ---- | C] () -- C:\Windows\Crypkey.ini
[2008/05/26 19:58:01 | 000,031,654 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2008/05/26 19:58:01 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2008/05/22 18:34:54 | 000,000,004 | ---- | C] () -- C:\Windows\startup_BBCP.ini
[2008/05/18 12:28:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\PRTSERV.dll
[2008/05/18 08:44:19 | 000,000,805 | ---- | C] () -- C:\Windows\Common.ini
[2008/05/08 20:54:25 | 000,000,117 | ---- | C] () -- C:\Windows\wizardgui.INI
[2008/05/05 19:36:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspp6.dll
[2008/05/05 19:36:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspp5.dll
[2008/05/05 19:36:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspm6.dll
[2008/05/05 19:36:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspm5.dll
[2008/05/05 19:36:28 | 000,033,280 | ---- | C] () -- C:\Windows\System32\dsppX.dll
[2008/05/05 19:36:28 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008/05/05 19:36:28 | 000,004,608 | ---- | C] () -- C:\Windows\System32\DSP.dll
[2008/04/29 18:34:35 | 000,000,130 | ---- | C] () -- C:\Windows\ScreenHunter.INI
[2008/04/25 08:52:22 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/03/18 07:38:15 | 000,000,161 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/20 22:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2008/02/09 16:44:16 | 000,003,584 | ---- | C] () -- C:\Windows\System32\drivers\DLPortIO.sys
[2007/10/28 17:40:34 | 000,000,000 | ---- | C] () -- C:\Windows\R_Meteor.INI
[2007/10/28 16:52:18 | 000,000,000 | ---- | C] () -- C:\Windows\BeaconSee.INI
[2007/10/27 17:44:07 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/10/27 16:50:25 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2007/10/22 18:24:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/09/09 12:36:45 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2007/08/10 18:17:32 | 000,000,208 | RHS- | C] () -- C:\Windows\System32\sysbkchx.sys
[2007/08/10 16:12:58 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2007/07/25 21:23:47 | 000,003,840 | ---- | C] () -- C:\Windows\System32\drivers\BANTExt.sys
[2007/07/04 08:37:01 | 000,000,336 | ---- | C] () -- C:\Windows\SCANREC.INI
[2007/05/25 13:04:11 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/05/25 12:52:17 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/05/01 18:31:09 | 000,000,236 | ---- | C] () -- C:\Windows\wininit.ini
[2007/04/29 18:50:53 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2007/04/26 19:08:02 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2007/04/22 17:12:44 | 000,018,432 | ---- | C] () -- C:\Windows\System32\hl_simple.dll
[2007/04/09 18:22:44 | 000,000,737 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/03/25 16:45:18 | 000,004,120 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2007/03/25 14:56:57 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2007/03/22 12:30:34 | 000,093,696 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/25 21:02:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/03 18:12:31 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2006/12/03 18:12:31 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2006/12/03 18:12:31 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2006/12/03 18:12:31 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2006/12/03 18:12:31 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2006/12/03 18:12:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2006/11/30 23:45:19 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499e5-80f3-11db-9b97-0016d42cc956}.TMContainer00000000000000000002.regtrans-ms
[2006/11/30 23:45:19 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499e5-80f3-11db-9b97-0016d42cc956}.TMContainer00000000000000000001.regtrans-ms
[2006/11/30 23:45:19 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499e5-80f3-11db-9b97-0016d42cc956}.TM.blf
[2006/11/30 23:45:17 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499d5-80f3-11db-9b97-0016d42cc956}.TMContainer00000000000000000002.regtrans-ms
[2006/11/30 23:45:17 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499d5-80f3-11db-9b97-0016d42cc956}.TMContainer00000000000000000001.regtrans-ms
[2006/11/30 23:45:17 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2006/11/30 23:45:17 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499d5-80f3-11db-9b97-0016d42cc956}.TM.blf
[2006/11/30 23:45:17 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2006/11/30 23:45:17 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2006/11/30 23:23:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/11/30 22:28:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2006/11/30 22:28:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2006/11/30 22:28:27 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2006/11/30 22:28:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/25 00:37:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/24 10:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997/08/05 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/08/05 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/08/05 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 02:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/19 02:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/12/16 06:42:09 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2008/01/19 02:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/11 01:28:25 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 14:02:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 14:02:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 14:02:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2005/09/27 18:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\drivers\KR10N.sys
[2005/09/27 18:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2009/09/20 08:55:22 | 000,000,000 | ---D | M](C:\Windows\F?nts) -- C:\Windows\Fоnts
[2007/10/21 20:07:46 | 000,000,000 | ---D | C](C:\Windows\F?nts) -- C:\Windows\Fоnts

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\LiveKernelReports\WATCHDOG\WATCHDOG] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Panther\setup.exe\setup.exe] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\ScanFile\ScanFile] -> \Device\__max++>\^ -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:0C43407A
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:EEDA5B17
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2BE9FEFC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F1C0B203
< End of report >

