Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista Hijack This Log


  • This topic is locked This topic is locked
5 replies to this topic

#1 brattonm_2006

brattonm_2006

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sullivan, IL, USA
  • Local time:07:39 AM

Posted 26 February 2010 - 11:46 PM

This is what I got when I did Hijack This. I am having issues with Google redirecting me while using Mozilla Firefox browser. Does it show anything suspicious in here?

Thanks,

Mark





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:43 PM, on 2/26/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{445DBCDE-160B-4ED7-80FC-F8844A6E6A84}: NameServer = 192.168.2.1,97.64.187.150
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4607 bytes


BC AdBot (Login to Remove)

 


#2 brattonm_2006

brattonm_2006
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sullivan, IL, USA
  • Local time:07:39 AM

Posted 27 February 2010 - 02:16 AM

OK I had gathered on the site to use Combofix to get unwanted stuff off my computer. Here's the log from that run.


ComboFix 10-02-26.02 - Mark 02/27/2010 0:20.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.501.48 [GMT -6:00]
Running from: c:\users\Mark\Desktop\Comfix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3927549737-2721024773-4214339708-1001
c:\$recycle.bin\S-1-5-21-3927549737-2721024773-4214339708-1003
c:\$recycle.bin\S-1-5-21-3927549737-2721024773-4214339708-1004
c:\$recycle.bin\S-1-5-21-3927549737-2721024773-4214339708-1008
c:\$recycle.bin\S-1-5-21-3927549737-2721024773-4214339708-500
c:\$recycle.bin\S-1-5-21-915218132-3316391703-626559771-500
C:\desktop.ini
c:\users\Mark\AppData\Roaming\inst.exe
c:\windows\system32\stacsv.exe
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_iprip


