Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what I have - browser getting hijacked avast disabled


  • This topic is locked This topic is locked
8 replies to this topic

#1 gembob

gembob

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 17 May 2010 - 08:03 PM

Not sure what I have, browser keeps getting hijacked, avast has been diabled and can't be fixed and comp is very slow. Kaspersky and malwarebytes both found viruses but said they were successfully removed, doesn't appear to be the case. Browser is frequently redirected to stopzilla, but not 100% of the time.


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Matt at 15:59:29.52 on Sun 05/16/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1491 [GMT -6:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Matt\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.igive.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\programdata\microsoft\windows\start menu\programs\ultimatebet\UltimateBet.lnk
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-25 64288]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-8-16 179712]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-6 162512]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-10-23 73728]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-6 19024]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-3-6 51792]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-6 40384]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-3-13 65536]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-25 24652]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-6 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-6 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-4 21504]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]

=============== Created Last 30 ================

2010-05-16 21:56:50 0 ----a-w- c:\users\matt\defogger_reenable
2010-05-14 06:33:44 34360 ----a-w- c:\windows\system32\drivers\xwdujfng.sys
2010-05-13 03:05:32 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-13 02:50:25 173 ----a-w- c:\windows\system32\MRT.INI
2010-05-12 06:56:58 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-07 06:47:55 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-07 06:47:55 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-07 06:47:55 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-07 06:47:46 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-07 06:47:45 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-07 06:40:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-07 06:40:26 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-07 06:40:26 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-06 05:08:51 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-06 05:08:51 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-06 05:08:49 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-06 05:08:48 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-06 05:08:48 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-06 05:06:07 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-06 05:05:55 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-04-29 21:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 01:34:42 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-20 01:34:42 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-20 01:34:42 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-20 01:34:42 143360 ----a-w- c:\windows\inf\infstor.dat
2009-04-25 18:54:02 26046840 ----a-w- c:\program files\postgresql-8.3.7-1.zip
2008-07-05 09:24:08 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-25 06:26:41 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-12-25 06:26:41 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-12-25 06:26:41 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-20 03:15:53 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-08-16 20:18:26 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:04:09.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:30 AM

Posted 19 May 2010 - 02:45 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 gembob

gembob
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 21 May 2010 - 03:26 PM

So since I had the problem I've just run avast, ad-aware, and malware and none of them are showing any more infections, but comp is still acting strangely. Here are the requested logs, thanks in advance for your help:

OTL logfile created on: 5/21/2010 2:01:06 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.48 Gb Total Space | 10.12 Gb Free Space | 7.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.34 Gb Free Space | 63.40% Space Free | Partition Type: NTFS
Drive E: | 702.31 Mb Total Space | 658.86 Mb Free Space | 93.81% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/21 14:00:22 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2010/05/21 01:52:10 | 001,314,704 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/06 14:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/07 18:36:30 | 004,125,640 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/03/13 05:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/01/19 01:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2007/09/07 10:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 10:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 13:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/05/20 23:42:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/05/20 23:42:40 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/05/20 23:42:40 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/20 23:42:40 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/04/16 15:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/05/21 14:00:22 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
MOD - [2009/04/11 00:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 01:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007/05/20 23:44:44 | 000,102,400 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/05/21 01:52:10 | 001,314,704 | ---- | M] (Lavasoft) [On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/07 10:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 13:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 14:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/04 09:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Stopped] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/01/18 23:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/07 10:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/16 14:14:59 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/08/16 14:14:59 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/08/16 14:14:59 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/05/20 23:44:46 | 001,674,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/05/20 23:43:56 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/05/20 23:42:38 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/23 04:51:56 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/27 01:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 01:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 01:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 20:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 20:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 20:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1073185916-2394342195-2432399411-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igive.com/
IE - HKU\S-1-5-21-1073185916-2394342195-2432399411-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1073185916-2394342195-2432399411-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1073185916-2394342195-2432399411-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1073185916-2394342195-2432399411-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2009/04/25 12:16:33 | 000,000,033 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: :: localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKU\S-1-5-21-1073185916-2394342195-2432399411-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1073185916-2394342195-2432399411-1000..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1073185916-2394342195-2432399411-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1073185916-2394342195-2432399411-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1073185916-2394342195-2432399411-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra 'Tools' menuitem : UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a45c5d99-2ef3-11dd-a714-001aa0fe2cb8}\Shell - "" = AutoRun
O33 - MountPoints2\{a45c5d99-2ef3-11dd-a714-001aa0fe2cb8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk - C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe - (Macrovision Corporation)
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\bigbooty\SUPERAntiSpyware.bat File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C0FC31D9-D941-B93E-77B7-69A3E88541A6} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/05 03:14:24 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/21 14:00:21 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/05/21 01:50:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/21 01:50:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/14 00:33:44 | 000,034,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\xwdujfng.sys
[2010/05/12 21:05:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/05/07 00:47:46 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/05/07 00:47:45 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/05/07 00:40:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/05/07 00:40:26 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/05/05 23:09:36 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/05 23:09:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/05/05 23:09:12 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/05/05 23:09:12 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/05/05 23:09:12 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/05/05 23:09:12 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/05/05 23:09:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/05/05 23:09:12 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/05/05 23:09:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/05/05 23:09:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/05/05 23:09:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/05/05 23:09:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/05/05 23:09:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/05/05 23:09:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/05/05 23:09:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/05/05 23:09:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/05/05 23:08:51 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/05/05 23:08:51 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/21 14:05:05 | 004,194,304 | -HS- | M] () -- C:\Users\Matt\ntuser.dat