OTL Extras logfile created on: 2/20/2010 4:56:34 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.11 Gb Total Space | 28.81 Gb Free Space | 19.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.04 Gb Total Space | 130.32 Gb Free Space | 87.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [- Browse with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browse" "%1" (Giorgio Tani)
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2488973047-2308359479-2647972124-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FDD6B49-9956-4559-86C4-0771EE492976}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{37D0EDB8-BF13-4FE0-8CCE-7AD72A778A02}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{5BD4810E-0702-4F46-BC82-8CA4203EEF97}" = lport=5000 | protocol=17 | dir=in | name=akamai network manager |
"{6FC4621F-DB21-4017-A33A-FA5B465ADABB}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{7AFC3056-A148-404E-82EB-4088E8801987}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{89014564-FB80-4AA0-ACED-DD0F98CF3E6B}" = lport=9420 | protocol=6 | dir=in | name=akamai network manager |
"{8B5413D1-4137-446D-B1EF-55D4B9155F40}" = lport=5000 | protocol=17 | dir=in | name=akamai network manager |
"{93EE5627-E48A-4FA1-93AB-1093D6CCCAE3}" = lport=9420 | protocol=6 | dir=in | name=akamai network manager |
"{A81772B1-1D0D-41DB-9E19-07F62F5DF162}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{BAA53DEA-04A6-47AA-830A-4F7113E77FCC}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{C66F7F31-2769-41C2-924D-80F2CA5C6A62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{EE10434B-C9B1-450B-A961-A5FF9C0B9A54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EDD2C1-E2DC-42F4-B94E-B029C80C3994}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{12B946B2-4C01-4D3C-9664-76894BB84138}" = protocol=6 | dir=in | app=c:\windows\temp\~os20bf.tmp\ossproxy.exe |
"{30FAB76D-7196-4D53-A5FD-41A0C08F6BCA}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{3CD04F0D-06AC-4A76-8B47-EF85A71DC44A}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{40C1ABFA-FC2A-4B58-B1D2-BC8254DF9AF9}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgw.exe |
"{4399BA40-2A64-4125-916C-B72FEAFC5B42}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4F02F996-F6FA-4447-9E2C-661505A2DE66}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe |
"{5176AD98-AAF8-4082-B825-23438A773361}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe |
"{52643B13-47DA-400A-B4F7-65C559E3A00A}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{57E10FB3-4380-4A64-BBED-0A66044FC668}" = protocol=6 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe |
"{6610E5DD-39A4-4A79-8F30-0115DA199FA4}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{7101D948-9F20-4E6F-9701-1C7EF9DC3358}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{7326A210-7969-4EC4-84F6-D359365D0842}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgvv.exe |
"{7F982CE0-C49B-4617-86BA-968377F672B5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{848A49EB-AAAC-4ACC-8AC7-5AC4799907F5}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{84FF74B7-D8D8-4502-A418-0B060107C68A}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{869047E7-40B4-452F-B1CB-715EC66E291A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{87FBB576-B65D-49CB-8B71-78E5F9E96C58}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8CF7AD7E-6F7A-467F-8CF6-8C75B7F5757B}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{93281205-CAD5-4D56-B786-8C082972CD76}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{980BC0AE-CD87-4F1F-BC5E-F7B748F4C37A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9B84C7CB-938F-42A9-BC65-D496E5230231}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{A618250C-61A0-4804-84D4-919BA3731001}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{A6779502-346E-41E2-A06F-7A4A3699E167}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{A71C747C-FD26-46C7-99A3-C1EF5CF9C90D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A8554C65-CB7D-4076-8A0C-60C76ED31E5D}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{B0B2382D-A8F0-4FF1-BA53-4A0E62B9F746}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B807BA87-2CFB-42DB-B10A-F635A6843E57}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgvv.exe |
"{C1FDAF51-A867-4702-89A0-D5ED661B1649}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgw.exe |
"{C2A4D6FD-6E59-48DF-9764-39575C5CB86B}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EB8AAE24-CF01-4BD9-97A7-4978B91DF96E}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EE70C67A-110B-420A-9F8D-B02DB60F863C}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{F7EF10B7-617F-4D20-8557-5E9CC01E97D1}" = protocol=17 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe |
"TCP Query User{00C17F36-E185-48D6-AE07-47C40B088988}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"TCP Query User{13CDC1CA-C690-4E4A-8380-DFA97792DE06}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=6 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe |
"TCP Query User{17E74858-E0E6-482E-8FD3-314279F7DC31}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"TCP Query User{1846537C-91E8-48A8-A1CF-C45CFF59CFBD}C:\program files\virtual agc\bin\yaags.exe" = protocol=6 | dir=in | app=c:\program files\virtual agc\bin\yaags.exe |
"TCP Query User{264C36A6-873A-4FF3-8EEA-629264B58393}C:\users\owner\desktop\maxivistaviewera.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\maxivistaviewera.exe |
"TCP Query User{2DC93610-C9AF-4714-AE2D-CD1D54F400CB}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{366475DA-CACC-44C2-B3D1-B234A2CDA868}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{45D153EF-BBE9-4A73-9A12-F30F2E1CCF6E}C:\x-plane 9\x-plane.exe" = protocol=6 | dir=in | app=c:\x-plane 9\x-plane.exe |
"TCP Query User{4BE847A5-0E15-4E2B-A8B7-A1AD418DF32E}C:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe |
"TCP Query User{5FED48EC-529B-4828-8E03-77E7E15E1456}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{616D5C2B-A783-4B9C-82D6-30B7BE7835D6}C:\program files\virtual agc\bin\yaagc.exe" = protocol=6 | dir=in | app=c:\program files\virtual agc\bin\yaagc.exe |
"TCP Query User{666B5254-F28D-4127-8095-976296DB9578}C:\program files\helicopter strike force\game.exe" = protocol=6 | dir=in | app=c:\program files\helicopter strike force\game.exe |
"TCP Query User{69B6401F-FA0D-4185-9525-5F8DDD84ED3C}C:\program files\fighter ace anniversary edition\rsync.exe" = protocol=6 | dir=in | app=c:\program files\fighter ace anniversary edition\rsync.exe |
"TCP Query User{6CA988D7-09A2-41AE-AD4A-B14959B4E23B}C:\program files\linksys\logviewer\logviewer.exe" = protocol=6 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe |
"TCP Query User{73C62C4E-2C37-489F-92E6-FE1EAEFF4C78}C:\program files\linksys\logviewer\logviewer.exe" = protocol=6 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe |
"TCP Query User{824DC253-B1E5-4700-9D15-14F2609D8853}C:\x-plane 9.00 beta-24\x-plane 900 beta-24.exe" = protocol=6 | dir=in | app=c:\x-plane 9.00 beta-24\x-plane 900 beta-24.exe |
"TCP Query User{88873D6C-E2F9-453C-8756-C61ABDB63B71}C:\program files\rxplus\rx_plus.exe" = protocol=6 | dir=in | app=c:\program files\rxplus\rx_plus.exe |
"TCP Query User{8E8B1F77-B2F9-4D45-8D07-1F00402DB893}E:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=e:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{94E0DDC8-1A76-40F2-8B28-9A5D069F2742}E:\viewer a from xp pc\maxivistaviewera.exe" = protocol=6 | dir=in | app=e:\viewer a from xp pc\maxivistaviewera.exe |
"TCP Query User{A2B40CE8-DFB3-4B84-9E0B-C79634EC6A35}C:\program files\rxplus\rx_plus.exe" = protocol=6 | dir=in | app=c:\program files\rxplus\rx_plus.exe |
"TCP Query User{ABAA6C96-DB1B-4C55-94C5-F9CDD87FC944}C:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"TCP Query User{AC5C04A7-D097-4A01-BEF2-FB429E0AC9E2}C:\program files\fdrlab\anytv\anytv.exe" = protocol=6 | dir=in | app=c:\program files\fdrlab\anytv\anytv.exe |
"TCP Query User{AF86830D-804E-465F-A49A-8150ED90D3B6}C:\users\owner\desktop\maxivistaviewera.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\maxivistaviewera.exe |
"TCP Query User{B30FAE5D-DB79-43C5-BBBB-E58AF3EB8504}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C288D57D-4FF4-450B-8451-DD06DD9430BC}C:\program files\wings over vietnam\wov.exe" = protocol=6 | dir=in | app=c:\program files\wings over vietnam\wov.exe |
"TCP Query User{C31260D9-E098-462B-BDCC-4EA9D6D466B7}C:\program files\strategy first\strike fighters\flightsim.exe" = protocol=6 | dir=in | app=c:\program files\strategy first\strike fighters\flightsim.exe |
"TCP Query User{C466D072-2891-4EB5-A88B-603621237B38}C:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{CC3CC5A0-D29E-4C6B-9BCE-CC52D0003309}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{CC7A7F7C-0EE8-4D3C-BAA1-E86989C04DA1}E:\muzeeapp.exe" = protocol=6 | dir=in | app=e:\muzeeapp.exe |
"TCP Query User{E49CB8B8-11A1-46C6-8845-6FD2C3A8CA13}C:\downloads\aeron_win32_v22\aeron.exe" = protocol=6 | dir=in | app=c:\downloads\aeron_win32_v22\aeron.exe |
"TCP Query User{E84B89C2-43FD-4C3A-8073-2F09ACED6774}C:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe |
"TCP Query User{EB296642-6CEC-421C-BFEE-DC8BCDE5AE81}C:\program files\smartparts\smartparts desktop\optipix.exe" = protocol=6 | dir=in | app=c:\program files\smartparts\smartparts desktop\optipix.exe |
"TCP Query User{ED0F42E5-4919-435D-8320-E168EEB7B57E}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{04F8FB34-584D-476F-A73F-BFF6CF6D714C}C:\program files\fdrlab\anytv\anytv.exe" = protocol=17 | dir=in | app=c:\program files\fdrlab\anytv\anytv.exe |
"UDP Query User{176977CD-61ED-4618-AE4F-3DEE0E4B1297}C:\program files\linksys\logviewer\logviewer.exe" = protocol=17 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe |
"UDP Query User{187D85A6-AB57-471D-B9C7-6FDEF7B533E7}C:\program files\smartparts\smartparts desktop\optipix.exe" = protocol=17 | dir=in | app=c:\program files\smartparts\smartparts desktop\optipix.exe |
"UDP Query User{1CECDDB2-6E51-4E17-A4C9-17A8913C50B5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{26656B7C-58B9-488C-A8D5-57871948C240}C:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe |
"UDP Query User{27BFBCDF-B08A-43F2-A975-199190C1551E}C:\program files\virtual agc\bin\yaags.exe" = protocol=17 | dir=in | app=c:\program files\virtual agc\bin\yaags.exe |
"UDP Query User{28E402D9-519A-48A5-856F-CCB77A3ACD84}C:\downloads\aeron_win32_v22\aeron.exe" = protocol=17 | dir=in | app=c:\downloads\aeron_win32_v22\aeron.exe |
"UDP Query User{35D8200B-427D-4127-AE66-11E83CF87349}E:\viewer a from xp pc\maxivistaviewera.exe" = protocol=17 | dir=in | app=e:\viewer a from xp pc\maxivistaviewera.exe |
"UDP Query User{3946AF17-2226-4770-9720-CA203408BC8C}C:\program files\linksys\logviewer\logviewer.exe" = protocol=17 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe |
"UDP Query User{4C0CD86B-B567-4EBE-B9FB-91C8CEDE4A59}C:\users\owner\desktop\maxivistaviewera.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\maxivistaviewera.exe |
"UDP Query User{5006F0AB-CCC7-46FD-AD7E-04860A5517D9}C:\program files\rxplus\rx_plus.exe" = protocol=17 | dir=in | app=c:\program files\rxplus\rx_plus.exe |
"UDP Query User{5626D3AE-82EE-4A6A-9225-E648E02F2197}C:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe |
"UDP Query User{58DBE4B7-4BA4-4DAC-9DC7-EBFCAAA92CFF}C:\program files\fighter ace anniversary edition\rsync.exe" = protocol=17 | dir=in | app=c:\program files\fighter ace anniversary edition\rsync.exe |
"UDP Query User{5C057268-4C3B-48FA-A81F-F10A59466E8E}C:\program files\rxplus\rx_plus.exe" = protocol=17 | dir=in | app=c:\program files\rxplus\rx_plus.exe |
"UDP Query User{6EC6A017-360B-4EFB-A989-54A58FF60C0C}C:\users\owner\desktop\maxivistaviewera.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\maxivistaviewera.exe |
"UDP Query User{760F1FE6-F0B0-472A-A6DA-61EFCB39DAC5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{795CD5F6-8975-4EC7-A3C7-C220AC30BC19}C:\x-plane 9\x-plane.exe" = protocol=17 | dir=in | app=c:\x-plane 9\x-plane.exe |
"UDP Query User{90232DDF-5E73-40FB-B8B5-82BC7350AFFF}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{93BF6029-A593-4427-B630-F5BF913D7B36}C:\program files\helicopter strike force\game.exe" = protocol=17 | dir=in | app=c:\program files\helicopter strike force\game.exe |
"UDP Query User{9DD39B4B-621D-4F09-8E82-0205D9D6C14D}C:\program files\virtual agc\bin\yaagc.exe" = protocol=17 | dir=in | app=c:\program files\virtual agc\bin\yaagc.exe |
"UDP Query User{A152561E-D42C-447D-BEDC-4ED7DB9963B6}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"UDP Query User{A51B02B1-C00D-436C-8041-66C17D3177EE}E:\muzeeapp.exe" = protocol=17 | dir=in | app=e:\muzeeapp.exe |
"UDP Query User{AB3675FC-5643-48A9-B38B-F8CC550C67CB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{AD90C77E-47DF-4F4B-8143-4E586A626F70}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{BCFC9349-9293-41A0-8247-11329E36B460}C:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{CA29D5E9-B58B-4956-8BA8-3E1C84D2F7F5}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"UDP Query User{CAF6C32A-20F1-4D66-A019-0F29A3D82B9D}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{D5FE3A5B-BFFC-46E0-8E4E-B077B4F9F099}C:\x-plane 9.00 beta-24\x-plane 900 beta-24.exe" = protocol=17 | dir=in | app=c:\x-plane 9.00 beta-24\x-plane 900 beta-24.exe |
"UDP Query User{DE279245-3969-48E8-836C-1B6CF41AB677}E:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=e:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{E0F9CB34-4E40-4522-887A-B1387732761D}C:\program files\wings over vietnam\wov.exe" = protocol=17 | dir=in | app=c:\program files\wings over vietnam\wov.exe |
"UDP Query User{E3547109-9EC0-4B0A-9822-1F5EA94260DC}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=17 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe |
"UDP Query User{F6A625C7-002E-4733-AD1B-7CD300AAAB63}C:\program files\strategy first\strike fighters\flightsim.exe" = protocol=17 | dir=in | app=c:\program files\strategy first\strike fighters\flightsim.exe |
"UDP Query User{FD67BAD0-E7E1-4A72-91DE-63F619139546}C:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{014C4D18-DB14-4177-B340-B7B8B9C8E336}" = KBOS v1.1.2 for FSX
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = BELKIN Bluetooth Software 6.0.1.4400
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{09AD08C0-104D-4E58-92E0-E03CEABA9CD7}" = Helicopter Strike Force
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E967F9D-6604-4576-B7CE-26DA9D2A3ADC}" = TurboTax 2008 wnhiper
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{24E439E1-02B6-40E8-82A8-2E2033B62A9E}" = Eagle Lander 3D v212
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{292EE725-0210-4D25-A81F-99924EBF9FD8}_is1" = A-OK! The Wings of Mercury 3.9.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2971AD60-09A4-11D5-8738-00C0F046D1EF}" = B-17 Gunner Air War Over Germany
"{2BE8DD4A-28DE-4FBE-9917-A39856FD3833}" = CTR-PCRcvr
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EE8F85E-EDF1-4CEF-828F-27BC2981434F}" = Flight Deck 5 for FSX
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{35CF12E1-DD25-11D6-837D-0000E8D55E8A}" = Icom IC-PCR1000
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C86BF23-B384-FC3D-8788-29DC514B3B62}" = Catalyst Control Center Core Implementation
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4304BE34-6DDA-46CC-ADAB-77990DC77ED5}" = Magellan RoadMate Tools
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 2.5.4)
"{45034CC3-4761-44B3-854A-B17778C0D5B0}" = Flight Deck 4 for FSX
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF979D5-464C-4926-AF73-54C1C219F06A}" = Ham Radio Deluxe
"{5128275B-595E-4B65-3EAD-651897053B15}" = ccc-core-static
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.6.3
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EAB222B-F288-4138-B53B-03B6848A3D5C}" = hlVista
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C2EDF63-C83B-4AAD-AC26-1784660F618B}" = Advanced Disk Cleaner
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A819E7-4146-B9EA-1292-C4A77F657B4E}" = eBay Desktop
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A65E382-1843-4B46-861B-1BECB8354911}" = Falcon 4.0: Allied Force
"{7B601689-E7E0-4923-ADAC-C959249E1C5D}" = ccc-Branding
"{863F4168-8E0E-446F-BA3B-A26383BC32BB}" = Abacus Mission Combat Force
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8BEF9309-3B6B-3670-70A6-4631D2BC2FF6}" = Catalyst Control Center Graphics Full Existing
"{8EB278E8-7FDA-4ED9-A429-C87A76F95087}" = 1AVCapture
"{914928E5-4BA3-4809-9280-9C3DC20B993D}" = Scanner Recorder
"{917443c8-4fab-4c87-8ef3-ac150db4d42c}.sdb" = PC Tune-Up
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{962206B0-C3BA-4A51-82DF-124032910C91}" = Wings Over Vietnam
"{96DA37C3-4B48-41ED-8500-9C1F1E3933A2}" = Garmin City Navigator Europe 2008
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{9BD8D527-A96C-46DB-B076-48D34189B372}" = BVE Uchibo Line
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A746CE98-A755-4AD7-B4B8-346DC74CDECD}" = OVT Scanner
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AF78A04C-C6FE-4BB1-A592-1405192B4669}" = Flight Deck 4 Update 3 for FSX
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BF307EDA-A176-4D83-9775-D337810CF7A7}" = Cookienator
"{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
"{C4F3D6A2-1214-4307-B43B-2C123AE931EC}" = Eagle Lander 3D 212 Vista Patch
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C86C99D6-BE68-DD8A-6EAD-AE9A28353288}" = Catalyst Control Center Graphics Light
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C896D417-10AD-4AAB-A491-22FD67AC2220}" = ACS CCID PCSC Driver 1.1.6.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D52B286A-BB3A-436B-A41A-8E1475DE5E06}" = Abacus Fighter Pilot 2 for FSX
"{D6EC64A4-1B90-6B93-CC33-897A0F96F5B3}" = CCC Help English
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEFD2BF4-8EDA-C163-F2EC-9BE0A54FE674}" = ccc-utility
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters
"{E16A73E3-7976-4B86-A5C4-C544BB20C7C5}" = MapSource - WorldMap v3.01
"{E5090856-6E87-4AE1-B6FE-DD4149CB097A}" = LogViewer
"{E52382DC-2E7A-439D-8ECE-A27D8B816645}" = BVE 4
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{EBF9C5EB-C6DD-659C-9D2B-E033DB73C783}" = Catalyst Control Center Graphics Full New
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EFB7C37F-2B92-4A2A-BD38-5F3FC0A56657}" = CarMD
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2BD3EF3-D206-4725-BC3E-2B49A2771986}" = Screen Timer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"18fsxun" = 18 Airports X-Generation Bundle FSX v1.0
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Aces High II" = Aces High II
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"After Burner 3D" = After Burner 3D
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"aignesamdeadlink" = AM-DeadLink 3.2
"AIM_6" = AIM 6
"Airlink Express_is1" = Airlink Express v.1.7.1.8
"AnVir Task Manager" = AnVir Task Manager
"Autoplay Menu Designer_is1" = Autoplay Menu Designer 3.4
"AVG8Uninstall" = AVG 8.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B17 Flying Fortress" = B17 Flying Fortress
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"BiAdmin" = BiAdmin
"Bonito RC60" = Bonito RadioCom 60
"CCleaner" = CCleaner
"com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1" = eBay Desktop
"Creative Jukebox Driver" = Creative Jukebox Driver
"CW DecoderXP" = CW DecoderXP
"DB3691CD-2D74-81BF-C7F1-28367A978466" = Virtual AGC
"Digital Editions" = Adobe Digital Editions
"doPDF 5 printer_is1" = doPDF 5.1 printer
"DOSShell" = DOSShell 1.4
"DVD Flick_is1" = DVD Flick 1.3.0.6
"E3D9A28446F164880F53982F2C8F2D15E31E3987" = Windows Driver Package - ACS (A38CCID) SmartCardReader (08/30/2008 1.1.6.3)
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FA-18 Operation Iraqi FreedomVersion 1.0" = FA-18 Operation Iraqi Freedom
"Falcon 4.0" = Falcon 4.0
"Fighter Ace Anniversary Edition" = Fighter Ace Anniversary Edition
"FileHippo.com" = FileHippo.com Update Checker
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FileZilla Client" = FileZilla Client 3.2.6.1
"Firefox Windows Media Player XPI" = Firefox Windows Media Player XPI
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 2.4.0.0
"Foxit Reader" = Foxit Reader
"Free Registry Cleaner for Vista_is1" = Free Registry Cleaner for Vista 1.0
"GEARDrivers" = GEAR Software Drivers
"Glary Utilities_is1" = Glary Utilities Pro 2.18.0.786
"HamSphere_is1" = HamSphere 2.0.19
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"IL-2 Sturmovik" = IL-2 Sturmovik
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.47
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"Legacy of the Sky: P-38 Lightning FSX/FS9" = Legacy of the Sky: P-38 Lightning FSX/FS9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"Mplayer" = Mplayer and all enabling of games
"Nano-Hive" = Nano-Hive 1.2.0-Beta-1
"nLite_is1" = nLite 1.4.9.1
"NTE QUICKCross v.14 Uninstall" = NTE QUICKCross v.14
"OK1IAK (Installer by N0HR) PocketDigi" = OK1IAK (Installer by N0HR) PocketDigi
"Omni-Rig_is1" = Omni-Rig 1.2
"OpenAL" = OpenAL
"PC Tune-Up" = PC Tune-Up
"PC Wizard 2009_is1" = PC Wizard 2009.1.89
"PC-ALE_is1" = PC-ALE 1.602H
"PeaZip_is1" = PeaZip 1.11
"Perfect Utilities" = Perfect Utilities 3.03
"Picasa 3" = Picasa 3
"PismoFileMountAuditPackage" = Pismo File Mount Audit Package
"Print Server Driver" = Print Server Driver
"RAZBAM Convair F-102 Delta Dagger for FSX" = RAZBAM Convair F-102 Delta Dagger for FSX
"RealPlayer 12.0" = RealPlayer
"RecAll-PRO" = RecAll-PRO
"Recover PDF Password_is1" = Recover PDF Password 2.3.0.60
"Red Jets" = Red Jets 1.0
"Revo Uninstaller" = Revo Uninstaller 1.83
"Road Runner Install_is1" = Road Runner Install
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"RxPlus" = RxPlus
"Scancorder_is1" = Scancorder 1.4
"Search And Rescue 3" = Search And Rescue 3
"Sierra Utilities" = Sierra Utilities
"SkySwePro" = SkySwePro
"Smart Defrag_is1" = Smart Defrag 1.20
"Sony Digital Camera Driver" = Sony Digital Camera Driver
"SoundArb" = SoundArb
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Spectrum Lab_is1" = Spectrum Lab V2.7
"STARWARS: The Battle of Endor v2.1_is1" = STARWARS: The Battle of Endor version 2.1
"Stellarium_is1" = Stellarium 0.10.3
"Strike Fighters: Project 1" = Strike Fighters: Project 1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TalkPCR 2.4F2" = TalkPCR 2.4F2
"TOSHIBA Game Console" = TOSHIBA Game Console
"TurboTax 2008" = TurboTax 2008
"VertiSim" = VertiSim
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinDjView" = WinDjView 1.0.3
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"Wings of POWER: Heavy Bombers and Jets" = Wings of POWER: Heavy Bombers and Jets
"Wings Over Europe" = Wings Over Europe
"Wings Over Israel" = Wings Over Israel
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum Special Edition
"WinZip" = WinZip
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free
"Xtreme Prototypes X-15-2-3 VC for Flight Simulator1.1" = Xtreme Prototypes X-15-2-3 VC for Flight Simulator
"Yahoo! Music Engine" = Yahoo! Music Jukebox
"YS FLIGHT SIMULATOR" = YS FLIGHT SIMULATOR
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FeelThere ERJ v.2" = FeelThere ERJ v.2
"Joint Strike Fighter" = Joint Strike Fighter
"MP3MyMP3 3.0" = MP3MyMP3 3.0
"Sansa Updater" = Sansa Updater
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2010 6:13:51 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 6:24:25 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 7:13:51 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 7:24:25 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 8:13:51 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 9:01:20 AM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 2/20/2010 3:22:46 PM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 2/20/2010 4:37:51 PM | Computer Name = Owner-PC | Source = SPP | ID = 16387
Description =

