Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bizarre performance-eating problem


  • This topic is locked This topic is locked
21 replies to this topic

#1 smalltalkdan

smalltalkdan

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 20 May 2010 - 08:37 PM

I have had this laptop for about 9 months, and in the past 2 months have developed severe performance problems. It usually happens when I have been using Firefox for a while, or when I launch Windows Media Player 11. Looking at the performance monitor, CPU usage goes to 100% and stays there, rendering the computer pretty much useless. Terminating these programs and related processes sometimes but not always resolves the problem.

System: Dell Studio 14z, Intel Core 2 Duo, 3GB RAM, 250GB hard drive with 80GB free.

I've attached a HijackThis log - any help you can provide would be very much appreciated!

Regards...dan

Attached Files



BC AdBot (Login to Remove)

 


#2 smalltalkdan

smalltalkdan
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 22 May 2010 - 03:38 PM

Odd piece of additional data - I am usually connected to a 26" Samsung monitor. I have discovered that most of the problems occur when this monitor is connected AND when the troublesome app is located on that monitor. For example, today I launched WMP11 and watched a video clip for a few minutes on the laptop's screen without incident. But when I moved it to the Samsung monitor, CPU utilization went to 100% and stayed there. Moving the window back wasn't an option, as I couldn't get control for long enough to do anything.

Note that the problem does still occasionally happen when this monitor is not connected.

...dan

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:47 AM

Posted 23 May 2010 - 01:18 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 smalltalkdan

smalltalkdan
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 24 May 2010 - 12:37 AM

I ran DDS as requested; the logfile is attached.

I wasn't able to run GMER successfully, however. Upon running it, I immediately got the following error:

c:\windows\system32\config\system Cannot find the file specified.

I then ran the scan and got the following error:

[same path] Process cannot access the file because it is in use by another process.

GMER then reported "GMER hasn't found any modifications."

I then rebooted in safe mode without networking and did the same thing, with the same result.

Suggestions?

...dan

Attached Files

  • Attached File  DDS.txt   37.56KB   8 downloads


#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:47 AM

Posted 25 May 2010 - 12:19 AM

Hello, smalltalkdan
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 smalltalkdan

smalltalkdan
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 25 May 2010 - 07:08 PM

OTL results follow. Note that your instructions appear to be for Vista or XP - I am running Windows 7.

...dan

==========================================================
OTL logfile created on: 5/25/2010 4:40:20 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\VCAT\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 61.29 Gb Free Space | 21.63% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.36 Gb Free Space | 50.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VCAT-LTDAN
Current User Name: VCAT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/25 16:39:02 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\VCAT\Desktop\OTL.exe
PRC - [2010/05/16 18:19:49 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/05/07 12:58:49 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/05/07 01:23:21 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\VCAT\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/05/01 18:53:54 | 005,313,368 | ---- | M] (PokerStars) -- C:\Program Files (x86)\PokerStars\PokerStars.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/12 21:16:48 | 000,897,024 | ---- | M] () -- C:\Users\VCAT\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2010/04/04 11:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/04/03 13:16:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/26 10:11:24 | 000,109,568 | ---- | M] (Nomadio, Inc.) -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
PRC - [2010/03/26 10:11:22 | 000,759,808 | ---- | M] (Nomadio, Inc.) -- C:\Program Files (x86)\Connectify\Connectifyd.exe
PRC - [2010/03/25 21:10:56 | 001,089,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.1.0.32\ccsvchst.exe
PRC - [2010/02/19 22:49:32 | 003,366,632 | ---- | M] () -- C:\Users\VCAT\AppData\Local\TVersity\Media Server\web\admin\TVersity.exe
PRC - [2010/01/21 14:11:40 | 000,045,056 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2010/01/08 15:28:52 | 000,103,280 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe
PRC - [2009/12/17 14:54:40 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/12/08 14:06:38 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/16 14:36:22 | 003,272,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2009/06/04 15:49:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009/02/04 06:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/31 10:00:40 | 003,760,424 | ---- | M] (Thornsoft Development, Inc.) -- C:\Program Files (x86)\ClipMate7\ClipMate.exe