[2010/05/21 14:00:22 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/05/21 13:59:22 | 000,707,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/21 13:59:22 | 000,606,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/21 13:59:22 | 000,105,884 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/21 13:37:48 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/21 13:37:48 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/21 11:49:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0FAEC150-33E6-4F25-9916-7AFDA6E6F4CF}.job
[2010/05/21 09:53:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/21 01:52:49 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/05/21 01:50:54 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/19 21:35:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/19 21:34:33 | 000,524,288 | -HS- | M] () -- C:\Users\Matt\ntuser.dat{3402c021-4920-11df-bf7a-001aa0fe2cb8}.TMContainer00000000000000000001.regtrans-ms
[2010/05/19 21:34:33 | 000,065,536 | -HS- | M] () -- C:\Users\Matt\ntuser.dat{3402c021-4920-11df-bf7a-001aa0fe2cb8}.TM.blf
[2010/05/19 21:34:27 | 001,605,183 | -H-- | M] () -- C:\Users\Matt\AppData\Local\IconCache.db
[2010/05/19 21:33:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/19 21:28:44 | 256,556,127 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/16 15:56:50 | 000,000,000 | ---- | M] () -- C:\Users\Matt\defogger_reenable
[2010/05/14 00:33:44 | 000,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\xwdujfng.sys
[2010/05/12 20:50:25 | 000,000,173 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/05/11 23:37:57 | 000,112,640 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/11 22:59:35 | 000,027,136 | ---- | M] () -- C:\Users\Matt\Documents\Poker Funds.xls
[2010/05/08 16:33:35 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/07 03:05:13 | 000,331,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/06 14:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/06 14:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 14:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/06 00:56:40 | 000,001,722 | -H-- | M] () -- C:\Users\Matt\Documents\Default.rdp
[2010/04/30 01:50:21 | 000,006,324 | ---- | M] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/23 13:11:39 | 000,001,683 | ---- | M] () -- C:\Users\Matt\Desktop\Bodog Poker.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/21 01:50:54 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/19 21:28:44 | 256,556,127 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/16 15:56:50 | 000,000,000 | ---- | C] () -- C:\Users\Matt\defogger_reenable
[2010/05/12 20:50:25 | 000,000,173 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/05/05 23:02:39 | 000,001,722 | -H-- | C] () -- C:\Users\Matt\Documents\Default.rdp
[2009/11/22 02:21:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/23 20:27:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/01 22:38:07 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/02/24 22:13:11 | 000,000,240 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/02/24 21:14:28 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 10:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 10:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/06 10:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/03/18 12:41:12 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/03/18 12:39:55 | 000,000,053 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2008/03/06 15:34:45 | 000,000,037 | ---- | C] () -- C:\Windows\videotoiPodconverter.ini
[2007/11/21 15:09:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/11 23:56:57 | 000,000,761 | ---- | C] () -- C:\Windows\m3jp2k.ini
[2007/10/11 23:56:57 | 000,000,702 | ---- | C] () -- C:\Windows\mmtvmj.ini
[2007/10/11 23:56:56 | 000,000,714 | ---- | C] () -- C:\Windows\m3jpeg.ini
[2007/10/11 23:56:53 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2007/10/11 23:56:51 | 000,040,960 | ---- | C] () -- C:\Windows\System32\UNRAR.dll
[2007/10/08 13:53:06 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2007/09/17 22:31:31 | 000,000,336 | ---- | C] () -- C:\Windows\wininit.ini
[2007/08/16 14:18:54 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/16 14:18:54 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/08/16 14:18:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2007/08/16 14:18:47 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/04/24 13:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/08/16 14:14:24 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/08/16 14:14:24 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/08/16 14:14:24 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/08/16 14:14:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/08/16 14:15:08 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/08/16 14:14:59 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/08/16 14:14:59 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/08/16 14:15:08 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/08/16 14:15:08 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/13 04:06:59 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 04:06:59 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 04:06:59 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/13 04:06:59 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/23 04:51:56 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys
[2007/04/23 04:51:56 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/23 04:51:56 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/04/23 04:51:56 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 01:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 01:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 03:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 01:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/19 01:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/19 01:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 01:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 01:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 01:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 03:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 05:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/06 14:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/20 14:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 05:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 05:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 05:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/05/21 01:52:49 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/05/14 00:33:44 | 000,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\xwdujfng.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 143 bytes -> C:\Users\Matt\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C05A8628
< End of report >