Error - 2/20/2010 4:37:52 PM | Computer Name = Owner-PC | Source = System Restore | ID = 8193
Description =

Error - 2/20/2010 4:37:52 PM | Computer Name = Owner-PC | Source = System Restore | ID = 8210
Description =

[ System Events ]
Error - 2/20/2010 2:09:28 PM | Computer Name = Owner-PC | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2/20/2010 2:09:32 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/20/2010 2:09:32 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/20/2010 2:09:32 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/20/2010 2:09:32 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/20/2010 2:09:32 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/20/2010 2:10:19 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 2/20/2010 2:41:17 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/20/2010 4:57:58 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/20/2010 5:37:21 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version


< End of report >





#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 20 February 2010 - 05:36 PM

Hi,
please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 20 February 2010 - 07:15 PM

Hi Myrti,

Sorry for delay getting back to you.

WOW!! Trying to run GMER was painful. First ad-aware would not close down. I tried everything including from the task manager and it kept coming back.

Then when I ran gmer it started a scan immediately see attached gmer1-1. It sopped very quickly so I clicked on scan. A long scan resulted but in the middle it made my computer go black and then restart.

So after restart and shutting down programs I ran gmer again. The short immediate scan is attached as gmer2-1.

Then I realized that only my C drive was selected at the right.

Just now as I was writing this Antivir just popped up with a threat from "HTML/InfectedWebPage.Gen HTML script virus" I just clicked denied.

OK back to story. My PC has one drive partitioned into C: and E: Windows is on C:.

So I checked C & E at the right and did a second scan.

This went for a really long time and them stopped! I have attached it as gmer2-2.

Hope this helps. I'll stand by for more instructions.

Thanks

John


gmer 1-1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-20 17:50:31
Windows 6.0.6002 Service Pack 2
Running: hvsy88hh.exe; Driver: C:\Users\Owner\AppData\Local\Temp\uwrcapow.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84D611F8

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 84E238D4

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

*******************************************************************
gmer 2-1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-20 18:13:42
Windows 6.0.6002 Service Pack 2
Running: hvsy88hh.exe; Driver: C:\Users\Owner\AppData\Local\Temp\uwrcapow.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84D611F8

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 84E238D4

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


***************************************************************************

gmer 2-2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-20 18:57:37
Windows 6.0.6002 Service Pack 2
Running: hvsy88hh.exe; Driver: C:\Users\Owner\AppData\Local\Temp\uwrcapow.sys


---- System - GMER 1.0.15 ----

SSDT 97118414 ZwCreateThread
SSDT 97118400 ZwOpenProcess
SSDT 97118405 ZwOpenThread
SSDT 9711840F ZwTerminateProcess

INT 0x72 ? 85F21BF8
INT 0x72 ? 85F21BF8
INT 0x72 ? 85F21BF8
INT 0x72 ? 85F21BF8
INT 0x92 ? 83FF4BF8
INT 0xA2 ? 83FF4BF8
INT 0xB2 ? 83FF4BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 411 820BEA08 4 Bytes [14, 84, 11, 97]
.text ntoskrnl.exe!KeInsertQueue + 5E1 820BEBD8 4 Bytes [00, 84, 11, 97]
.text ntoskrnl.exe!KeInsertQueue + 5FD 820BEBF4 4 Bytes [05, 84, 11, 97]
.text ntoskrnl.exe!KeInsertQueue + 811 820BEE08 4 Bytes [0F, 84, 11, 97]
? System32\Drivers\sppt.sys The system cannot find the path specified. !
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x878C8024]
? C:\Windows\system32\drivers\atapi.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 8C7C341B 5 Bytes JMP 85F211D8

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[124] ntdll.dll!NtProtectVirtualMemory 77B44D34 5 Bytes JMP 0063000A
.text C:\Windows\Explorer.EXE[124] ntdll.dll!NtWriteVirtualMemory 77B45674 5 Bytes JMP 0064000A
.text C:\Windows\Explorer.EXE[124] ntdll.dll!KiUserExceptionDispatcher 77B45DC8 5 Bytes JMP 0062000A
.text C:\Windows\system32\svchost.exe[1408] ntdll.dll!NtProtectVirtualMemory 77B44D34 5 Bytes JMP 003A000A
.text C:\Windows\system32\svchost.exe[1408] ntdll.dll!NtWriteVirtualMemory 77B45674 5 Bytes JMP 003B000A
.text C:\Windows\system32\svchost.exe[1408] ntdll.dll!KiUserExceptionDispatcher 77B45DC8 5 Bytes JMP 0039000A
.text C:\Windows\system32\svchost.exe[1408] ole32.dll!CoCreateInstance 76BC9EA6 5 Bytes JMP 0307000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 83FF32D8
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [82A6AC4C] \SystemRoot\System32\Drivers\sppt.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [82A6ACA0] \SystemRoot\System32\Drivers\sppt.sys
IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 83FF42D8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 85F212D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82A4A048] \SystemRoot\System32\Drivers\sppt.sys
IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 85F5F5E0

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74BCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74BA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74B7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74BFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74B9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84D611F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84D5E1F8
Device \Driver\usbohci \Device\USBPDO-0 83F8A498
Device \Driver\usbohci \Device\USBPDO-1 83F8A498
Device \Driver\usbehci \Device\USBPDO-2 85F771F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\volmgr \Device\HarddiskVolume1 84D5E1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84D5E1F8
Device \Driver\cdrom \Device\CdRom0 85F43500
Device \Driver\volmgr \Device\HarddiskVolume3 84D5E1F8
Device \Driver\atapi \Device\Ide\IdePort0 84D601F8
Device \Driver\atapi \Device\Ide\IdePort1 84D601F8
Device \Driver\atapi \Device\Ide\IdePort2 84D601F8
Device \Driver\atapi \Device\Ide\IdePort3 84D601F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 84D601F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8638F1F8
Device \Driver\Smb \Device\NetbiosSmb 862DB1F8
Device \Driver\iScsiPrt \Device\RaidPort0 860881F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 83F8A498
Device \Driver\usbohci \Device\USBFDO-1 83F8A498
Device \Driver\usbehci \Device\USBFDO-2 85F771F8
Device \Driver\netbt \Device\NetBT_Tcpip_{61C9A124-5E65-4D43-9634-9DDFF1955C2D} 8638F1F8
Device \FileSystem\cdfs \Cdfs 86F111F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 84E238D4

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a7c6620
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a7c6620@00a09618fd2f 0xF8 0xA7 0x99 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a7c6620 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a7c6620@00a09618fd2f 0xF8 0xA7 0x99 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0624e61e
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F60EE9A0-F85F-C137-2615-FC47BB910ECF}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F60EE9A0-F85F-C137-2615-FC47BB910ECF}@oafekaikenedndnddnmalpbaghhhkj 0x69 0x61 0x69 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F60EE9A0-F85F-C137-2615-FC47BB910ECF}@nadfaokdjhaiojkglakldckkgaji 0x6A 0x61 0x6A 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F60EE9A0-F85F-C137-2615-FC47BB910ECF}@gbnkehggkdgdpanpefamjaedhglmobmdibjbldbhlefkck 0x64 0x61 0x62 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F60EE9A0-F85F-C137-2615-FC47BB910ECF}@bblkpbchbmbedfdkfjdkmkfcihahngdhjcie 0x66 0x61 0x61 0x67 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----






#6 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 20 February 2010 - 11:27 PM

Me again myrti,

I read your last post more carefully, booted in safe mode and ran GMER. The Auto scan was exactly the same as gmer2-1.