========== Modules (SafeList) ==========

MOD - [2010/05/25 16:39:02 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\VCAT\Desktop\OTL.exe
MOD - [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/02 04:00:52 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010/01/07 15:20:19 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxedcoms.exe -- (lxed_device)
SRV:64bit: - [2010/01/07 15:20:15 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService)
SRV:64bit: - [2009/12/08 09:46:35 | 008,551,272 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2009/10/29 11:33:00 | 050,612,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV:64bit: - [2009/09/26 05:28:30 | 004,924,336 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV:64bit: - [2009/09/26 04:36:06 | 000,174,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV:64bit: - [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/29 10:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/03/06 00:51:34 | 000,284,696 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV:64bit: - [2009/03/02 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
SRV - [2010/05/21 12:14:11 | 000,185,640 | ---- | M] () [Disabled | Stopped] -- C:\Users\TEMP.VCAT-LTDan.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISE4BNEX\B-Service.exe -- (B-Service)
SRV - [2010/05/21 11:03:48 | 001,314,704 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/12 21:16:48 | 000,897,024 | ---- | M] () [Auto | Running] -- C:\Users\VCAT\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Disabled | Stopped] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/01/21 14:11:40 | 000,045,056 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010/01/15 10:42:30 | 000,249,856 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\Windows\SysWOW64\snmvtsvc.exe -- (SMServer)
SRV - [2010/01/15 03:23:48 | 000,335,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/01/08 15:28:52 | 000,103,280 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/01/07 15:20:08 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxedcoms.exe -- (lxed_device)
SRV - [2009/12/08 14:06:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/05 23:29:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/09/05 23:28:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/09/05 23:28:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2009/09/05 23:27:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/27 08:05:04 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 13:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/04 15:49:18 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/04 06:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/06 22:25:51 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/03/13 06:56:40 | 000,014,336 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2010/03/10 19:32:58 | 000,687,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/02/26 19:23:21 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/04 08:53:02 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/01/15 13:59:34 | 000,033,336 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio)
DRV:64bit: - [2009/12/23 04:21:51 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.2.22617.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2009/12/19 07:11:40 | 000,314,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/11 03:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/12/08 09:47:05 | 000,185,968 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2009/12/08 09:47:05 | 000,116,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dlcdbus.sys -- (dlcdbus) DisplayLink Composite USB Bus Driver driver (WDM)
DRV:64bit: - [2009/12/08 09:47:05 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2009/11/21 17:43:47 | 000,451,120 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2009/10/27 00:29:46 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWVsp.sys -- (PTUMWVsp)
DRV:64bit: - [2009/10/27 00:29:40 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWNSP.sys -- (PTUMWNSP)
DRV:64bit: - [2009/10/27 00:29:34 | 000,144,912 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWNET.sys -- (PTUMWNET)
DRV:64bit: - [2009/10/27 00:29:26 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWMdm.sys -- (PTUMWMdm)
DRV:64bit: - [2009/10/27 00:29:20 | 000,012,688 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWFLT.sys -- (PTUMWFLT)
DRV:64bit: - [2009/10/27 00:29:14 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWCSP.sys -- (PTUMWCSP)
DRV:64bit: - [2009/10/27 00:29:00 | 000,071,056 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWBus.sys -- (PTUMWBus)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/14 20:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/09/26 21:32:36 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/09/25 23:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 18:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 18:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 17:07:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:64bit: - [2009/07/13 17:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 17:07:00 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2009/07/13 17:06:57 | 000,551,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2009/07/13 17:06:56 | 000,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/07/13 17:06:53 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009/07/13 17:06:52 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 17:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/13 17:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 16:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/07 22:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/02 22:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 22:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 22:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 22:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/29 10:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/06 17:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009/05/05 12:09:46 | 000,789,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/04/03 00:39:42 | 000,234,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/01 13:32:42 | 000,058,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2009/03/06 00:51:50 | 000,099,352 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
DRV:64bit: - [2009/03/04 18:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
DRV:64bit: - [2009/02/24 09:27:38 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/24 09:19:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/02/24 09:19:46 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/02/06 20:12:16 | 000,067,584 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lan9500-x64-n51f.sys -- (LAN9500)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/09/24 18:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/01/15 15:53:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2008/01/15 15:53:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2007/11/07 04:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010/05/18 12:24:23 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100518.002\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/10 17:03:19 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100525.003\EX64.SYS -- (NAVEX15)
DRV - [2010/05/10 17:03:19 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100525.003\ENG64.SYS -- (NAVENG)
DRV - [2010/04/29 10:44:04 | 000,678,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/04/20 17:25:25 | 000,000,000 | ---D | M] [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GmoteServer\bin\VLC\http -- (HTTP)
DRV - [2009/12/22 19:46:36 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/09/26 10:06:28 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/09/26 10:06:28 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 14:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 14:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009/05/25 16:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 B1 4C F1 EA EC CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.97.1:3128;https=192.168.97.1:3128;socks=192.168.97.1:1080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msnbc.com"
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/31 13:53:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/04/26 15:00:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/04/07 00:34:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009/12/22 19:57:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/30 19:34:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/08 18:10:42 | 000,000,000 | ---D | M]