((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 06:37 . 2010-02-27 06:43 -------- d-----w- c:\users\Mark\AppData\Local\temp
2010-02-27 06:37 . 2010-02-27 06:37 -------- d-----w- c:\users\Markie\AppData\Local\temp
2010-02-27 06:37 . 2010-02-27 06:37 -------- d-----w- c:\users\Markie.MARK\AppData\Local\temp
2010-02-27 03:20 . 2010-02-27 03:31 -------- d-----w- c:\users\Mark\AppData\Roaming\QuickScan
2010-02-26 08:27 . 2010-02-26 08:27 -------- d-----w- c:\windows\CheckSur
2010-02-26 05:00 . 2010-02-26 05:00 -------- d-----w- c:\windows\Sun
2010-02-26 04:58 . 2010-02-26 04:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-26 04:31 . 2010-02-26 04:31 -------- dc----w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-26 00:32 . 2010-02-26 01:01 -------- d-----w- c:\program files\Enigma Software Group
2010-02-25 22:45 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-25 22:44 . 2010-02-25 22:44 -------- d-----w- c:\program files\Panda Security
2010-02-25 22:24 . 2010-02-25 22:24 -------- d-----w- c:\users\Markie.MARK\AppData\Roaming\uTorrent
2010-02-25 20:20 . 2010-02-25 20:20 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-25 20:20 . 2010-02-25 20:44 -------- d-----w- c:\program files\COMODO
2010-02-25 20:14 . 2010-02-25 20:14 -------- d-----w- c:\program files\Defraggler
2010-02-25 20:14 . 2010-02-25 20:14 -------- d-----w- c:\program files\CCleaner
2010-02-25 20:09 . 2010-02-25 20:09 -------- d-----w- c:\program files\Trend Micro
2010-02-25 09:10 . 2010-02-25 09:10 -------- d-----w- c:\users\Markie.MARK\AppData\Local\VirtualStore
2010-02-25 09:08 . 2010-02-24 19:13 -------- d-----w- c:\users\Markie.MARK\Roaming
2010-02-25 09:08 . 2010-02-25 22:20 -------- d-----w- c:\users\Markie.MARK
2010-02-24 23:27 . 2010-02-24 23:27 -------- d-----w- c:\program files\uTorrent
2010-02-24 21:28 . 2010-02-24 22:11 -------- d-----w- c:\users\Mark\AppData\Roaming\IObit
2010-02-24 21:28 . 2010-02-25 20:08 -------- d-----w- c:\program files\IObit
2010-02-24 21:15 . 2010-02-24 21:15 -------- d-----w- c:\users\Mark\AppData\Roaming\Uniblue
2010-02-24 20:53 . 2010-02-24 22:34 -------- d-----w- c:\programdata\SecTaskMan
2010-02-23 18:03 . 2010-02-23 18:03 -------- d-----w- c:\users\Markie\AppData\Local\Yahoo
2010-02-23 18:03 . 2010-02-23 18:03 -------- d-----w- c:\users\Markie\AppData\Roaming\Yahoo!
2010-02-23 04:22 . 2010-02-23 04:23 -------- d-----w- c:\users\Markie\AppData\Local\Adobe
2010-02-23 04:16 . 2010-02-23 04:16 -------- d-----w- c:\users\Markie\AppData\Local\Mozilla
2010-02-23 04:15 . 2010-02-23 18:02 -------- d-----w- c:\users\Markie\AppData\Local\VirtualStore
2010-02-23 04:15 . 2010-02-23 04:17 -------- d-----w- c:\users\Markie\AppData\Local\Microsoft
2010-02-23 04:15 . 2010-02-24 10:07 -------- d-----w- c:\users\Markie
2010-02-23 04:15 . 2008-09-11 07:07 -------- d-----w- c:\users\Markie\AppData\Local\Microsoft Help
2010-02-23 01:05 . 2010-02-23 01:33 -------- d-----w- c:\program files\UltraVNC
2010-02-22 07:58 . 2010-02-22 07:58 -------- d-----w- c:\program files\iPod(4)
2010-02-22 07:58 . 2010-02-22 07:59 -------- d-----w- c:\program files\iTunes(5)
2010-02-22 07:53 . 2010-02-25 08:45 -------- d-----w- c:\program files\Audacity
2010-02-21 09:17 . 2010-02-24 22:09 -------- d-----w- c:\program files\Mozilla Firefox(9)
2010-02-21 08:28 . 2010-02-24 00:27 0 ----a-w- c:\users\Mark\AppData\Local\prvlcl.dat
2010-02-21 01:52 . 2010-02-25 20:25 -------- d-----w- c:\program files\AVG
2010-02-07 22:17 . 2010-02-07 22:17 -------- d--h--w- c:\programdata\CanonIJEGV
2010-02-06 01:18 . 2010-02-25 20:31 110208 ----a-w- c:\users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-06 01:08 . 2010-02-26 02:11 1356 ----a-w- c:\users\Mark\AppData\Local\d3d9caps.dat
2010-02-05 21:20 . 2010-02-05 21:20 -------- d-----w- c:\users\Mark\AppData\Local\VS Revo Group
2010-02-05 21:19 . 2009-12-30 17:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-05 20:18 . 2010-02-24 19:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-05 20:16 . 2008-03-08 02:14 148992 ----a-w- c:\windows\system32\drivers\ks.sys
2010-02-04 18:03 . 2010-02-04 18:03 -------- d-----w- c:\users\Mark\AppData\Local\LogiShrd
2010-02-04 18:02 . 2010-02-04 18:02 -------- d-----w- c:\users\Mark\AppData\Roaming\Leadertech
2010-02-04 18:01 . 2010-02-24 19:13 -------- d-----w- c:\programdata\LogiShrd
2010-02-04 18:01 . 2010-02-24 19:13 -------- d-----w- c:\program files\Logitech
2010-02-04 17:25 . 2010-02-24 19:13 -------- d-----w- c:\program files\Common Files\logishrd
2010-02-04 05:52 . 2010-02-04 05:52 -------- d-----w- c:\programdata\Seiz System Engineering
2010-02-04 05:49 . 2010-02-04 05:49 -------- d-----w- c:\users\Mark\AppData\Roaming\Seiz System Engineering
2010-01-28 20:56 . 2010-02-24 19:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-28 19:57 . 2010-02-24 19:13 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 06:40 . 2010-02-04 17:25 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-27 01:11 . 2009-11-01 20:19 3120 ----a-w- c:\users\Mark\AppData\Roaming\wklnhst.dat
2010-02-26 22:30 . 2009-11-10 09:47 -------- d-----w- c:\users\Mark\AppData\Roaming\uTorrent
2010-02-26 04:56 . 2006-12-16 19:44 -------- d-----w- c:\program files\Java
2010-02-25 04:12 . 2009-12-27 04:12 -------- d-----w- c:\programdata\CanonIJPLM
2010-02-24 23:05 . 2007-07-06 09:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-24 22:09 . 2009-11-15 21:54 -------- d-----w- c:\program files\AIM
2010-02-24 22:09 . 2009-11-10 10:05 -------- d-----w- c:\program files\LimeWire
2010-02-24 19:15 . 2008-02-25 08:15 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-24 19:14 . 2009-11-16 05:20 -------- d-----w- c:\users\Mark\AppData\Roaming\Audacity
2010-02-24 19:14 . 2009-02-25 23:05 -------- d-----w- c:\programdata\Symantec
2010-02-24 19:14 . 2008-06-27 08:23 -------- d-----w- c:\programdata\WorldWinner.com
2010-02-24 19:14 . 2008-03-31 22:12 -------- d-----w- c:\programdata\Stardock
2010-02-24 19:14 . 2006-12-16 19:39 -------- d-----w- c:\programdata\Microsoft Help
2010-02-24 19:14 . 2010-01-22 10:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 19:14 . 2009-11-28 03:21 -------- d-----w- c:\program files\Bonjour
2010-02-24 19:14 . 2009-11-11 04:14 -------- d-----w- c:\program files\EasyZip
2010-02-24 19:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-24 19:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-24 19:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-02-24 19:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-02-24 19:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-02-24 19:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Reference Assemblies
2010-02-24 19:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2010-02-24 19:12 . 2006-11-17 06:27 -------- d-----w- c:\program files\Common Files\New Boundary
2010-02-24 15:16 . 2009-10-03 07:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 22:09 . 2009-11-09 05:37 -------- d-----w- c:\users\Mark\AppData\Roaming\skypePM
2010-02-12 06:51 . 2009-11-09 05:14 -------- d-----w- c:\users\Mark\AppData\Roaming\Skype
2010-02-06 00:09 . 2009-11-10 07:14 -------- d-----w- c:\program files\VS Revo Group
2010-01-28 21:03 . 2008-12-04 16:51 -------- d-----w- c:\programdata\NOS
2010-01-22 11:38 . 2007-02-26 19:03 -------- d-----w- c:\program files\MSN Messenger
2010-01-22 10:38 . 2010-01-22 10:38 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2010-01-22 10:38 . 2010-01-22 10:38 -------- d-----w- c:\programdata\Malwarebytes
2010-01-20 20:29 . 2008-06-07 01:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 03:29 . 2010-01-16 03:29 -------- d-----w- c:\users\Mark\AppData\Roaming\AdobeUM
2010-01-07 22:07 . 2010-01-22 10:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-22 10:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 01:29 . 2010-01-07 01:29 -------- d-----w- c:\programdata\TomTom
2010-01-07 01:28 . 2010-01-07 01:28 -------- d-----w- c:\users\Mark\AppData\Roaming\TomTom
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-04-11 1006264]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-26 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-11-10 21:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3927549737-2721024773-4214339708-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3927549737-2721024773-4214339708-500]
"EnableNotificationsRef"=dword:00000002