When that finished I ran "Scan". It took almost 3 hours before the scan was completed. Below are the results. Thanks again for trying to help me out of this mess.
Regards,
John

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-20 23:07:43
Windows 6.0.6002 Service Pack 2
Running: hvsy88hh.exe; Driver: C:\Users\Owner\AppData\Local\Temp\uwrcapow.sys


---- System - GMER 1.0.15 ----

INT 0x82 ? 850A4F00
INT 0x82 ? 850A4F00
INT 0x82 ? 850A4F00
INT 0x82 ? 850A4F00
INT 0x92 ? 83F9ABF8
INT 0xA2 ? 83F9ABF8
INT 0xB2 ? 83F9ABF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spbe.sys The system cannot find the path specified. !
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x878B6024]
? C:\Windows\system32\drivers\atapi.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 87EAA41B 5 Bytes JMP 850A44E0

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtProtectVirtualMemory 778A4D34 5 Bytes JMP 0023000A
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtWriteVirtualMemory 778A5674 5 Bytes JMP 0024000A
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!KiUserExceptionDispatcher 778A5DC8 5 Bytes JMP 0010000A
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtProtectVirtualMemory 778A4D34 5 Bytes JMP 0169000A
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtWriteVirtualMemory 778A5674 5 Bytes JMP 016A000A
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!KiUserExceptionDispatcher 778A5DC8 5 Bytes JMP 0168000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 83F992D8
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [82A68C4C] \SystemRoot\System32\Drivers\spbe.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [82A68CA0] \SystemRoot\System32\Drivers\spbe.sys
IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 83F9A2D8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 850A45E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82A48048] \SystemRoot\System32\Drivers\spbe.sys
IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 851292D8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7499F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7499E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7499FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7499FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7499D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74996853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7499687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84D601F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84D5D1F8
Device \Driver\usbohci \Device\USBPDO-0 850C41F8
Device \Driver\usbohci \Device\USBPDO-1 850C41F8
Device \Driver\usbehci \Device\USBPDO-2 850C51F8
Device \Driver\volmgr \Device\HarddiskVolume1 84D5D1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84D5D1F8
Device \Driver\cdrom \Device\CdRom0 850E6500
Device \Driver\volmgr \Device\HarddiskVolume3 84D5D1F8
Device \Driver\atapi \Device\Ide\IdePort0 84D5F1F8
Device \Driver\atapi \Device\Ide\IdePort1 84D5F1F8
Device \Driver\atapi \Device\Ide\IdePort2 84D5F1F8
Device \Driver\atapi \Device\Ide\IdePort3 84D5F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-6 84D5F1F8
Device \Driver\iScsiPrt \Device\RaidPort0 8512A1F8
Device \Driver\usbohci \Device\USBFDO-0 850C41F8
Device \Driver\usbohci \Device\USBFDO-1 850C41F8
Device \Driver\usbehci \Device\USBFDO-2 850C51F8
Device \FileSystem\cdfs \Cdfs 856361F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 84E2E8D4

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a7c6620
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a7c6620@00a09618fd2f 0xF8 0xA7 0x99 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a7c6620 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a7c6620@00a09618fd2f 0xF8 0xA7 0x99 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F60EE9A0-F85F-C137-2615-FC47BB910ECF}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F60EE9A0-F85F-C137-2615-FC47BB910ECF}@oafekaikenedndnddnmalpbaghhhkj 0x69 0x61 0x69 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F60EE9A0-F85F-C137-2615-FC47BB910ECF}@nadfaokdjhaiojkglakldckkgaji 0x6A 0x61 0x6A 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F60EE9A0-F85F-C137-2615-FC47BB910ECF}@gbnkehggkdgdpanpefamjaedhglmobmdibjbldbhlefkck 0x64 0x61 0x62 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F60EE9A0-F85F-C137-2615-FC47BB910ECF}@bblkpbchbmbedfdkfjdkmkfcihahngdhjcie 0x66 0x61 0x61 0x67 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----




#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 21 February 2010 - 08:51 AM

Hi,

If gmer runs fine in normal mode, please run it in normal mode. When it won't run in normal mode, go for safe mode. smile.gif

You have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 21 February 2010 - 09:39 AM

Hi mytri,

I think it has to be a full re-format. Any hints? The link you gave does not seem to have a "Links" menu. And the FAQ menu opens up lots of topics.

Can I copy documents, bookmarks and other non operational files from this computer. Or will they be infected.

My plan is::

1. re-format this drive

2. Physically replace this drive with a lower capacity drive that I upgraded from just a few weeks ago.

3. Run Hijack This on the old drive

4. Finally, post those results here for your investigation to make sure it is clean.

What do you think of that plan?

Thanks again,

John

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 21 February 2010 - 10:09 AM

Hi,

As i said previously, I know how to remove the infection, but there is a slight risk that things were changed through the backdoor, we won't see. If you don't want to take that risk a full-format is what you need to go for. (Overwrite all partitions and create new ones)
You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If you're not sure how to reformat or need help with reformatting, please review:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.



Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows pre-installed. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media.

If you need additional assistance with reformatting or have questions about multiple hard drives, you can start a new topic in the Windows XP Home and Professional forum. If you don't get a reply, please send me a PM and I will get someone to take a look.

I do not believe that it is necessary to change the hard drive, if you do a format and clean install, you should be fine. Also if you wish to post a log for my eyes, please post an OTL log instead of a Hijackthis log, it is much more detailed.

I will close this thread if you don't reply back within 5 days, however the thread can always be reopened by sending me a PM. This is done to prevent other people from posting into your thread.

Feel free to ask if you have any more questions.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 21 February 2010 - 10:43 AM

Hi myrti,

Thanks so much for hanging in with me.

I have disconnected the infected PC from the wireless router (shut off wlan card).

Using second PC for the communication.

My strategy is to reformat the current drive.

Then after installing the old drive I can image the old drive back on this drive and recover 99% of my data.

I THINK I removed the old drive a week before the attack.

Then I will post to you the OTL file from the old drive BEFORE I image it back on to the current (reformatted & repartitioned) hard drive.

Sound OK to you?

If you say OK I will proceed and the next message form me will be the OTL form the old installed HD.

Depending on how it goes this be within 1 to 6 hours.

Thanks again


#11 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 21 February 2010 - 12:51 PM

myrti,

Here are the hijack this & OTL & extra log files from the old hard drive now installed on the PC. OTL seemed to stop early when I pressed the ALT key to wake up the PC to see its progress.

Do these look clean?

If so, how can I reformat the infected hard drive? Is it safe to connect it to a clean computer via a USB hard drive adapter?

Once reformatted I will image the old (and hopefully clean) drive back on the once infected but now reformatted hard drive.

Please give me the OK on the old drive first. Then tell me what you think on the USB reformatting.

Thanks again and here are the logs

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:28 PM, on 2/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E00315CF-CC3E-42CD-B6FF-E164438EFBDC} - (no file)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: hl_simple.dll,avgrsstx.dll
O20 - Winlogon Notify: ssqpnll - ssqpnll.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6509 bytes


**********************************************************

OTL

OTL logfile created on: 2/21/2010 12:12:28 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.11 Gb Total Space | 10.68 Gb Free Space | 7.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/21 12:02:25 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/23 15:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/08 20:18:10 | 026,805,255 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/09/01 06:38:47 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/01 06:38:47 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/01 06:38:43 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/01 06:38:40 | 002,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/01 06:38:37 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/09/01 06:38:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 01:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/21 21:18:54 | 000,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/04/28 05:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 02:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2006/12/19 08:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\IoctlSvc.exe
PRC - [2006/11/22 20:45:28 | 000,425,648 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2006/11/22 20:08:12 | 000,409,264 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2006/11/20 15:15:14 | 000,446,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2006/11/09 13:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 04:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/21 12:02:25 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2009/12/23 16:11:18 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/09/01 06:38:47 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/03/29 23:42:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll
MOD - [2007/04/22 17:12:44 | 000,018,432 | ---- | M] () -- C:\Windows\System32\hl_simple.dll
MOD - [2007/01/19 09:13:58 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\detoured.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (THAS)
SRV - File not found [On_Demand | Stopped] -- -- (RBKKM)
SRV - File not found [On_Demand | Stopped] -- -- (LDVGONHT)
SRV - [2009/12/23 15:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/13 17:56:46 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/21 15:36:02 | 000,545,568 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/01 06:38:37 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/09/01 06:38:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/21 21:18:54 | 000,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c99493f0cdb976) Google Update Service (gupdate1c99493f0cdb976)
SRV - [2008/12/12 07:31:10 | 000,537,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/12/02 14:29:52 | 000,877,864 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 02:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/06/21 00:25:50 | 000,606,208 | ---- | M] (ATI Technologies Inc.) [Disabled | Stopped] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/04/25 18:12:14 | 000,237,568 | ---- | M] (SOFTWIN S.R.L.) [Disabled | Stopped] -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2006/12/19 08:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/22 20:45:28 | 000,425,648 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/09/12 11:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/07/20 15:54:28 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/12/07 16:18:28 | 000,073,728 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/08 06:23:29 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/01 06:38:47 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/01 06:38:47 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/31 05:58:23 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/18 20:14:47 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/10 14:35:53 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/06/04 13:35:58 | 000,182,456 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pfmfs_2D5.sys -- (pfmfs_2D5)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/20 06:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/17 13:17:17 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/12/17 13:17:16 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/08/29 18:32:26 | 000,036,736 | ---- | M] (Advanced Card Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a38ccid.sys -- (A38CCID)
DRV - [2008/07/29 04:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/06/21 00:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/21 00:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/19 21:26:58 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/06/19 21:26:54 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/06/19 21:26:52 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/04/10 09:08:46 | 000,596,480 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov550i.sys -- (APL531)
DRV - [2007/03/08 16:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2006/11/21 22:24:46 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/11/08 22:09:24 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 22:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/09/16 17:23:06 | 000,047,360 | ---- | M] (DigitalPersona®, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbdpfp.sys -- (usbdpfp)
DRV - [2006/08/31 09:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/05/18 03:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/02/14 13:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/10/11 06:17:32 | 000,031,872 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CyUsb.sys -- (CyUsb)
DRV - [2005/09/27 18:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2005/06/09 20:07:52 | 000,041,344 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/07/29 19:35:52 | 000,031,654 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)
DRV - [2004/04/13 16:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/03/17 06:00:00 | 000,044,256 | ---- | M] (Accapella Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CoachVc.sys -- (CoachVc)
DRV - [2004/03/17 05:59:56 | 000,046,944 | ---- | M] (FotoNation Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CoachUsb.sys -- (CoachUsb)
DRV - [2001/04/19 03:26:20 | 000,016,112 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Print Server\BIADMIN\PCANDIS4.SYS -- (PCANDIS4)
DRV - [2000/06/22 00:52:42 | 000,047,232 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serport.sys -- (Serport)
DRV - [2000/04/05 19:43:30 | 000,107,464 | ---- | M] (Alaris, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DVC2USB.sys -- (DCamUSBAlaris)
DRV - [1999/01/10 06:00:00 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DLPortIO.sys -- (DLPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\S-1-5-21-2488973047-2308359479-2647972124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\S-1-5-21-2488973047-2308359479-2647972124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {21d9fc16-931c-4295-b8cf-f01c16168089}:0.7.5
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.3
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.foxtor.browser.search.update: false
FF - prefs.js..extensions.foxtor.network.proxy.http: ""
FF - prefs.js..extensions.foxtor.network.proxy.http_port: 0
FF - prefs.js..extensions.foxtor.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.foxtor.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.foxtor.network.proxy.type: 0
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/01 06:39:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/08 19:22:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2010/01/05 21:36:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/24 22:12:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/24 22:12:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/01/24 22:10:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/12/09 20:06:11 | 000,000,000 | ---D | M]