[2009/12/22 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Extensions
[2009/10/14 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/05/24 20:23:00 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions
[2010/04/20 21:00:49 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/16 20:37:21 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions\LogMeInClient@logmein.com
[2010/01/08 15:21:11 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions\piclens@cooliris.com
[2010/04/30 20:40:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/25 20:42:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/09/11 12:42:33 | 000,000,787 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.11 exchange
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.1.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKCU..\Run: [ClipMate7] C:\Program Files (x86)\ClipMate7\ClipMate.exe (Thornsoft Development, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\VCAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnk = C:\Windows\Installer\{5E2D889D-FAFC-4E76-A851-3695ABA1A76F}\_A408D8C4509665C152B13E.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.244.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b59dd53-305b-11df-aabb-0024e8ce888b}\Shell - "" = AutoRun
O33 - MountPoints2\{0b59dd53-305b-11df-aabb-0024e8ce888b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3d343956-ef6d-11de-a4ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3d343956-ef6d-11de-a4ee-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{af54cc79-e777-11de-9449-0024e8ce888b}\Shell - "" = AutoRun
O33 - MountPoints2\{af54cc79-e777-11de-9449-0024e8ce888b}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 20:07:48 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/25 16:38:58 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\VCAT\Desktop\OTL.exe
[2010/05/24 22:08:41 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2010/05/24 22:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2010/05/24 22:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity Codec Pack
[2010/05/23 22:51:46 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Desktop\new pics
[2010/05/23 19:04:39 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Desktop\gmer
[2010/05/21 11:04:41 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/05/21 11:04:36 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/21 11:01:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/21 11:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/05/21 11:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/05/20 21:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orb Networks
[2010/05/19 11:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/19 11:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/05/15 16:30:58 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Desktop\LaVon pics
[2010/05/12 16:17:58 | 000,014,336 | ---- | C] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2010/05/12 16:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Stream
[2010/05/12 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Desktop\Review bucket
[2010/05/10 12:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/10 12:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/10 12:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/05/08 16:34:28 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\NCH Software
[2010/05/08 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/05/08 16:32:36 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\NCH Swift Sound
[2010/05/08 16:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2010/05/08 16:13:12 | 000,348,160 | ---- | C] (DGP) -- C:\Windows\SysWow64\MEnc.ocx
[2010/05/08 16:13:12 | 000,348,160 | ---- | C] (DevPower Development Tools) -- C:\Windows\SysWow64\FlatBtn6.ocx
[2010/05/08 16:13:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WAV to MP3 Encoder
[2010/05/07 20:09:12 | 000,380,928 | ---- | C] (Realtek) -- C:\Windows\RtlUI2.exe
[2010/05/07 17:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/05/07 01:28:10 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Documents\Downloads
[2010/05/03 00:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/03 00:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/05/02 16:32:19 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Tific
[2010/05/02 16:31:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64
[2010/05/02 16:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup
[2010/05/02 16:31:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200020.223
[2010/05/02 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2010/05/01 13:56:24 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\Malwarebytes
[2010/05/01 13:56:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/01 13:56:13 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/01 13:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/01 13:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/01 13:47:21 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Citrix