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2/25/2010 4:45 PM 28552]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 5:31 AM 92008]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [8/14/2009 10:16 PM 655872]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 4:25 AM 2589184]
S3 PAC207;PC Camer@;c:\windows\System32\drivers\PFC027.SYS [2/13/2008 5:17 PM 618112]
S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [2/5/2010 3:19 PM 27192]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [10/6/2008 12:54 AM 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-02-26 c:\windows\Tasks\User_Feed_Synchronization-{FB5C30EB-3EAF-44D4-BC1D-A88F3A5479D9}.job
- c:\windows\system32\msfeedssync.exe [2009-12-08 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = www.aol.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {445DBCDE-160B-4ED7-80FC-F8844A6E6A84} = 192.168.2.1,97.64.187.150
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\wlmld3xb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - www.aol.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\wlmld3xb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\users\Mark\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\wlmld3xb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-auditadmin - c:\windows\temp\auditadmin.cmd
MSConfigStartUp-BigFix - c:\program files\Bigfix\bigfix.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 00:42
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3927549737-2721024773-4214339708-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F55E4C2-4857-CCB3-7DF4-F7A3488F1EAA}*]
"oanmhbmfgnfogdicmfdjgabnbmeopk"=hex:6a,61,6a,6b,6f,68,6e,62,69,63,61,6c,70,6d,
6e,63,6f,6d,65,68,00,94
"nahmnbppflmgfhccocbnibmecjgb"=hex:6a,61,6a,6b,6f,68,6e,62,69,63,61,6c,70,6d,
6e,63,6f,6d,65,68,00,94

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\mqsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\lpksetup.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-02-27 00:58:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-27 06:58

Pre-Run: 77,688,467,456 bytes free
Post-Run: 78,440,984,576 bytes free

- - End Of File - - 6622DEDE5E735581D56E31073B1F1C7C


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:39 PM

Posted 02 March 2010 - 09:54 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 brattonm_2006

brattonm_2006
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sullivan, IL, USA
  • Local time:07:39 AM

Posted 04 March 2010 - 03:12 AM

My original problem was that Google was redirecting me to other sites than I was wanting to go to. Like when I got to results from Google. I would click a link... but instead of taking me to the website I need, it would redirect me to something else. Then the problem just elevated to about any website I was on.. it would either open a new tab and put a unrelated website or take over what I had up. I did a HijackThis Log and posted it up here then to see if anyone knew what to do. Then I poked around on here and followed a tutorial here on Bleeping Computer and I ran Combofix. Combofix ended up finding a LOT of things that were wrong and removed the problem. I posted that log. I no longer have the redirects... at all. I just decided to leave my post and logs up. Just in case there was something left on my computer that needed to still be removed. I also have installed a better firewall and antivirus protection. And since I've installed it... it found three more viruses. So I know it's working and working well. I'm using specifically Comodo Internet Security. Then the other day I got your instruction to run OTL. And I have now ran it and I will put the logs below.

Thanks for the help! You all have been very helpful!

Mark



OTL logfile created on: 3/3/2010 11:18:38 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Mark\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.00 Mb Total Physical Memory | 155.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 43.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.29 Gb Total Space | 70.77 Gb Free Space | 68.52% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 3.66 Gb Free Space | 43.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/03 23:17:06 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2010/02/27 03:15:38 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/02/27 03:15:29 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/02/25 22:57:04 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010/01/15 21:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/13 05:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/08/14 08:25:18 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
PRC - [2009/02/10 10:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/25 02:16:17 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2006/12/16 14:14:47 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/11/02 06:34:40 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmp.exe
PRC - [2006/11/02 03:44:50 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


========== Modules (SafeList) ==========

MOD - [2010/03/03 23:17:06 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
MOD - [2010/02/27 03:15:55 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2006/11/02 03:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/27 03:15:29 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/01/25 10:02:20 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/11/13 05:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/14 08:25:18 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp)
SRV - [2009/02/10 10:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/05/02 10:40:34 | 000,398,704 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/02/25 02:16:17 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/04/11 00:08:37 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/16 14:14:47 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/11/02 06:35:03 | 000,322,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2006/11/02 06:35:03 | 000,322,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2006/11/02 06:35:03 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2006/11/02 06:34:40 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\snmp.exe -- (SNMP)