[2010/01/11 18:44:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/01/11 18:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/02/09 07:02:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions
[2010/01/09 18:58:07 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/12/10 04:59:27 | 000,000,000 | ---D | M] (PatentlyUseful For The USPTO) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{21d9fc16-931c-4295-b8cf-f01c16168089}
[2009/10/19 21:39:18 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/06/17 18:14:29 | 000,000,000 | ---D | M] (HamInfoBar Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{380d8a93-650c-4c55-8c93-3a3dce49af12}(150)
[2010/02/09 07:02:02 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2007/11/25 18:57:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{7adf87fb-c108-4a73-8135-1cca9779fb5b}
[2007/11/25 15:02:40 | 000,000,000 | ---D | M] (HamLinks Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{7adf87fb-c108-4a73-8135-1cca9779fb5b}(141)
[2009/12/30 19:49:46 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2008/06/17 18:14:30 | 000,000,000 | ---D | M] (Sage) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}(152)
[2007/11/25 15:02:38 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(142)
[2008/06/18 20:33:10 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(153)
[2010/01/24 22:13:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2007/11/25 15:02:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(143)
[2010/01/09 18:58:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007/11/25 15:02:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(144)
[2008/06/18 20:33:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(154)
[2010/02/03 17:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2007/11/25 15:02:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\filtersetg@updater(140)
[2009/07/15 07:36:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\hidenavbar@jaybaldwin
[2010/02/03 17:41:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\linkalert.conlan@addons.mozilla.com
[2009/12/10 04:59:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\max@subfighter.com
[2008/11/18 19:46:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\extensions\secureLogin@blueimp.net
[2009/06/22 20:46:33 | 000,000,682 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\ask.xml
[2008/01/13 17:18:48 | 000,000,981 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\askcom.xml
[2009/06/14 20:53:15 | 000,002,164 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\bing.xml
[2007/10/09 18:51:35 | 000,005,349 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\clusty.xml
[2007/11/08 18:59:11 | 000,001,793 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\filetubecom.xml
[2007/10/21 18:30:31 | 000,002,312 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\hakia.xml
[2009/07/17 14:20:12 | 000,002,525 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\juice.xml
[2007/10/09 18:52:53 | 000,000,858 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\searchmash.xml
[2007/09/02 07:33:33 | 000,002,386 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\siteadvisor.xml
[2007/11/01 18:59:11 | 000,003,547 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fg4j1qj8.default\searchplugins\technorati-search.xml
[2010/02/09 07:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/24 20:59:27 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/09/20 16:46:58 | 000,331,192 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11345 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E00315CF-CC3E-42CD-B6FF-E164438EFBDC} - No CLSID value found.
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000..\Run: [MRC] C:\Program Files\PC Tune-Up\PCTuneUp.exe (Large Software)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NARDat = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..Trusted Domains: citizensbank.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..Trusted Domains: ketsujin.com ([fighterace] https in Trusted sites)
O15 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..Trusted Domains: ketsujin.com ([primary] https in Trusted sites)
O15 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..Trusted Domains: ketsujin.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..Trusted Domains: ketsujin.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..Trusted Domains: stormofaces.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2488973047-2308359479-2647972124-1000\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (hl_simple.dll) - C:\Windows\System32\hl_simple.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ssqpnll: DllName - ssqpnll.dll - File not found
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\x-35.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\x-35.jpg
O30 - LSA: Authentication Packages - (C:\Windows\system32\awvtq.dll) - C:\Windows\System32\awvtq.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/01 21:11:57 | 000,000,000 | ---D | M] - C:\AutoRuns Utility -- [ NTFS ]
O33 - MountPoints2\{0c1137d8-ffd5-11dc-8577-0016d490f247}\Shell\AutoRun\command - "" = G:\PMB_Portable.exe -- File not found
O33 - MountPoints2\{64d9dd6c-a196-11dc-9b45-0016d490f247}\Shell - "" = AutoRun
O33 - MountPoints2\{64d9dd6c-a196-11dc-9b45-0016d490f247}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c1405e4a-0e36-11de-ad24-86c842a4826d}\Shell - "" = AutoRun
O33 - MountPoints2\{c1405e4a-0e36-11de-ad24-86c842a4826d}\Shell\AutoRun\command - "" = E:\MuzeeApp.exe -- File not found
O33 - MountPoints2\{c7586c03-1185-11df-89da-851cf5d97364}\Shell - "" = AutoRun
O33 - MountPoints2\{c7586c03-1185-11df-89da-851cf5d97364}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/03/19 19:40:40 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GPLog.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GreenPrint Printer Notify.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GreenPrint TrayIcon.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk - C:\Program Files\eFax Messenger 4.4\J2GTray.exe - (j2 Global Communications, Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeUpdater - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CarMD - hkey= - key= - C:\Program Files\CarMD\CarMD.exe (CarMD.com Corp)
MsConfig - StartUpReg: DPAgnt - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: eFax 4.4 - hkey= - key= - C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: GPPrinterNotify - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MRC - hkey= - key= - C:\Program Files\PC Tune-Up\PCTuneUp.exe (Large Software)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig - StartUpReg: SynTPStart - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - msh263.drv File not found
Drivers32: VIDC.JPEG - C:\Windows\System32\JpegCode.dll (Zoran Microelectronics Ltd.)
Drivers32: VIDC.MJPG - C:\Windows\System32\JpegCode.dll (Zoran Microelectronics Ltd.)
Drivers32: VIDC.MP42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.VGPX - C:\Windows\System32\vgpix32d.dll (Alaris, Inc.)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.Y411 - C:\Windows\System32\icmyuy2.dll (Alaris, Inc.)
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2011/08/31 23:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CraftEdge
[2010/02/21 12:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/21 12:02:06 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/02/10 08:58:37 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 08:58:37 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 08:58:32 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 08:58:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 08:58:31 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 08:58:31 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/03 17:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/02/03 16:35:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/02/03 16:35:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/02/03 16:35:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/02/03 16:31:58 | 000,918,816 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Owner\Desktop\jxpiinstall.exe
[2010/01/31 21:31:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder
[2010/01/28 19:12:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Turning MSI Wind Into a MAC
[2010/01/27 13:48:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\For sale Jan2010
[2010/01/26 08:09:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\AnyBizSoft PDF to Word
[2010/01/26 08:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\AnyBizSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/21 12:12:43 | 009,961,472 | ---- | M] () -- C:\Users\Owner\ntuser.dat
[2010/02/21 12:03:04 | 000,001,885 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2010/02/21 12:02:25 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/02/21 11:47:44 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/02/21 11:47:14 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/21 11:47:14 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/21 11:47:14 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/21 11:47:13 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/02/21 11:47:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/21 11:46:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/21 11:44:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/21 11:44:22 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TMContainer00000000000000000001.regtrans-ms
[2010/02/21 11:44:22 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TM.blf
[2010/02/21 11:44:09 | 003,801,768 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/02/21 11:38:01 | 056,058,252 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/21 11:30:21 | 000,000,697 | ---- | M] () -- C:\Windows\System32\PCTuneUp.config
[2010/02/10 19:34:44 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TMContainer00000000000000000002.regtrans-ms
[2010/02/10 19:24:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/10 19:19:06 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TMContainer00000000000000000001.regtrans-ms
[2010/02/10 19:19:06 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TM.blf
[2010/02/10 14:29:13 | 002,890,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/10 14:29:13 | 000,921,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/10 14:29:12 | 000,958,628 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/09 06:56:25 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/08 23:48:43 | 003,441,467 | R--- | M] () -- C:\Users\Owner\Desktop\SONY XV-AL100 User Manual.pdf
[2010/02/08 22:29:34 | 000,090,624 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 07:19:13 | 000,036,655 | ---- | M] () -- C:\Users\Owner\Documents\Discover Card_ Feb 11 2010 Payment.pdf
[2010/02/03 17:43:41 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/02/03 16:32:22 | 000,918,816 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Owner\Desktop\jxpiinstall.exe
[2010/02/03 11:47:57 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/02/01 19:51:14 | 000,000,873 | ---- | M] () -- C:\Users\Owner\Desktop\Slide Conversions - Shortcut.lnk
[2010/01/30 23:09:45 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TMContainer00000000000000000002.regtrans-ms
[2010/01/30 23:04:09 | 000,046,116 | ---- | M] () -- C:\Users\Owner\Documents\Etrade Tax Info tax yr 2009.pdf
[2010/01/30 22:13:04 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TMContainer00000000000000000002.regtrans-ms
[2010/01/30 22:13:04 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TMContainer00000000000000000001.regtrans-ms
[2010/01/30 22:13:04 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TM.blf
[2010/01/30 22:03:22 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{cce6cca5-fdf4-11de-a15f-abde2c998365}.TMContainer00000000000000000001.regtrans-ms
[2010/01/30 22:03:22 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{cce6cca5-fdf4-11de-a15f-abde2c998365}.TM.blf
[2010/01/29 17:06:39 | 003,200,320 | R--- | M] () -- C:\Users\Owner\Desktop\ham mag 13.pdf
[2010/01/29 14:26:01 | 000,810,570 | ---- | M] () -- C:\Users\Owner\Documents\Repairing Laptop Battery Pack.pdf
[2010/01/27 22:15:53 | 003,441,467 | R--- | M] () -- C:\Users\Owner\Documents\Sony XV-AL100 User Manual.pdf
[2010/01/26 08:09:11 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\AnyBizSoft PDF to Word.lnk
[2010/01/23 22:38:37 | 000,021,504 | ---- | M] () -- C:\Users\Owner\Documents\Gettimg Email.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/21 12:03:04 | 000,001,885 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2010/02/10 19:20:47 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TMContainer00000000000000000002.regtrans-ms
[2010/02/10 19:20:47 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TMContainer00000000000000000001.regtrans-ms
[2010/02/10 19:20:47 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{e8237b95-169e-11df-b3a5-bb3a2773077a}.TM.blf
[2010/02/09 06:56:25 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/08 23:48:43 | 003,441,467 | R--- | C] () -- C:\Users\Owner\Desktop\SONY XV-AL100 User Manual.pdf
[2010/02/04 07:19:10 | 000,036,655 | ---- | C] () -- C:\Users\Owner\Documents\Discover Card_ Feb 11 2010 Payment.pdf
[2010/02/03 17:43:41 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/02/01 19:51:14 | 000,000,873 | ---- | C] () -- C:\Users\Owner\Desktop\Slide Conversions - Shortcut.lnk
[2010/01/30 23:04:09 | 000,046,116 | ---- | C] () -- C:\Users\Owner\Documents\Etrade Tax Info tax yr 2009.pdf
[2010/01/30 22:14:53 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TMContainer00000000000000000002.regtrans-ms
[2010/01/30 22:14:53 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TMContainer00000000000000000001.regtrans-ms
[2010/01/30 22:14:53 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{6341206c-0e15-11df-8974-e7047b82bc40}.TM.blf
[2010/01/30 22:05:22 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TMContainer00000000000000000002.regtrans-ms
[2010/01/30 22:05:22 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TMContainer00000000000000000001.regtrans-ms
[2010/01/30 22:05:22 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\ntuser.dat{d9493e6c-0dfb-11df-8423-81478cdcfd66}.TM.blf
[2010/01/29 17:06:44 | 003,200,320 | R--- | C] () -- C:\Users\Owner\Desktop\ham mag 13.pdf
[2010/01/29 14:26:01 | 000,810,570 | ---- | C] () -- C:\Users\Owner\Documents\Repairing Laptop Battery Pack.pdf
[2010/01/27 22:15:53 | 003,441,467 | R--- | C] () -- C:\Users\Owner\Documents\Sony XV-AL100 User Manual.pdf
[2010/01/26 08:09:11 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\AnyBizSoft PDF to Word.lnk
[2010/01/23 22:38:36 | 000,021,504 | ---- | C] () -- C:\Users\Owner\Documents\Gettimg Email.doc
[2010/01/09 15:45:44 | 000,068,608 | ---- | C] () -- C:\Windows\System32\Iforce2.dll
[2009/12/10 19:19:03 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/10 19:19:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/10 19:19:00 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/10 19:19:00 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/10 19:18:57 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/10 19:18:57 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/10/24 20:01:50 | 000,042,132 | ---- | C] () -- C:\Windows\XF2000.INI
[2009/10/15 21:23:20 | 000,000,583 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\A-OK! MCC Preferences
[2009/10/15 21:17:46 | 000,002,442 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\A-OK! WoM.ini
[2009/08/10 20:58:21 | 000,002,516 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/08/10 20:58:21 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\9B234576CB.sys
[2009/08/05 21:36:46 | 000,000,117 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\default.pls
[2009/07/18 20:14:47 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/05/30 20:43:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/20 14:42:35 | 000,000,024 | ---- | C] () -- C:\Windows\mtcap.ini
[2009/04/09 04:14:30 | 000,910,368 | ---- | C] () -- C:\Windows\System32\OWL52T.DLL
[2009/03/11 07:31:54 | 000,221,184 | ---- | C] () -- C:\Windows\System32\DSPlayer.dll
[2008/10/21 20:52:56 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2008/08/27 13:57:40 | 000,000,145 | ---- | C] () -- C:\Windows\HRDLog001.INI
[2008/08/26 09:36:51 | 000,000,340 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/07/29 19:57:15 | 000,000,082 | ---- | C] () -- C:\Users\Owner\AppData\Local\X-Plane Installer.prf
[2008/07/29 19:25:20 | 000,000,015 | ---- | C] () -- C:\Users\Owner\AppData\Local\x-plane_install.txt
[2008/07/27 19:25:07 | 000,000,021 | ---- | C] () -- C:\Windows\xinorbis3.ini
[2008/07/26 22:04:24 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/06/01 09:02:04 | 000,081,920 | ---- | C] () -- C:\Windows\asr32311.dll
[2008/05/31 05:05:12 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\8D99CD0B3E.dll
[2008/05/26 19:58:10 | 000,000,101 | ---- | C] () -- C:\Windows\Crypkey.ini
[2008/05/26 19:58:01 | 000,031,654 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2008/05/26 19:58:01 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2008/05/22 18:34:54 | 000,000,004 | ---- | C] () -- C:\Windows\startup_BBCP.ini
[2008/05/18 12:28:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\PRTSERV.dll
[2008/05/18 08:44:19 | 000,000,805 | ---- | C] () -- C:\Windows\Common.ini
[2008/05/08 20:54:25 | 000,000,117 | ---- | C] () -- C:\Windows\wizardgui.INI
[2008/05/05 19:36:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspp6.dll
[2008/05/05 19:36:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspp5.dll
[2008/05/05 19:36:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspm6.dll
[2008/05/05 19:36:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspm5.dll
[2008/05/05 19:36:28 | 000,033,280 | ---- | C] () -- C:\Windows\System32\dsppX.dll
[2008/05/05 19:36:28 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008/05/05 19:36:28 | 000,004,608 | ---- | C] () -- C:\Windows\System32\DSP.dll
[2008/04/29 18:34:35 | 000,000,130 | ---- | C] () -- C:\Windows\ScreenHunter.INI
[2008/04/25 08:52:22 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/03/18 07:38:15 | 000,000,161 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/20 22:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2008/02/09 16:44:16 | 000,003,584 | ---- | C] () -- C:\Windows\System32\drivers\DLPortIO.sys
[2007/10/28 17:40:34 | 000,000,000 | ---- | C] () -- C:\Windows\R_Meteor.INI
[2007/10/28 16:52:18 | 000,000,000 | ---- | C] () -- C:\Windows\BeaconSee.INI
[2007/10/27 17:44:07 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/10/27 16:50:25 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2007/10/22 18:24:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/10/22 08:27:37 | 000,694,444 | -HS- | C] () -- C:\Windows\System32\jqcnmvcq.ini
[2007/10/21 20:12:45 | 000,000,440 | -HS- | C] () -- C:\Windows\System32\qtvwa.ini
[2007/09/09 12:36:45 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2007/08/10 18:17:32 | 000,000,208 | RHS- | C] () -- C:\Windows\System32\sysbkchx.sys
[2007/08/10 16:12:58 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2007/07/25 21:23:47 | 000,003,840 | ---- | C] () -- C:\Windows\System32\drivers\BANTExt.sys
[2007/07/04 08:37:01 | 000,000,336 | ---- | C] () -- C:\Windows\SCANREC.INI
[2007/05/25 13:04:11 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/05/25 12:52:17 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/05/01 18:31:09 | 000,000,236 | ---- | C] () -- C:\Windows\wininit.ini
[2007/04/29 18:50:53 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2007/04/26 19:08:02 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2007/04/22 17:12:44 | 000,018,432 | ---- | C] () -- C:\Windows\System32\hl_simple.dll
[2007/04/09 18:22:44 | 000,000,737 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/03/25 16:45:18 | 000,004,120 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2007/03/25 14:56:57 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2007/03/22 12:30:34 | 000,090,624 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/25 21:02:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/03 18:12:31 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2006/12/03 18:12:31 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2006/12/03 18:12:31 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2006/12/03 18:12:31 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2006/12/03 18:12:31 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2006/12/03 18:12:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2006/11/30 23:45:19 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499e5-80f3-11db-9b97-0016d42cc956}.TMContainer00000000000000000002.regtrans-ms
[2006/11/30 23:45:19 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499e5-80f3-11db-9b97-0016d42cc956}.TMContainer00000000000000000001.regtrans-ms
[2006/11/30 23:45:19 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499e5-80f3-11db-9b97-0016d42cc956}.TM.blf
[2006/11/30 23:45:17 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499d5-80f3-11db-9b97-0016d42cc956}.TMContainer00000000000000000002.regtrans-ms
[2006/11/30 23:45:17 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499d5-80f3-11db-9b97-0016d42cc956}.TMContainer00000000000000000001.regtrans-ms
[2006/11/30 23:45:17 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2006/11/30 23:45:17 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{d8d499d5-80f3-11db-9b97-0016d42cc956}.TM.blf
[2006/11/30 23:45:17 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2006/11/30 23:45:17 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2006/11/30 23:23:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2006/11/30 22:28:27 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2006/11/30 22:28:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2006/11/30 22:28:27 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2006/11/30 22:28:27 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/25 00:37:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/24 10:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997/08/05 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/08/05 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/08/05 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/11 01:28:25 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 14:02:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 14:02:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 14:02:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2005/09/27 18:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\drivers\KR10N.sys
[2005/09/27 18:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2009/09/20 08:55:22 | 000,000,000 | ---D | M](C:\Windows\F?nts) -- C:\Windows\Fоnts
[2007/10/21 20:07:46 | 000,000,000 | ---D | C](C:\Windows\F?nts) -- C:\Windows\Fоnts