OTL Extras logfile created on: 5/21/2010 2:01:06 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.48 Gb Total Space | 10.12 Gb Free Space | 7.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.34 Gb Free Space | 63.40% Space Free | Partition Type: NTFS
Drive E: | 702.31 Mb Total Space | 658.86 Mb Free Space | 93.81% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1073185916-2394342195-2432399411-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0256ACC3-5B12-4F71-8D3A-EC0647C889C3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{032DE050-18A1-4425-A975-CA1AD96F19B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{03FFE9BA-D908-4E13-BAED-163F7BCA2DE3}" = rport=10244 | protocol=6 | dir=out | app=system |
"{05AF8D8C-E1E8-46B3-8272-5DEB5E0E2C47}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{094457C1-594A-4DE9-9980-4F3C7DAE3AFA}" = lport=5432 | protocol=6 | dir=in | name=postgresql |
"{0CA52ADE-0AE1-48E4-9EAE-59E9040CC713}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1E830785-2D0C-40D6-82D9-1CB89DA07538}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1FD9A054-B03F-474B-AFFF-D5C6135607A7}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{206D1964-48D0-4107-A0A8-DF0EE0F8C56F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3645FE9C-A026-41BC-A20A-2DBE6C2971BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{3DBE0315-4198-42CB-8DCA-8F1EBFC4B6D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{40F5BB1B-E9D2-44AF-A23A-EA34770775D6}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4335EAE5-F685-40A9-BD17-FFFCC84D220C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{44C6C969-F908-486C-BEA3-496515D0F275}" = rport=10244 | protocol=6 | dir=out | app=system |
"{57FA475E-7E90-4DC8-A274-AA3B14C8CC1C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9B9D2A5F-B90F-4FB1-83ED-A7B8016615C4}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{9FEA8E35-9662-48F7-810C-71E5C0BAEBB6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A0697E35-6FE6-4226-8A98-BA9A6B1E7EEC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AC29D26D-518C-4879-A6A7-C0530953DDED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AF2C3CF3-DCB3-4B67-8FA3-C89DF02F9BD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B0046D3E-BCA4-46A5-85E3-BE14E7FF48A6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B07BCBCB-3985-4409-AF43-AAB11280F119}" = lport=10244 | protocol=6 | dir=in | app=system |
"{B545C4A2-D1CB-4F5A-8E0A-370B650FE514}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{BB605ACF-5979-45AE-94BC-DC3F2AAC9318}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{CDC4A3D9-573D-4240-A1BE-C082B40DCF35}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE555580-F1B8-4E2A-AEAA-3A6F481F5D6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CF2419F1-598D-4394-803E-D7695CFEAC96}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{D3554764-F27E-4CED-ACAB-447658F10C36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D4EE28DC-1C33-44C2-8509-B2C72BC5051A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E0E0BEB1-0562-478A-A454-AD5CFF71AF9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E5DAB6F3-FBEF-4650-B76A-4906CDBFF307}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{ED58D71F-1CAA-44CA-A793-0E79A9853681}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AE5E7A-9713-45DF-A1C0-0B259D433F01}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{03530753-5951-439A-915D-6009B40E0145}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{09C2E523-A665-4991-8BC1-DDFE6A7AD700}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{0E5B2B7A-30FC-4878-AAF6-0FBED66B5449}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{0EB23BA6-8961-4D9F-BB6D-DC0DCCAD26EF}" = protocol=17 | dir=in | app=c:\program files\postgresql\8.3\bin\pg_ctl.exe |
"{100880F5-AA93-45C8-9269-1316C519B825}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1096A209-FA36-4D40-899F-EEDCFC7CBFA4}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{119209AA-4A69-4B7D-960E-B6EE1C0B6BBB}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{15DCFC70-E47E-4186-ADA0-27ADA0E181B1}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{16B5A7AC-832D-4554-A911-E2652605890F}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{18A1C523-ED85-48DB-AEAA-60A4474D8169}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{24CB321D-6C84-4F45-A80E-763A4424C12A}" = protocol=17 | dir=in | app=c:\program files\postgresql\8.3\bin\postgres.exe |
"{265B1F1D-43D3-459A-A95A-544B8A347D20}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{33C38A0C-28DB-40B0-94AD-085BB715A2DD}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{3D522732-44F4-4D0F-96E7-5BAB19FE33BA}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{4601026A-09C5-4A9A-B9C9-88DD81F9B4A2}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{50D23C8A-BC55-4620-B6AD-7237D33D3E66}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{60230F48-817B-4856-A7BF-2A497865B779}" = protocol=6 | dir=out | app=system |