========== Driver Services (SafeList) ==========

DRV - [2010/02/27 03:17:00 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2010/02/27 03:15:54 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/02/27 03:15:53 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/02 01:58:53 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/06/17 04:59:30 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/05 17:32:02 | 000,655,872 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/10/06 00:54:16 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/09/14 15:25:59 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/05/30 11:22:16 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/05/09 19:21:06 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008/02/13 17:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/12/20 02:07:33 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/12/20 02:07:32 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/03/12 09:59:00 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WMP54GSx86.sys -- (BCM43XX)
DRV - [2007/02/28 15:57:28 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/12 08:49:56 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/12/12 08:49:56 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 01:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 01:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 00:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/31 16:15:24 | 000,165,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2006/06/19 16:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/07 15:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/09/23 13:49:44 | 000,068,672 | ---- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\2WirePCP.sys -- (2WIREPCP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T3604
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T3604
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.aol.com/
IE - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\S-1-5-21-3927549737-2721024773-4214339708-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\S-1-5-21-3927549737-2721024773-4214339708-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.aol.com"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/24 18:45:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/25 22:58:30 | 000,000,000 | ---D | M]

[2010/01/06 19:28:30 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2010/01/06 19:28:30 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/11/10 21:24:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/03 15:30:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\wlmld3xb.default\extensions
[2010/02/24 13:13:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\wlmld3xb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/26 22:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/27 00:41:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3927549737-2721024773-4214339708-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 97.64.187.150 97.64.179.251
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\em1_standard.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\em1_standard.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 05:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - FSFilter System Recovery
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - FSFilter System Recovery
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3E097FA6-EF72-4CCD-8AC3-25B47D55C6F8} - Yahoo! SearchAssist
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4BD7FBDC-F709-4125-8D17-B7B96970FA3F} - Yahoo! Tracking
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8EA7ADF-9545-4AC8-AB70-3E287E5BE431} - Yahoo! Toolbar
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{70C721A1-589B-4E0D-862C-0E2C6DA5580D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/03 23:16:59 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2010/03/03 17:29:51 | 003,467,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/03/03 17:29:47 | 003,502,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/03/02 18:16:16 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/03/02 18:16:16 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/03/02 18:16:12 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/03/02 18:16:11 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/03/02 18:16:10 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/03/02 18:16:09 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/03/02 18:16:08 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/03/02 18:16:07 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/03/02 18:16:07 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/03/02 18:13:04 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/03/02 18:13:04 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/03/02 18:09:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/03/02 18:09:31 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/03/02 18:09:31 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/03/02 18:09:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/03/02 18:09:27 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/28 03:24:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Free Sound Recorder
[2010/02/28 03:23:26 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTTextToAudio2.dll
[2010/02/28 03:23:26 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll
[2010/02/28 03:23:25 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll
[2010/02/28 03:23:25 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll
[2010/02/28 03:23:25 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioEditor2.dll
[2010/02/28 03:23:25 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioTransform2.dll
[2010/02/28 03:23:25 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioVisualization2.dll
[2010/02/28 03:23:25 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioRecord2.dll
[2010/02/28 03:23:25 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioPlayer2.dll
[2010/02/28 03:23:24 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\System32\NCTAudioCDGrabber2.dll
[2010/02/28 03:23:24 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2010/02/28 03:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Free Sound Recorder
[2010/02/28 02:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/02/27 02:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/02/27 02:33:31 | 000,171,552 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/02/27 02:33:31 | 000,130,960 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2010/02/27 02:33:31 | 000,074,328 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/02/27 02:33:31 | 000,029,520 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/02/27 00:42:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/27 00:37:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp
[2010/02/27 00:06:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/27 00:06:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/27 00:06:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/27 00:04:05 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/27 00:03:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/26 23:58:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/26 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\QuickScan
[2010/02/26 02:27:32 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/02/26 01:52:32 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/02/26 01:52:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/02/26 01:52:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/02/26 01:52:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/02/26 01:52:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/02/26 01:52:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/02/26 01:52:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/02/26 01:52:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/02/26 01:52:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/02/26 01:52:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/02/26 01:52:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/02/26 01:52:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/02/26 01:52:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/02/26 01:52:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/02/26 01:05:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/26 00:43:01 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/25 23:00:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/02/25 22:58:30 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/02/25 22:58:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/02/25 22:58:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/02/25 22:58:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/02/25 22:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/25 18:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/02/25 16:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/02/25 14:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/02/25 14:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/02/25 14:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/25 14:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/24 18:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/24 17:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/02/24 15:28:41 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\IObit
[2010/02/24 15:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/02/24 15:15:40 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Uniblue
[2010/02/24 14:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/02/22 19:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2010/02/21 03:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(9)
[2010/02/20 19:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/07 16:17:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2010/02/06 18:09:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Ghost Investigations
[2010/02/05 15:20:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\VS Revo Group
[2010/02/05 15:19:45 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2010/02/05 14:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/05 14:16:24 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/02/04 12:03:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\LogiShrd
[2010/02/04 12:02:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Leadertech
[2010/02/04 12:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010/02/04 12:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/02/04 11:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/02/03 23:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Seiz System Engineering
[2010/02/03 23:49:07 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Seiz System Engineering
[2009/11/02 01:58:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mark\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/03 23:30:37 | 006,815,744 | -HS- | M] () -- C:\Users\Mark\ntuser.dat
[2010/03/03 23:28:41 | 001,015,328 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2010/03/03 23:17:06 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2010/03/03 22:50:06 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/03 22:50:06 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/03 17:51:38 | 000,000,432 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/03/03 17:50:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/03 17:49:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/03 17:48:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010/03/03 15:31:44 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FB5C30EB-3EAF-44D4-BC1D-A88F3A5479D9}.job