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\LiveKernelReports\WATCHDOG\WATCHDOG] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Panther\setup.exe\setup.exe] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\ScanFile\ScanFile] -> \Device\__max++>\^ -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:EEDA5B17
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2BE9FEFC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F1C0B203
< End of report >

*******************************************************************

extras

OTL Extras logfile created on: 2/21/2010 12:12:28 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.11 Gb Total Space | 10.68 Gb Free Space | 7.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [- Browse with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browse" "%1" (Giorgio Tani)
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2488973047-2308359479-2647972124-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A0A1B7-C6F9-4B68-8FBF-2ACB757D2693}" = lport=445 | protocol=6 | dir=in | app=system |
"{0FDD6B49-9956-4559-86C4-0771EE492976}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{18ECA85B-DDB2-476D-9433-7BFC1EDAFB85}" = rport=137 | protocol=17 | dir=out | app=system |
"{28CED51E-7279-483C-B40C-39EBF204926F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{32CCD4F6-8951-4C3F-A043-5C2B0AA9170C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{37D0EDB8-BF13-4FE0-8CCE-7AD72A778A02}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{5BD4810E-0702-4F46-BC82-8CA4203EEF97}" = lport=5000 | protocol=17 | dir=in | name=akamai network manager |
"{5E42BC20-A6B2-4395-B982-23341580297A}" = lport=137 | protocol=17 | dir=in | app=system |
"{660E6EBF-3BDB-491B-AE58-F554E54E8713}" = lport=139 | protocol=6 | dir=in | app=system |
"{6FC4621F-DB21-4017-A33A-FA5B465ADABB}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{7AFC3056-A148-404E-82EB-4088E8801987}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{82F57617-5EFA-43A1-BCFC-9F0C60D73A2A}" = lport=138 | protocol=17 | dir=in | app=system |
"{89014564-FB80-4AA0-ACED-DD0F98CF3E6B}" = lport=9420 | protocol=6 | dir=in | name=akamai network manager |
"{8B5413D1-4137-446D-B1EF-55D4B9155F40}" = lport=5000 | protocol=17 | dir=in | name=akamai network manager |
"{93EE5627-E48A-4FA1-93AB-1093D6CCCAE3}" = lport=9420 | protocol=6 | dir=in | name=akamai network manager |
"{A81772B1-1D0D-41DB-9E19-07F62F5DF162}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{BAA53DEA-04A6-47AA-830A-4F7113E77FCC}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{C66F7F31-2769-41C2-924D-80F2CA5C6A62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D1FCD511-BD27-4186-A93A-D908F79C656E}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE10434B-C9B1-450B-A961-A5FF9C0B9A54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F34ED92A-4B68-4E00-95AB-C33518A1B7D9}" = rport=138 | protocol=17 | dir=out | app=system |
"{FBE9E5A6-F7BC-49F4-A671-6704960E2D76}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EDD2C1-E2DC-42F4-B94E-B029C80C3994}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{12B946B2-4C01-4D3C-9664-76894BB84138}" = protocol=6 | dir=in | app=c:\windows\temp\~os20bf.tmp\ossproxy.exe |
"{253CD698-2F88-49A8-9752-B205ED7B93BA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{30FAB76D-7196-4D53-A5FD-41A0C08F6BCA}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{3CD04F0D-06AC-4A76-8B47-EF85A71DC44A}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{40C1ABFA-FC2A-4B58-B1D2-BC8254DF9AF9}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgw.exe |
"{4399BA40-2A64-4125-916C-B72FEAFC5B42}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4F02F996-F6FA-4447-9E2C-661505A2DE66}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe |
"{5176AD98-AAF8-4082-B825-23438A773361}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe |
"{52643B13-47DA-400A-B4F7-65C559E3A00A}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{57E10FB3-4380-4A64-BBED-0A66044FC668}" = protocol=6 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe |
"{6610E5DD-39A4-4A79-8F30-0115DA199FA4}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{7101D948-9F20-4E6F-9701-1C7EF9DC3358}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{7326A210-7969-4EC4-84F6-D359365D0842}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgvv.exe |
"{7F982CE0-C49B-4617-86BA-968377F672B5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{848A49EB-AAAC-4ACC-8AC7-5AC4799907F5}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{84FF74B7-D8D8-4502-A418-0B060107C68A}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{869047E7-40B4-452F-B1CB-715EC66E291A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{87FBB576-B65D-49CB-8B71-78E5F9E96C58}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8CF7AD7E-6F7A-467F-8CF6-8C75B7F5757B}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{93281205-CAD5-4D56-B786-8C082972CD76}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{980BC0AE-CD87-4F1F-BC5E-F7B748F4C37A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9B84C7CB-938F-42A9-BC65-D496E5230231}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{A618250C-61A0-4804-84D4-919BA3731001}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{A6779502-346E-41E2-A06F-7A4A3699E167}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{A71C747C-FD26-46C7-99A3-C1EF5CF9C90D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A8554C65-CB7D-4076-8A0C-60C76ED31E5D}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{B0B2382D-A8F0-4FF1-BA53-4A0E62B9F746}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B807BA87-2CFB-42DB-B10A-F635A6843E57}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgvv.exe |
"{B9E5529C-ECB4-47D8-9AC1-3BCBFD641310}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BF2BEBC7-2C3E-4312-B3E8-ECCB71680C43}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C1FDAF51-A867-4702-89A0-D5ED661B1649}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgw.exe |
"{C2A4D6FD-6E59-48DF-9764-39575C5CB86B}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EB8AAE24-CF01-4BD9-97A7-4978B91DF96E}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EE70C67A-110B-420A-9F8D-B02DB60F863C}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{EF734F51-BC63-4DCD-A0D4-A0E5836C798C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F7EF10B7-617F-4D20-8557-5E9CC01E97D1}" = protocol=17 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe |
"TCP Query User{00C17F36-E185-48D6-AE07-47C40B088988}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"TCP Query User{13CDC1CA-C690-4E4A-8380-DFA97792DE06}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=6 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe |
"TCP Query User{17E74858-E0E6-482E-8FD3-314279F7DC31}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"TCP Query User{1846537C-91E8-48A8-A1CF-C45CFF59CFBD}C:\program files\virtual agc\bin\yaags.exe" = protocol=6 | dir=in | app=c:\program files\virtual agc\bin\yaags.exe |
"TCP Query User{264C36A6-873A-4FF3-8EEA-629264B58393}C:\users\owner\desktop\maxivistaviewera.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\maxivistaviewera.exe |
"TCP Query User{2DC93610-C9AF-4714-AE2D-CD1D54F400CB}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{366475DA-CACC-44C2-B3D1-B234A2CDA868}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{45D153EF-BBE9-4A73-9A12-F30F2E1CCF6E}C:\x-plane 9\x-plane.exe" = protocol=6 | dir=in | app=c:\x-plane 9\x-plane.exe |
"TCP Query User{4BE847A5-0E15-4E2B-A8B7-A1AD418DF32E}C:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe |
"TCP Query User{5FED48EC-529B-4828-8E03-77E7E15E1456}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{616D5C2B-A783-4B9C-82D6-30B7BE7835D6}C:\program files\virtual agc\bin\yaagc.exe" = protocol=6 | dir=in | app=c:\program files\virtual agc\bin\yaagc.exe |
"TCP Query User{666B5254-F28D-4127-8095-976296DB9578}C:\program files\helicopter strike force\game.exe" = protocol=6 | dir=in | app=c:\program files\helicopter strike force\game.exe |
"TCP Query User{69B6401F-FA0D-4185-9525-5F8DDD84ED3C}C:\program files\fighter ace anniversary edition\rsync.exe" = protocol=6 | dir=in | app=c:\program files\fighter ace anniversary edition\rsync.exe |
"TCP Query User{6CA988D7-09A2-41AE-AD4A-B14959B4E23B}C:\program files\linksys\logviewer\logviewer.exe" = protocol=6 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe |
"TCP Query User{73C62C4E-2C37-489F-92E6-FE1EAEFF4C78}C:\program files\linksys\logviewer\logviewer.exe" = protocol=6 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe |
"TCP Query User{824DC253-B1E5-4700-9D15-14F2609D8853}C:\x-plane 9.00 beta-24\x-plane 900 beta-24.exe" = protocol=6 | dir=in | app=c:\x-plane 9.00 beta-24\x-plane 900 beta-24.exe |
"TCP Query User{88873D6C-E2F9-453C-8756-C61ABDB63B71}C:\program files\rxplus\rx_plus.exe" = protocol=6 | dir=in | app=c:\program files\rxplus\rx_plus.exe |
"TCP Query User{94E0DDC8-1A76-40F2-8B28-9A5D069F2742}E:\viewer a from xp pc\maxivistaviewera.exe" = protocol=6 | dir=in | app=e:\viewer a from xp pc\maxivistaviewera.exe |
"TCP Query User{A2B40CE8-DFB3-4B84-9E0B-C79634EC6A35}C:\program files\rxplus\rx_plus.exe" = protocol=6 | dir=in | app=c:\program files\rxplus\rx_plus.exe |
"TCP Query User{ABAA6C96-DB1B-4C55-94C5-F9CDD87FC944}C:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"TCP Query User{AC5C04A7-D097-4A01-BEF2-FB429E0AC9E2}C:\program files\fdrlab\anytv\anytv.exe" = protocol=6 | dir=in | app=c:\program files\fdrlab\anytv\anytv.exe |
"TCP Query User{AF86830D-804E-465F-A49A-8150ED90D3B6}C:\users\owner\desktop\maxivistaviewera.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\maxivistaviewera.exe |
"TCP Query User{B30FAE5D-DB79-43C5-BBBB-E58AF3EB8504}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C288D57D-4FF4-450B-8451-DD06DD9430BC}C:\program files\wings over vietnam\wov.exe" = protocol=6 | dir=in | app=c:\program files\wings over vietnam\wov.exe |
"TCP Query User{C31260D9-E098-462B-BDCC-4EA9D6D466B7}C:\program files\strategy first\strike fighters\flightsim.exe" = protocol=6 | dir=in | app=c:\program files\strategy first\strike fighters\flightsim.exe |
"TCP Query User{C466D072-2891-4EB5-A88B-603621237B38}C:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{CC3CC5A0-D29E-4C6B-9BCE-CC52D0003309}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{CC7A7F7C-0EE8-4D3C-BAA1-E86989C04DA1}E:\muzeeapp.exe" = protocol=6 | dir=in | app=e:\muzeeapp.exe |
"TCP Query User{E84B89C2-43FD-4C3A-8073-2F09ACED6774}C:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe |
"TCP Query User{EB296642-6CEC-421C-BFEE-DC8BCDE5AE81}C:\program files\smartparts\smartparts desktop\optipix.exe" = protocol=6 | dir=in | app=c:\program files\smartparts\smartparts desktop\optipix.exe |
"TCP Query User{ED0F42E5-4919-435D-8320-E168EEB7B57E}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{04F8FB34-584D-476F-A73F-BFF6CF6D714C}C:\program files\fdrlab\anytv\anytv.exe" = protocol=17 | dir=in | app=c:\program files\fdrlab\anytv\anytv.exe |
"UDP Query User{176977CD-61ED-4618-AE4F-3DEE0E4B1297}C:\program files\linksys\logviewer\logviewer.exe" = protocol=17 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe |
"UDP Query User{187D85A6-AB57-471D-B9C7-6FDEF7B533E7}C:\program files\smartparts\smartparts desktop\optipix.exe" = protocol=17 | dir=in | app=c:\program files\smartparts\smartparts desktop\optipix.exe |
"UDP Query User{1CECDDB2-6E51-4E17-A4C9-17A8913C50B5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{26656B7C-58B9-488C-A8D5-57871948C240}C:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe |
"UDP Query User{27BFBCDF-B08A-43F2-A975-199190C1551E}C:\program files\virtual agc\bin\yaags.exe" = protocol=17 | dir=in | app=c:\program files\virtual agc\bin\yaags.exe |
"UDP Query User{35D8200B-427D-4127-AE66-11E83CF87349}E:\viewer a from xp pc\maxivistaviewera.exe" = protocol=17 | dir=in | app=e:\viewer a from xp pc\maxivistaviewera.exe |
"UDP Query User{3946AF17-2226-4770-9720-CA203408BC8C}C:\program files\linksys\logviewer\logviewer.exe" = protocol=17 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe |
"UDP Query User{4C0CD86B-B567-4EBE-B9FB-91C8CEDE4A59}C:\users\owner\desktop\maxivistaviewera.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\maxivistaviewera.exe |