[2010/05/01 13:47:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/30 18:27:24 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Deployment
[2010/04/30 15:27:20 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Documents\My Widgets
[2010/04/30 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/04/27 11:36:37 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Logitech
[2010/04/27 11:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Common
[2010/04/27 11:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010/04/27 11:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control USB Driver
[2010/04/26 11:55:56 | 000,240,248 | ---- | C] (CACE Technologies) -- C:\Windows\SysWow64\wpcap.dll
[2010/04/26 11:55:56 | 000,025,312 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2010/04/26 11:55:55 | 000,088,704 | ---- | C] (CACE Technologies) -- C:\Windows\SysWow64\Packet.dll
[2010/04/26 11:55:55 | 000,040,464 | ---- | C] (CACE Technologies) -- C:\Windows\SysNative\drivers\npf.sys
[2010/04/26 11:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2010/04/25 20:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/25 20:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/25 20:06:43 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\CrashDumps
[2010/04/22 15:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2010/04/22 15:32:26 | 000,829,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxedcoin.dll
[2010/04/22 15:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar
[2010/04/22 15:28:09 | 000,007,680 | ---- | C] (eaio) -- C:\Windows\SysWow64\NativeCall.dll
[2010/04/22 15:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark
[2010/04/22 15:27:41 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/22 15:27:41 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/22 15:27:41 | 000,126,976 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxedlnks.dll
[2010/04/22 15:27:40 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/22 15:27:40 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/22 15:27:40 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/22 15:27:40 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/22 15:27:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/22 15:27:40 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcoms.exe
[2010/04/22 15:27:40 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/22 15:27:40 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcfg.exe
[2010/04/22 15:27:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[2010/04/22 15:27:40 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedih.exe
[2010/04/22 15:27:40 | 000,086,183 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\LXEDcfg.dll
[2010/04/22 15:27:23 | 001,631,744 | ---- | C] ( ) -- C:\Windows\SysNative\lxedserv.dll
[2010/04/22 15:27:23 | 001,331,712 | ---- | C] ( ) -- C:\Windows\SysNative\lxedusb1.dll
[2010/04/22 15:27:23 | 000,557,568 | ---- | C] ( ) -- C:\Windows\SysNative\lxedinpa.dll
[2010/04/22 15:27:23 | 000,547,840 | ---- | C] ( ) -- C:\Windows\SysNative\LXEDhcp.dll
[2010/04/22 15:27:23 | 000,515,584 | ---- | C] ( ) -- C:\Windows\SysNative\lxediesc.dll
[2010/04/22 15:27:22 | 001,371,648 | ---- | C] ( ) -- C:\Windows\SysNative\lxedcomc.dll
[2010/04/22 15:27:22 | 001,104,384 | ---- | C] ( ) -- C:\Windows\SysNative\lxedhbn3.dll
[2010/04/22 15:27:22 | 001,052,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxedcoms.exe
[2010/04/22 15:27:22 | 000,979,968 | ---- | C] ( ) -- C:\Windows\SysNative\lxedpmui.dll
[2010/04/22 15:27:22 | 000,892,416 | ---- | C] ( ) -- C:\Windows\SysNative\lxedlmpm.dll
[2010/04/22 15:27:22 | 000,579,584 | ---- | C] ( ) -- C:\Windows\SysNative\lxedcomm.dll
[2010/04/22 15:27:22 | 000,520,872 | ---- | C] ( ) -- C:\Windows\SysNative\lxedih.exe
[2010/04/22 15:27:21 | 000,612,008 | ---- | C] ( ) -- C:\Windows\SysNative\lxedcfg.exe
[2010/04/22 15:27:21 | 000,075,264 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\LXEDcfg.dll
[2010/04/20 17:30:49 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\Tific
[2010/04/20 16:30:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/18 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Poker Pro Labs
[2010/04/18 19:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Poker Pro Labs
[2010/04/18 19:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Poker Pro Labs
[2010/04/16 23:06:48 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Documents\Web Page Maker
[2010/04/16 23:06:48 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\Web Page Maker
[2010/04/16 23:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Page Maker
[2010/04/16 23:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Page Maker
[2010/04/16 14:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\GoodSync