[2010/03/03 05:32:09 | 002,714,446 | -H-- | M] () -- C:\Users\Mark\AppData\Local\IconCache.db
[2010/02/28 03:33:05 | 000,110,776 | ---- | M] () -- C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/28 03:23:33 | 000,001,718 | ---- | M] () -- C:\Users\Mark\Desktop\Cool Record Edit Pro.lnk
[2010/02/28 03:23:32 | 000,000,731 | ---- | M] () -- C:\Users\Mark\Desktop\Free Sound Recorder.lnk
[2010/02/28 02:18:10 | 000,000,811 | ---- | M] () -- C:\Users\Mark\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/02/27 13:07:46 | 000,372,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/27 03:17:00 | 000,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/02/27 03:15:55 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/02/27 03:15:54 | 000,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/02/27 03:15:53 | 000,130,960 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2010/02/27 02:41:15 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2010/02/27 00:42:05 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/27 00:41:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/26 19:11:52 | 000,009,216 | ---- | M] () -- C:\Users\Mark\Documents\QueenChastityMakeUp Tutorials.wps
[2010/02/26 19:11:52 | 000,003,120 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\wklnhst.dat
[2010/02/26 18:52:21 | 000,799,552 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/26 18:52:21 | 000,677,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/26 18:52:21 | 000,124,494 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/26 18:19:58 | 000,007,680 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 05:42:06 | 000,032,768 | ---- | M] () -- C:\Windows\SPInstall.etl
[2010/02/25 22:57:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/02/25 22:56:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/02/25 22:56:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/02/25 22:56:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/02/25 20:11:43 | 000,001,356 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2010/02/25 14:01:08 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/02/24 18:45:52 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/24 17:27:22 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/23 18:27:39 | 000,000,000 | ---- | M] () -- C:\Users\Mark\AppData\Local\prvlcl.dat
[2010/02/11 21:21:21 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/02/11 12:49:13 | 000,009,728 | ---- | M] () -- C:\Users\Mark\Documents\Chase Mortgage.wps
[2010/02/05 17:29:14 | 000,011,776 | ---- | M] () -- C:\Users\Mark\Documents\New Look Form.wps
[2010/02/04 12:02:03 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2010/02/02 11:34:00 | 000,010,240 | ---- | M] () -- C:\Users\Mark\Documents\Gaither Song.wps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/28 03:23:32 | 000,001,718 | ---- | C] () -- C:\Users\Mark\Desktop\Cool Record Edit Pro.lnk
[2010/02/28 03:23:32 | 000,000,731 | ---- | C] () -- C:\Users\Mark\Desktop\Free Sound Recorder.lnk
[2010/02/28 02:18:10 | 000,000,811 | ---- | C] () -- C:\Users\Mark\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/02/27 02:43:20 | 000,852,032 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010/02/27 02:41:15 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2010/02/27 00:06:03 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/27 00:06:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/27 00:06:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/27 00:06:03 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/27 00:06:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/26 19:11:52 | 000,009,216 | ---- | C] () -- C:\Users\Mark\Documents\QueenChastityMakeUp Tutorials.wps
[2010/02/25 14:01:08 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/02/24 18:45:52 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/24 17:27:22 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/02/21 02:28:27 | 000,000,000 | ---- | C] () -- C:\Users\Mark\AppData\Local\prvlcl.dat
[2010/02/11 12:49:13 | 000,009,728 | ---- | C] () -- C:\Users\Mark\Documents\Chase Mortgage.wps
[2010/02/05 19:31:05 | 000,007,680 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 19:08:25 | 000,001,356 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2010/02/05 17:29:13 | 000,011,776 | ---- | C] () -- C:\Users\Mark\Documents\New Look Form.wps
[2010/02/04 12:02:03 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2010/02/04 11:25:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010/02/02 11:33:59 | 000,010,240 | ---- | C] () -- C:\Users\Mark\Documents\Gaither Song.wps
[2009/11/25 20:14:07 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2009/11/10 22:14:12 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ZipDll.dll
[2009/11/10 22:14:12 | 000,115,712 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009/11/10 22:14:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\UNRAR.DLL
[2009/11/02 01:58:53 | 000,007,887 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\pcouffin.cat
[2009/11/02 01:58:53 | 000,001,144 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\pcouffin.inf
[2009/11/01 14:19:22 | 000,003,120 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\wklnhst.dat
[2009/10/07 08:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/06/21 21:32:23 | 000,008,396 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/23 04:28:45 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009/04/23 04:27:21 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/04/22 02:14:13 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2009/04/22 02:13:23 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/10/28 11:51:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2008/08/20 01:24:28 | 000,000,036 | ---- | C] () -- C:\Windows\ezmacros.INI
[2007/12/20 02:07:33 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007/12/20 02:07:32 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007/10/25 23:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2007/06/29 18:19:31 | 000,000,064 | ---- | C] () -- C:\Windows\CIV.INI
[2007/06/29 18:18:52 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/04/11 00:35:52 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/04/11 00:35:52 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/04/11 00:35:52 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/04/11 00:21:08 | 000,000,470 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/03/14 22:45:21 | 000,000,021 | ---- | C] () -- C:\Windows\COMPASS.INI
[2006/12/16 13:15:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/12/16 13:15:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/12/12 09:13:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006/12/12 08:02:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/02/27 15:50:00 | 000,197,120 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2002/01/25 06:04:50 | 000,005,440 | ---- | C] () -- C:\Windows\System32\mciwa16.dll
[2002/01/25 06:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\pspsbext.ini
[2002/01/25 06:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\pspfidrv.ini
[2002/01/25 06:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\pspfbase.ini
[2002/01/25 06:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\pspaudrv.ini
[2002/01/25 06:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\pspapdrv.ini
[2002/01/25 06:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\mciwaw95.ini
[2002/01/25 06:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\mcipspwa.ini
[2002/01/25 06:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\mcipspct.ini
[2002/01/25 06:04:50 | 000,000,220 | ---- | C] () -- C:\Windows\System32\pspwave.ini
[2002/01/25 06:04:50 | 000,000,219 | ---- | C] () -- C:\Windows\System32\pspdss.ini
[2002/01/25 06:04:50 | 000,000,219 | ---- | C] () -- C:\Windows\System32\pspddi.ini
[2000/01/27 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 05:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006/11/02 03:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/07/12 01:02:53 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\53b5c525cc87f4e90b882b7642e5ee4a\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\53b5c525cc87f4e90b882b7642e5ee4a\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010/02/24 13:15:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\ERDNT\cache\atapi.sys
[2010/02/24 13:15:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/25 02:15:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/25 02:15:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/25 02:15:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 01:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\53b5c525cc87f4e90b882b7642e5ee4a\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008/01/19 01:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008/01/19 01:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 03:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\ERDNT\cache\netlogon.dll
[2006/11/02 03:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 03:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 01:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\53b5c525cc87f4e90b882b7642e5ee4a\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008/01/19 01:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008/01/19 01:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 01:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\53b5c525cc87f4e90b882b7642e5ee4a\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008/01/19 01:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008/01/19 01:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 01:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\53b5c525cc87f4e90b882b7642e5ee4a\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008/01/19 01:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008/01/19 01:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 03:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\ERDNT\cache\scecli.dll
[2006/11/02 03:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 03:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:7547DA5B
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CEDA49F4
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9F222B60
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5FACFF6A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:42EF7FC8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:09B77012
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:237E4B91
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A56D6987
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3F2F06F2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C67CB31A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A4F63AED
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B8384DB6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6710EF08
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3BAE765B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BA05E0C4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:314CFB12
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:270A3983
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:EA34E08F
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D92485C9
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:00D5EBC2
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:315B4A13
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:61AF2B29
< End of report >