"UDP Query User{5006F0AB-CCC7-46FD-AD7E-04860A5517D9}C:\program files\rxplus\rx_plus.exe" = protocol=17 | dir=in | app=c:\program files\rxplus\rx_plus.exe |
"UDP Query User{5626D3AE-82EE-4A6A-9225-E648E02F2197}C:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\onlineupdate8\setupxu.exe |
"UDP Query User{58DBE4B7-4BA4-4DAC-9DC7-EBFCAAA92CFF}C:\program files\fighter ace anniversary edition\rsync.exe" = protocol=17 | dir=in | app=c:\program files\fighter ace anniversary edition\rsync.exe |
"UDP Query User{5C057268-4C3B-48FA-A81F-F10A59466E8E}C:\program files\rxplus\rx_plus.exe" = protocol=17 | dir=in | app=c:\program files\rxplus\rx_plus.exe |
"UDP Query User{6EC6A017-360B-4EFB-A989-54A58FF60C0C}C:\users\owner\desktop\maxivistaviewera.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\maxivistaviewera.exe |
"UDP Query User{760F1FE6-F0B0-472A-A6DA-61EFCB39DAC5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{795CD5F6-8975-4EC7-A3C7-C220AC30BC19}C:\x-plane 9\x-plane.exe" = protocol=17 | dir=in | app=c:\x-plane 9\x-plane.exe |
"UDP Query User{90232DDF-5E73-40FB-B8B5-82BC7350AFFF}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{93BF6029-A593-4427-B630-F5BF913D7B36}C:\program files\helicopter strike force\game.exe" = protocol=17 | dir=in | app=c:\program files\helicopter strike force\game.exe |
"UDP Query User{9DD39B4B-621D-4F09-8E82-0205D9D6C14D}C:\program files\virtual agc\bin\yaagc.exe" = protocol=17 | dir=in | app=c:\program files\virtual agc\bin\yaagc.exe |
"UDP Query User{A152561E-D42C-447D-BEDC-4ED7DB9963B6}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe |
"UDP Query User{A51B02B1-C00D-436C-8041-66C17D3177EE}E:\muzeeapp.exe" = protocol=17 | dir=in | app=e:\muzeeapp.exe |
"UDP Query User{AB3675FC-5643-48A9-B38B-F8CC550C67CB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{AD90C77E-47DF-4F4B-8143-4E586A626F70}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{BCFC9349-9293-41A0-8247-11329E36B460}C:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{CA29D5E9-B58B-4956-8BA8-3E1C84D2F7F5}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"UDP Query User{CAF6C32A-20F1-4D66-A019-0F29A3D82B9D}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{D5FE3A5B-BFFC-46E0-8E4E-B077B4F9F099}C:\x-plane 9.00 beta-24\x-plane 900 beta-24.exe" = protocol=17 | dir=in | app=c:\x-plane 9.00 beta-24\x-plane 900 beta-24.exe |
"UDP Query User{E0F9CB34-4E40-4522-887A-B1387732761D}C:\program files\wings over vietnam\wov.exe" = protocol=17 | dir=in | app=c:\program files\wings over vietnam\wov.exe |
"UDP Query User{E3547109-9EC0-4B0A-9822-1F5EA94260DC}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=17 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe |
"UDP Query User{F6A625C7-002E-4733-AD1B-7CD300AAAB63}C:\program files\strategy first\strike fighters\flightsim.exe" = protocol=17 | dir=in | app=c:\program files\strategy first\strike fighters\flightsim.exe |
"UDP Query User{FD67BAD0-E7E1-4A72-91DE-63F619139546}C:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{014C4D18-DB14-4177-B340-B7B8B9C8E336}" = KBOS v1.1.2 for FSX
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = BELKIN Bluetooth Software 6.0.1.4400
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{09AD08C0-104D-4E58-92E0-E03CEABA9CD7}" = Helicopter Strike Force
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E967F9D-6604-4576-B7CE-26DA9D2A3ADC}" = TurboTax 2008 wnhiper
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{24E439E1-02B6-40E8-82A8-2E2033B62A9E}" = Eagle Lander 3D v212
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{292EE725-0210-4D25-A81F-99924EBF9FD8}_is1" = A-OK! The Wings of Mercury 3.9.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2971AD60-09A4-11D5-8738-00C0F046D1EF}" = B-17 Gunner Air War Over Germany
"{2BE8DD4A-28DE-4FBE-9917-A39856FD3833}" = CTR-PCRcvr
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EE8F85E-EDF1-4CEF-828F-27BC2981434F}" = Flight Deck 5 for FSX
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35CF12E1-DD25-11D6-837D-0000E8D55E8A}" = Icom IC-PCR1000
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C86BF23-B384-FC3D-8788-29DC514B3B62}" = Catalyst Control Center Core Implementation
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4304BE34-6DDA-46CC-ADAB-77990DC77ED5}" = Magellan RoadMate Tools
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 2.5.4)
"{45034CC3-4761-44B3-854A-B17778C0D5B0}" = Flight Deck 4 for FSX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF979D5-464C-4926-AF73-54C1C219F06A}" = Ham Radio Deluxe
"{5128275B-595E-4B65-3EAD-651897053B15}" = ccc-core-static
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.6.3
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EAB222B-F288-4138-B53B-03B6848A3D5C}" = hlVista
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C2EDF63-C83B-4AAD-AC26-1784660F618B}" = Advanced Disk Cleaner
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A819E7-4146-B9EA-1292-C4A77F657B4E}" = eBay Desktop
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A65E382-1843-4B46-861B-1BECB8354911}" = Falcon 4.0: Allied Force
"{7B601689-E7E0-4923-ADAC-C959249E1C5D}" = ccc-Branding
"{863F4168-8E0E-446F-BA3B-A26383BC32BB}" = Abacus Mission Combat Force
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8BEF9309-3B6B-3670-70A6-4631D2BC2FF6}" = Catalyst Control Center Graphics Full Existing
"{8EB278E8-7FDA-4ED9-A429-C87A76F95087}" = 1AVCapture
"{914928E5-4BA3-4809-9280-9C3DC20B993D}" = Scanner Recorder
"{917443c8-4fab-4c87-8ef3-ac150db4d42c}.sdb" = PC Tune-Up
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{962206B0-C3BA-4A51-82DF-124032910C91}" = Wings Over Vietnam
"{96DA37C3-4B48-41ED-8500-9C1F1E3933A2}" = Garmin City Navigator Europe 2008
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{9BD8D527-A96C-46DB-B076-48D34189B372}" = BVE Uchibo Line
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A746CE98-A755-4AD7-B4B8-346DC74CDECD}" = OVT Scanner
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AF78A04C-C6FE-4BB1-A592-1405192B4669}" = Flight Deck 4 Update 3 for FSX
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
"{C4F3D6A2-1214-4307-B43B-2C123AE931EC}" = Eagle Lander 3D 212 Vista Patch
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C86C99D6-BE68-DD8A-6EAD-AE9A28353288}" = Catalyst Control Center Graphics Light
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C896D417-10AD-4AAB-A491-22FD67AC2220}" = ACS CCID PCSC Driver 1.1.6.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D52B286A-BB3A-436B-A41A-8E1475DE5E06}" = Abacus Fighter Pilot 2 for FSX
"{D6EC64A4-1B90-6B93-CC33-897A0F96F5B3}" = CCC Help English
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DEFD2BF4-8EDA-C163-F2EC-9BE0A54FE674}" = ccc-utility
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters
"{E16A73E3-7976-4B86-A5C4-C544BB20C7C5}" = MapSource - WorldMap v3.01
"{E5090856-6E87-4AE1-B6FE-DD4149CB097A}" = LogViewer
"{E52382DC-2E7A-439D-8ECE-A27D8B816645}" = BVE 4
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{EBF9C5EB-C6DD-659C-9D2B-E033DB73C783}" = Catalyst Control Center Graphics Full New
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EFB7C37F-2B92-4A2A-BD38-5F3FC0A56657}" = CarMD
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2BD3EF3-D206-4725-BC3E-2B49A2771986}" = Screen Timer
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"18fsxun" = 18 Airports X-Generation Bundle FSX v1.0
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Aces High II" = Aces High II
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"After Burner 3D" = After Burner 3D
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"aignesamdeadlink" = AM-DeadLink 3.2
"AIM_6" = AIM 6
"Airlink Express_is1" = Airlink Express v.1.7.1.8
"AnVir Task Manager" = AnVir Task Manager
"Autoplay Menu Designer_is1" = Autoplay Menu Designer 3.4
"AVG8Uninstall" = AVG 8.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B17 Flying Fortress" = B17 Flying Fortress
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"BiAdmin" = BiAdmin
"Bonito RC60" = Bonito RadioCom 60
"CCleaner" = CCleaner
"com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1" = eBay Desktop
"Creative Jukebox Driver" = Creative Jukebox Driver
"CW DecoderXP" = CW DecoderXP
"DB3691CD-2D74-81BF-C7F1-28367A978466" = Virtual AGC
"Digital Editions" = Adobe Digital Editions
"doPDF 5 printer_is1" = doPDF 5.1 printer
"DOSShell" = DOSShell 1.4
"DVD Flick_is1" = DVD Flick 1.3.0.6
"E3D9A28446F164880F53982F2C8F2D15E31E3987" = Windows Driver Package - ACS (A38CCID) SmartCardReader (08/30/2008 1.1.6.3)
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FA-18 Operation Iraqi FreedomVersion 1.0" = FA-18 Operation Iraqi Freedom
"Falcon 4.0" = Falcon 4.0
"Fighter Ace Anniversary Edition" = Fighter Ace Anniversary Edition
"FileHippo.com" = FileHippo.com Update Checker
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FileZilla Client" = FileZilla Client 3.2.6.1
"Firefox Windows Media Player XPI" = Firefox Windows Media Player XPI
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 2.4.0.0
"Foxit Reader" = Foxit Reader
"Free Registry Cleaner for Vista_is1" = Free Registry Cleaner for Vista 1.0
"GEARDrivers" = GEAR Software Drivers
"Glary Utilities_is1" = Glary Utilities Pro 2.18.0.786
"HamSphere_is1" = HamSphere 2.0.19
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"IL-2 Sturmovik" = IL-2 Sturmovik
"ImgBurn" = ImgBurn
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"Legacy of the Sky: P-38 Lightning FSX/FS9" = Legacy of the Sky: P-38 Lightning FSX/FS9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"Mplayer" = Mplayer and all enabling of games
"nLite_is1" = nLite 1.4.9.1
"NTE QUICKCross v.14 Uninstall" = NTE QUICKCross v.14
"OK1IAK (Installer by N0HR) PocketDigi" = OK1IAK (Installer by N0HR) PocketDigi
"Omni-Rig_is1" = Omni-Rig 1.2
"OpenAL" = OpenAL
"PC Tune-Up" = PC Tune-Up
"PC Wizard 2009_is1" = PC Wizard 2009.1.89
"PC-ALE_is1" = PC-ALE 1.602H
"PeaZip_is1" = PeaZip 1.11
"Perfect Utilities" = Perfect Utilities 3.03
"Picasa 3" = Picasa 3
"PismoFileMountAuditPackage" = Pismo File Mount Audit Package
"Print Server Driver" = Print Server Driver
"RAZBAM Convair F-102 Delta Dagger for FSX" = RAZBAM Convair F-102 Delta Dagger for FSX
"RealPlayer 12.0" = RealPlayer
"RecAll-PRO" = RecAll-PRO
"Recover PDF Password_is1" = Recover PDF Password 2.3.0.60
"Red Jets" = Red Jets 1.0
"Revo Uninstaller" = Revo Uninstaller 1.83
"Road Runner Install_is1" = Road Runner Install
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"RxPlus" = RxPlus
"Scancorder_is1" = Scancorder 1.4
"Search And Rescue 3" = Search And Rescue 3
"Sierra Utilities" = Sierra Utilities
"SkySwePro" = SkySwePro
"Smart Defrag_is1" = Smart Defrag 1.20
"Sony Digital Camera Driver" = Sony Digital Camera Driver
"SoundArb" = SoundArb
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Spectrum Lab_is1" = Spectrum Lab V2.7
"STARWARS: The Battle of Endor v2.1_is1" = STARWARS: The Battle of Endor version 2.1
"Strike Fighters: Project 1" = Strike Fighters: Project 1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TalkPCR 2.4F2" = TalkPCR 2.4F2
"TOSHIBA Game Console" = TOSHIBA Game Console
"TurboTax 2008" = TurboTax 2008
"VertiSim" = VertiSim
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinDjView" = WinDjView 1.0.3
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"Wings of POWER: Heavy Bombers and Jets" = Wings of POWER: Heavy Bombers and Jets
"Wings Over Europe" = Wings Over Europe
"Wings Over Israel" = Wings Over Israel
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum Special Edition
"WinZip" = WinZip
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free
"Xtreme Prototypes X-15-2-3 VC for Flight Simulator1.1" = Xtreme Prototypes X-15-2-3 VC for Flight Simulator
"Yahoo! Music Engine" = Yahoo! Music Jukebox
"YS FLIGHT SIMULATOR" = YS FLIGHT SIMULATOR
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2488973047-2308359479-2647972124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FeelThere ERJ v.2" = FeelThere ERJ v.2
"Joint Strike Fighter" = Joint Strike Fighter
"MP3MyMP3 3.0" = MP3MyMP3 3.0
"Sansa Updater" = Sansa Updater
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/4/2010 8:09:11 AM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