[2010/04/16 14:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/04/16 12:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Renamer
[2010/04/14 18:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2010/04/14 18:31:29 | 000,000,000 | ---D | C] -- C:\Lexmark
[2010/04/14 18:10:29 | 000,000,000 | ---D | C] -- C:\logs
[2010/04/14 17:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
[2010/04/14 17:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Fax Solutions
[2010/04/14 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2010/04/14 17:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark S600 Series
[2010/04/14 17:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark S600 Series
[2010/04/06 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Symantec
[2010/04/04 11:44:04 | 000,547,656 | ---- | C] (Sensible Vision ) -- C:\Windows\SysNative\FAPassSync.dll
[2010/04/04 11:44:02 | 000,157,000 | ---- | C] (Sensible Vision ) -- C:\Windows\SysWow64\FAPassSync.dll
[2010/04/04 11:43:22 | 006,748,488 | ---- | C] (Sensible Vision ) -- C:\Windows\SysNative\FAIESSODlg.dll
[2010/04/04 11:43:20 | 006,194,504 | ---- | C] (Sensible Vision ) -- C:\Windows\SysWow64\FAIESSODlg.dll
[2010/04/04 11:43:12 | 000,634,184 | ---- | C] (Sensible Vision ) -- C:\Windows\SysNative\FAConsIfDLL.dll
[2010/04/04 11:43:10 | 000,263,496 | ---- | C] (Sensible Vision ) -- C:\Windows\SysWow64\FAConsIfDLL.dll
[2010/04/04 11:42:48 | 000,840,008 | ---- | C] (Sensible Vision ) -- C:\Windows\SysWow64\FACredProv2.dll
[2010/04/04 11:42:46 | 000,916,296 | ---- | C] (Sensible Vision ) -- C:\Windows\SysWow64\FACredProv.dll
[2010/04/04 11:16:08 | 001,013,248 | ---- | C] (Sensible Vision ) -- C:\Windows\SysNative\FACredProv2.dll
[2010/04/04 11:15:52 | 001,090,560 | ---- | C] (Sensible Vision ) -- C:\Windows\SysNative\FACredProv.dll
[2010/03/31 17:06:37 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\Intuit
[2010/03/31 17:06:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2010/03/31 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\IsolatedStorage
[2010/03/31 16:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2010/03/31 16:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2010/03/31 16:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010/03/31 14:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/03/27 23:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/03/26 08:57:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/03/22 13:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2010/03/19 11:48:52 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\SysWow64\NMSDVDXU.dll
[2010/03/19 11:48:52 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\vsflex8u.ocx
[2010/03/19 11:48:52 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\SysWow64\Vsflex7L.ocx
[2010/03/19 11:48:50 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\LG Electronics
[2010/03/19 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2010/03/12 16:14:06 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\BOXEE
[2010/03/12 16:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boxee
[2010/03/12 13:40:37 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\cache
[2010/03/11 16:13:53 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\WinZip
[2010/03/11 16:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/03/10 17:39:49 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\Help
[2010/03/10 17:39:49 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Help
[2010/03/10 17:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/03/10 17:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MasterCook 9
[2010/03/03 21:49:29 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\TVersity
[2010/03/02 04:00:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/03/02 04:00:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/02/28 12:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Airlink101 Wireless LAN Driver
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/25 16:46:16 | 004,718,592 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat
[2010/05/25 16:42:46 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/25 16:42:46 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/25 16:41:30 | 001,165,586 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\Cat.DB
[2010/05/25 16:39:02 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\VCAT\Desktop\OTL.exe
[2010/05/25 16:28:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000UA.job
[2010/05/25 03:00:18 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2010/05/25 02:00:18 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2010/05/25 01:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000Core.job
[2010/05/24 22:08:44 | 000,002,438 | ---- | M] () -- C:\Users\VCAT\Desktop\TVersity.lnk