OTL Extras logfile created on: 3/3/2010 11:18:38 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Mark\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.00 Mb Total Physical Memory | 155.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 43.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.29 Gb Total Space | 70.77 Gb Free Space | 68.52% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 3.66 Gb Free Space | 43.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3927549737-2721024773-4214339708-1007\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3927549737-2721024773-4214339708-1000]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3927549737-2721024773-4214339708-500]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0544A46B-8213-44B8-85B1-4B26F7FE7687}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C8F1702-55DD-42AD-80EE-8B534AE44541}" = lport=137 | protocol=17 | dir=in | app=system |
"{18F876F6-E06F-482C-BE0E-98454AD276A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B85AF94-858E-40C2-94D5-C0F9081A8705}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22B3C4F6-51BF-4DB9-8B88-F1A540288EB8}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{292B7C20-54DD-4691-B3E7-D50110119716}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A8D1682-4860-4B09-B14E-7A9B73A81780}" = rport=10243 | protocol=6 | dir=out | app=system |
"{33ED7C07-4DE6-4632-AB65-3A77A0D83DD1}" = rport=139 | protocol=6 | dir=out | app=system |
"{3DD8E270-79FB-49DA-927A-FDB59571F133}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{40CA1DC7-4C8D-4E9F-982E-670668588072}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{46F0F946-2487-4FA6-B201-D069FC46BE19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F06936F-5C4F-435B-9509-1A3C51100802}" = lport=2869 | protocol=6 | dir=in | app=system |
"{545610CA-BC72-4341-96A2-59123D071947}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{63D01216-8D3A-4DB3-9596-D79F6422D8A9}" = lport=6346 | protocol=17 | dir=in | name=shareaza |
"{64FAD0D6-9D84-4F64-8024-05E6C2EBE4DE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6616FA64-1D66-4D65-B62D-8B92D2A67812}" = lport=138 | protocol=17 | dir=in | app=system |
"{66D0DF35-DA23-4A62-AAFF-54ADE8388038}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B5C8780-85A3-45CE-9689-81DE1A97E0B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6F007F20-23C4-450E-AD0D-73EFD5F5E6F6}" = rport=137 | protocol=17 | dir=out | app=system |
"{73E59FC2-7FD0-45EC-BC3F-60D0A0C88F84}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D864BB1-C629-4704-A709-871BFCF830C9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{83184369-061E-4052-BFC6-C89B89DE1B78}" = lport=2869 | protocol=6 | dir=in | app=system |
"{85A12575-2567-4824-86CF-A60C5A98A2B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{99018F03-F162-4C03-AC90-154B52DA8FE0}" = lport=6346 | protocol=6 | dir=in | name=shareaza |
"{9BA31597-3297-4211-AFC3-8FBB67B9B8AD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A09F2429-C8D7-4B05-9DF8-5B7180CB8B87}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A1B254F5-9EB2-4B4F-8D1E-2C590B2E86E4}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4C47D1E-4914-4D9F-9B29-6142CA59E89B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD16F409-2E88-4265-A19B-BB5458705901}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C0E1122C-D7EB-4658-829B-03D898191AB7}" = lport=139 | protocol=6 | dir=in | app=system |
"{CB15EAA6-4208-4989-B3C7-C79F2E4E87AD}" = lport=80 | protocol=6 | dir=in | app=system |
"{CD8ABD1D-5095-4799-96E3-0D75C5211962}" = rport=445 | protocol=6 | dir=out | app=system |
"{D255AA9F-1A10-452C-B58D-019B376E9D49}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD2D1E07-E37D-42EA-AFC0-49CE3AB072B9}" = rport=2869 | protocol=6 | dir=out | app=system |
"{EA59D0BC-8553-40EE-8C44-6800F904229D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FFE9B59C-0D03-40A9-AEF1-BC2F8547471E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0214C67B-3D80-4EC2-AD3A-EBF76FFF59FF}" = protocol=6 | dir=out | app=system |
"{074C733B-355E-4EB4-BF1F-81D5A88DC18C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{103101B4-B466-4687-9341-A3A78FBAAF49}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{340497D6-A78B-403E-93B5-504B9E381E13}" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{3A7E1D25-A927-4A30-994C-44976DE87770}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3B14EBC6-34F6-43CB-86AC-43A6C77DE58E}" = protocol=6 | dir=in | app=c:\windows\system32\mqsvc.exe |
"{3DEE4276-DF07-46FE-87B6-8861436D04CC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{428FC4FC-3381-4D1F-A04C-728CE598FDFA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43E83734-C938-4595-8DBB-3FCBAB269CDC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{444EA7CF-4EC1-410C-B8B3-217C75ECEC35}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{47025FC8-8E9D-4F21-ADF2-F9C01588A1A0}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{470574D6-A7FA-41BE-A43B-05A11DEFDDB6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{48D715EE-27A9-4ABF-910C-08A3FA7B6F8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B6B4A34-41B4-4B56-94B0-4306F4243BE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5002B979-4CAE-4280-880F-495FC933C24C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{52A81618-92F0-46F5-8A9C-01C2175538A6}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{599DD1F3-944E-4654-A5DB-7A2F5E5538AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5DDBFD20-F29E-41D9-9CE5-06857F09126B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6B3480B4-7EAD-4994-8A1E-B3DAB2B9F81F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{74A5B386-6AB2-41EF-AD71-CF8B0B60CB42}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{7612F266-B772-42A4-AE73-D08248159A9C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7856D06E-3E4F-4EEC-854F-4336F6EF52D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EDCD811-57F4-4793-8649-A7461A599669}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{84B9A152-2136-44BD-919E-0D394CB081E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{86599316-316D-4D5D-8596-A5EA2C5583C5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{87D71F1D-E3B1-4517-9605-42B2CA34205B}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{937D115E-B741-4591-9EFD-7450FD36E5FD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{94F4AC07-B7B8-4E2F-891C-55780C80F23F}" = protocol=6 | dir=in | app=c:\windows\system32\mqsvc.exe |