Error - 2/4/2010 12:55:41 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3012
Description =

Error - 2/4/2010 12:55:41 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =

Error - 2/8/2010 10:50:46 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3012
Description =

Error - 2/8/2010 10:50:46 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =

Error - 2/9/2010 2:36:22 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3012
Description =

Error - 2/9/2010 2:36:22 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =

Error - 2/10/2010 3:29:09 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3012
Description =

Error - 2/10/2010 3:29:09 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =

Error - 2/21/2010 12:26:30 PM | Computer Name = Owner-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2/21/2010 12:24:44 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/21/2010 12:24:44 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/21/2010 12:24:44 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/21/2010 12:24:44 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/21/2010 12:46:53 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/21/2010 12:46:53 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/21/2010 12:46:53 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/21/2010 12:46:53 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/21/2010 12:46:53 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version

Error - 2/21/2010 1:36:44 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version


< End of report >



#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 21 February 2010 - 01:13 PM

Hi,

you should be able to find the information you need here: create and format a hard disk partition.

Sadly the logs you showed me in your previous post are not clean. The Hijackthis log shows leftovers of a rootkit and vundo. We can clean this image as well as the current one, but the same risks apply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 21 February 2010 - 01:42 PM

Hi myrti,

WOW! OK. Well let's try and clean this one first. I'll wait for your instructions.

I have to go away from the computer for about two hours.

When I return I will follow your instructions for the last logs I sent you (the old drive)

Thanks again. I really don't know what I would have done without your help.

John

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 21 February 2010 - 01:57 PM

Hi,

ok, please run Wink32diag:
Download and run Win32kDiag:
  1. Download Win32kDiag from any of the following locations and save it to your Desktop.
  2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

As well as Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

And a rootkit scan:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 NHGuy

NHGuy
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 21 February 2010 - 08:39 PM

Hi myrti,

Well Win32kDiag choked! I wait a two hours and it never displayed the complete message!

Now what?!??

I'm using my second PC to write this - Not 2nd hard drive, but another PC.

I really need to get one CLEAN PC. So if you won't mind can I ask you to look at the log files from this 2nd PC to see if it is clean?

Thanks again in advance. I took your advice as far as contacting possibly compromised important websites.

Could the attack be on my wireless router and spreading from there?

I just got my answer. I tried to download Hijack This from Cnet.com but I noticed that I was redirected to jj.jj. A progam named HijackThis downloaded as a zipfile. It installed it in the Program Files. But when I looked at the icon in Program Files is was a bomb signed by soaperman.

myrti, I think I am about to give up.

Could the malware gotten into my wireless router and infecting everything?

John





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users