"{69B548EF-D445-43C2-9A37-98ED83E08462}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{6A8BC663-AD68-494B-827E-46EFCBCEEDF7}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{6D31CF0D-A1BF-4363-8B2A-8569CF54B3F1}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{6D49C260-56EA-40CB-B009-6E886C0BD906}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6FF85D3D-EF99-4697-8869-9806011BD9DC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7278F2A8-DB23-4893-AAD0-B550B7B909C1}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{754A5DAA-1D1B-4AA8-B7B1-FD9ECF1FFD52}" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{900FF39E-01DD-4755-93D4-EC537FD7B381}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{97D3F4D8-ADAE-4301-A8E8-70C914532B75}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{987DA96E-8869-4E90-B04C-30077110CF0D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{98CF4BB3-3001-4C5B-9129-C551F341DB2F}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{A2C2EFA1-FBD0-4068-A7F1-43800B87BB1C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A63A0F43-89EA-4336-9DA5-22D93962FA5F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{A7346C26-A271-45D6-A57E-C9D887D59710}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AC86859C-2C5A-4BC6-BF17-F5E3C2D6096C}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{B25D5DF1-5419-432C-BAE5-A4A2892AF35F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B37CEC6D-AA1B-4281-B3B3-7E47FD2D186B}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{BCEA9796-58B8-4EB6-88D6-D8C3D57ECB6C}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{BD2AA38F-8632-425B-AC5B-C6E1B2B28275}" = protocol=6 | dir=in | app=c:\program files\postgresql\8.3\bin\pg_ctl.exe |
"{C4D89F83-978A-4880-8AE6-602B4F5CF76D}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{CAD41F6D-BFCF-41F3-BFA7-2948B1DCD86A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{CC171E60-F83B-4BFC-BB21-98088FD0CE62}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CE6090C2-F060-4387-8079-29EC26232007}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D3B4D5F4-681F-460A-BC6F-5D71698BC514}" = protocol=6 | dir=in | app=c:\program files\postgresql\8.3\bin\postgres.exe |
"{D3E9130F-FE45-4A2D-900A-1E1ADE30A829}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D95B3ABD-8515-4369-8FF6-76B30256A759}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{D9A12BB3-45AE-4723-A0CD-A2836238CBFB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DB7F8715-1555-403B-B1BB-9E2DAB64C967}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{DC04DF08-19D0-4848-990C-AD223AE60AA4}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{F01E8E53-0872-4227-A635-598A21350B9E}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{F58517F8-FDD6-4932-8464-AE3963EAA45A}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"TCP Query User{40130581-5553-45D2-ABFD-3E69FDC70CCB}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{5A864CEE-D19F-4BDA-861A-C901F6FB4898}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{606F508F-5F38-4D5A-B4B0-6DAA3D5F9267}C:\users\matt\appdata\roaming\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\users\matt\appdata\roaming\sopcast\adv\sopadver.exe |
"TCP Query User{72BBF966-DCAF-401A-A04B-6E09C571327C}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{83934445-DDC0-4829-8FD2-9462B61E42D2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9801F067-2367-4825-9AF9-FE826F41048F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E7787269-9B1C-42EF-8E07-CB0D25BC01B2}C:\program files\airvideoserver\airvideoserver.exe" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"UDP Query User{17AF5619-EDEF-415B-9B76-99405103D1F2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{4B9192F0-75D2-443E-BAF4-0A6819B36A71}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{59A217C3-D808-4CA4-8D44-3E2D4AC3CE08}C:\program files\airvideoserver\airvideoserver.exe" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"UDP Query User{9EA111AF-3CBC-4F09-B917-9E3AA3B4A829}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B99F6267-EFCF-45A9-8D18-FFF4A544D529}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C20C2817-2559-4989-BAB7-19022A4C1A38}C:\users\matt\appdata\roaming\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\users\matt\appdata\roaming\sopcast\adv\sopadver.exe |
"UDP Query User{C3D9B901-37FE-40F9-A93E-E6F6A4CE4623}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 16
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}" = Air Mouse Server
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Air Video Server" = Air Video Server 2.1.7
"avast5" = avast! Free Antivirus
"Bodog Hand Grabber" = Bodog Hand Grabber 1.13
"Bodog Poker_is1" = Bodog Poker
"Cake Poker" = Cake Poker
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DiskAid_is1" = DiskAid 1.5
"ffdshow_is1" = ffdshow [rev 3119] [2009-10-27]
"HoldemManager" = Holdem Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PokerStars" = PokerStars
"Remove on Reboot Shell Extension_is1" = Remove on Reboot Shell Extension
"Revo Uninstaller" = Revo Uninstaller 1.85
"UltimateBet" = UltimateBet
"Videora iPhone Converter" = Videora iPhone Converter 4.01
"VLC media player" = VLC media player 1.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.3 beta