"{9E93A2A3-9048-427B-B0F7-3984E615818F}" = protocol=17 | dir=in | app=c:\windows\system32\mqsvc.exe |
"{9FD7C2E6-0BE5-410C-888F-874C7EAFA1D9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A011F2AC-5066-4634-8086-D38072D24C64}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{A1E0A883-1C39-4C07-8865-5A32CF626C6C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A32B2C91-E7BC-40F9-9AC0-6EEC87F3700D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A41A2633-2D62-45D4-BE90-184ABA729509}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6AAE530-F410-4CC0-B694-C488D1D20E1C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{AE24AF1A-09E3-4339-85B5-6272E6A64BDE}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{B22660A0-13E5-4F0D-8AC2-D37B53724B7D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{BBEAC93A-9B64-469B-9643-7C31AD59E303}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{BDD32985-0E1F-4D73-8AFC-45B87E119EC4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BE5DD584-B63A-4EFC-AFA6-19EFDB9C6911}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C04A9531-94FC-4A78-8082-4378E926F243}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C04B123D-FCB9-4963-AB94-64365223B469}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C4E7E05A-8B1B-4AB6-9EAC-EBA981EC01C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA84EC90-DB89-4F2F-9DD4-7EE7AB382F80}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CB2AD2B6-5C59-41F6-81F6-C224F51514E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF1E05F4-D7AA-4A15-8D31-3A512C3DEE1F}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{D194D309-BD7E-45E2-B83F-4AB0F615070C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D236E04C-6B02-4026-8E34-10BC6E4A501B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DA4823D2-7F72-4231-9CB2-45C98D542C8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E43B8D68-2E25-449F-9DAF-F9264904ACDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC1C7B1B-FDEC-43AE-BFB3-EA718F0E2A72}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F266B22F-3CEA-4DD4-9581-DD803137C9E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3C0DFDF-2A6E-4B32-AF15-C0C75ACA8E32}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8F80DC6-FF2E-4376-B25A-C4575BC843FD}" = protocol=17 | dir=in | app=c:\windows\system32\mqsvc.exe |
"TCP Query User{17167D85-B577-4BD7-9B49-510D05F633AC}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{322B88A1-5253-4438-A352-F6E9B4BEA18B}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{39B90894-4601-4AA6-A444-E8F982328304}C:\program files\myspace\im\myspaceim.exe" = protocol=6 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"TCP Query User{3FE77EA9-B81E-46D7-886B-581BEA23E3EA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{47FEC774-D49A-4BD1-BBF2-EDF9C18ADBE2}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{6F748C6F-DF08-4BC7-B1B4-25855C262C75}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{793E0623-1347-4222-904D-A1949201DB06}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"TCP Query User{7D753A16-8C0B-46A2-8CB5-8643971AAC09}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{7DDC05E1-B065-4F8F-95CF-2568CF6ECE59}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"TCP Query User{7ECD3846-0652-4C1A-9AEE-33968941582F}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{ACCAF2EE-4777-4E19-B268-1857F91B50F7}C:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe |
"TCP Query User{DCDD6F5C-5B52-4E50-8C5B-C202953D27F2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EF5B2635-574C-4AF2-923D-E9EEBA1371B1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{F24B05C2-96F8-4F0B-8569-5E479016A3B4}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{19AAC164-C5EC-4FDC-99F6-CA3AC197F798}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{1C81D4D1-C133-408A-9899-F27E04E1F200}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{2FDF4742-5024-4AD2-8850-830F46F7BDB6}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{31E753AD-C2A1-4190-B708-9FAD95CADA29}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{43AC1AD7-8D52-4D9C-B183-3F7F83C0B668}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{66C944AE-E370-4F7C-8E9C-8488532A0AE2}C:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe |
"UDP Query User{789258E5-B0D4-4D49-8370-FA1328A7CE37}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7A6CD134-B885-47E9-AE99-CFE33EE6551E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{822BD41E-662C-4674-8B1F-A9FDD78E420D}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{9F691156-5FF1-46E8-9578-C5D264F29317}C:\program files\myspace\im\myspaceim.exe" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"UDP Query User{A268535F-BD9D-4AB1-8168-2D9B54386A7B}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{C596D485-7683-4EE7-B03F-EAD366B329DC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CCAEC41B-38B1-4C30-8C0A-0831418A50EE}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{EEF98BFF-10D2-4060-ACF1-AE9EABD79917}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"COMODO Internet Security" = COMODO Internet Security
"Defraggler" = Defraggler
"DVDFab 6_is1" = DVDFab 6.1.2.5 (27/10/2009)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EasyZip" = EasyZip
"Family Tree Builder" = MyHeritage Family Tree Builder
"Free Sound Recorder_is1" = Free Sound Recorder 2010 v8.2.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"kSolo" = kSolo Recorder
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MS Access 97 SP2" = MS Access 97 SP2
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Picasa 3" = Picasa 3
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"PROSet" = Intel® PRO Network Connections Drivers
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.3.1894
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3927549737-2721024773-4214339708-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2009 7:34:08 PM | Computer Name = Jason-PC | Source = Google Update | ID = 20
Description =

Error - 8/21/2009 7:40:09 PM | Computer Name = Jason-PC | Source = Google Update | ID = 20
Description =

Error - 8/21/2009 8:34:12 PM | Computer Name = Jason-PC | Source = Google Update | ID = 20
Description =

Error - 8/21/2009 8:40:10 PM | Computer Name = Jason-PC | Source = Google Update | ID = 20
Description =

Error - 8/21/2009 9:34:07 PM | Computer Name = Jason-PC | Source = Google Update | ID = 20
Description =

Error - 8/21/2009 9:40:09 PM | Computer Name = Jason-PC | Source = Google Update | ID = 20
Description =

Error - 8/21/2009 10:34:14 PM | Computer Name = Jason-PC | Source = Google Update | ID = 20
Description =

Error - 8/21/2009 10:40:11 PM | Computer Name = Jason-PC | Source = Google Update | ID = 20
Description =

Error - 8/22/2009 10:16:42 AM | Computer Name = Jason-PC | Source = WerSvc | ID = 5007
Description =

Error - 8/22/2009 10:16:53 AM | Computer Name = Jason-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 3/4/2010 12:00:59 AM | Computer Name = Mark | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 3/4/2010 12:00:59 AM | Computer Name = Mark | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 3/4/2010 12:00:59 AM | Computer Name = Mark | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 3/4/2010 12:00:59 AM | Computer Name = Mark | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 3/4/2010 12:00:59 AM | Computer Name = Mark | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 3/4/2010 12:00:59 AM | Computer Name = Mark | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 3/4/2010 12:00:59 AM | Computer Name = Mark | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 3/4/2010 12:00:59 AM | Computer Name = Mark | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 3/4/2010 12:00:59 AM | Computer Name = Mark | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 3/4/2010 12:01:17 AM | Computer Name = Mark | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >




#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:39 PM

Posted 05 March 2010 - 11:35 AM

Hi,

the log looks good. Please provide a log from Malwarebytes and gmer next:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:39 PM

Posted 09 March 2010 - 07:46 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users