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1073185916-2394342195-2432399411-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2010 3:51:28 AM | Computer Name = Matt-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/21/2010 7:29:02 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000071b, fault offset 0x000888f5, process id 0x440, application
start time 0x01caf7cd774ca9e5.

Error - 5/21/2010 8:01:35 AM | Computer Name = Matt-PC | Source = SPP | ID = 16387
Description =

Error - 5/21/2010 8:01:35 AM | Computer Name = Matt-PC | Source = System Restore | ID = 8193
Description =

Error - 5/21/2010 8:01:35 AM | Computer Name = Matt-PC | Source = System Restore | ID = 8210
Description =

Error - 5/21/2010 11:51:18 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000071b, fault offset 0x000888f5, process id 0x1280, application
start time 0x01caf8d91d2f514c.

Error - 5/21/2010 12:23:46 PM | Computer Name = Matt-PC | Source = SPP | ID = 16387
Description =

Error - 5/21/2010 12:23:46 PM | Computer Name = Matt-PC | Source = System Restore | ID = 8193
Description =

Error - 5/21/2010 12:23:46 PM | Computer Name = Matt-PC | Source = System Restore | ID = 8210
Description =

Error - 5/21/2010 1:52:24 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash10d.ocx, version 10.0.42.34, time stamp 0x4ae7baed,
exception code 0xc0000005, fault offset 0x0009647b, process id 0x7d8, application
start time 0x01caf8fdbec4c320.

[ Media Center Events ]
Error - 6/8/2008 7:25:14 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 11/8/2008 12:34:32 AM | Computer Name = Matt-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 11/8/2008 9:33:47 PM | Computer Name = Matt-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 11/8/2008 9:46:36 PM | Computer Name = Matt-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 11/8/2008 10:55:05 PM | Computer Name = Matt-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 11/9/2008 12:15:57 AM | Computer Name = Matt-PC | Source = McrMgr | ID = 109
Description =

Error - 11/9/2008 3:18:37 AM | Computer Name = Matt-PC | Source = McrMgr | ID = 109
Description =

Error - 11/24/2008 3:21:45 AM | Computer Name = Matt-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 4/29/2009 9:58:27 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/30/2009 1:38:51 AM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 5/19/2010 11:06:08 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/19/2010 11:29:05 PM | Computer Name = Matt-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:27:25 PM on 5/19/2010 was unexpected.

Error - 5/19/2010 11:30:26 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/19/2010 11:36:52 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/21/2010 3:51:33 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 5/21/2010 3:52:56 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/21/2010 7:32:12 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 5/21/2010 7:32:12 AM | Computer Name = Matt-PC | Source = RasMan | ID = 20210
Description = The Network Access Protection (NAP) enforcement client failed to register
with the Network Access Protection Agent (NAPAgent) service. Some network services
or resources might not be available. If the problem persists, disconnect and retry
the remote access connection or contact the administrator for the remote access
server.

Error - 5/21/2010 11:57:25 AM | Computer Name = Matt-PC | Source = RasMan | ID = 20210
Description = The Network Access Protection (NAP) enforcement client failed to register
with the Network Access Protection Agent (NAPAgent) service. Some network services
or resources might not be available. If the problem persists, disconnect and retry
the remote access connection or contact the administrator for the remote access
server.

Error - 5/21/2010 2:00:02 PM | Computer Name = Matt-PC | Source = RasMan | ID = 20210
Description = The Network Access Protection (NAP) enforcement client failed to register
with the Network Access Protection Agent (NAPAgent) service. Some network services
or resources might not be available. If the problem persists, disconnect and retry
the remote access connection or contact the administrator for the remote access
server.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:30 AM

Posted 22 May 2010 - 04:27 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 gembob

gembob
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 23 May 2010 - 10:11 PM

I think I'm going to just reformat, after I posted this I started the comp up and it said a windows service couldn't start and couldn't find an internet connection and basically nothing would work. My question is this: can I save some of the pictures and files from my computer onto my external hard drive or is that a bad idea because they may be infected? The comp has been connnected to the external hard drive after it started acting funny, so I may have infected it already.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:30 AM

Posted 26 May 2010 - 04:49 AM

Hi,

You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

Regarding your external drive, I would suggest running flash_disinfector:
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 gembob

gembob
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 27 May 2010 - 09:58 PM

Okay I'll do that, thank you so much for your help.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:30 AM

Posted 30 May 2010 - 05:54 AM

Hi,

you're very welcome. Let me know if you have any more questions, if not I'll close the topic.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:30 AM

Posted 27 June 2010 - 04:04 AM

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users