[2010/05/24 19:46:31 | 000,717,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/24 19:46:31 | 000,618,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/24 19:46:31 | 000,104,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/24 19:40:12 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-VCAT-Startup.job
[2010/05/24 19:39:30 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/24 19:39:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/24 19:39:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/24 19:39:01 | 2213,302,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/24 14:34:16 | 001,186,394 | -H-- | M] () -- C:\Users\VCAT\AppData\Local\IconCache.db
[2010/05/23 14:01:35 | 036,757,883 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-23_1401.ZIP
[2010/05/21 11:04:35 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/21 11:04:30 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/20 00:20:20 | 000,000,115 | ---- | M] () -- C:\Users\VCAT\Desktop\Key Lime Pie Martini Recipe Emeril Lagasse Food Network.URL
[2010/05/18 08:05:51 | 000,047,616 | ---- | M] () -- C:\Users\VCAT\Desktop\CasinoVille 5-2010.doc
[2010/05/15 16:30:58 | 036,879,975 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-15_1629.ZIP
[2010/05/13 23:41:56 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini
[2010/05/12 16:31:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2010/05/10 14:30:23 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/05/08 11:48:54 | 037,012,833 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-08_1147.ZIP
[2010/05/07 01:17:29 | 000,431,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/06 11:08:32 | 000,113,600 | ---- | M] () -- C:\Users\VCAT\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/05 21:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys
[2010/05/05 21:01:43 | 000,001,473 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf
[2010/05/05 21:01:43 | 000,001,445 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf
[2010/05/01 15:26:01 | 000,003,584 | ---- | M] () -- C:\Users\VCAT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/01 15:14:30 | 036,995,671 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-01_1513.ZIP
[2010/04/30 19:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 19:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 19:49:35 | 000,065,536 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TM.blf
[2010/04/30 17:33:56 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 17:33:56 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 17:33:56 | 000,065,536 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TM.blf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys
[2010/04/28 22:03:51 | 000,007,402 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat
[2010/04/28 22:03:51 | 000,000,771 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf
[2010/04/27 20:06:56 | 037,005,238 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-27_2005.ZIP
[2010/04/27 02:13:36 | 037,001,630 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-27_0211.ZIP
[2010/04/26 14:01:04 | 000,013,064 | ---- | M] () -- C:\Users\VCAT\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/04/26 12:00:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01007.Wdf
[2010/04/26 11:55:49 | 000,000,950 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2010/04/26 01:18:45 | 000,007,829 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat
[2010/04/24 04:31:04 | 000,003,373 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf
[2010/04/23 08:04:20 | 504,372,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/22 15:36:50 | 000,195,849 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/04/21 20:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys
[2010/04/21 19:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys
[2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys
[2010/04/21 19:29:51 | 000,007,414 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat
[2010/04/21 19:29:51 | 000,001,421 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf
[2010/04/21 19:29:50 | 000,007,410 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat
[2010/04/21 19:29:50 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf
[2010/04/20 17:32:02 | 036,956,822 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1730.ZIP
[2010/04/20 17:28:08 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 17:28:08 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 17:28:08 | 000,065,536 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TM.blf
[2010/04/20 15:53:01 | 036,956,824 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1551.ZIP
[2010/04/20 15:18:03 | 036,956,821 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1516.ZIP
[2010/04/20 15:10:01 | 036,956,822 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1507.ZIP
[2010/04/20 14:56:45 | 036,956,823 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1455.ZIP
[2010/04/11 17:38:49 | 000,000,162 | -H-- | M] () -- C:\Users\VCAT\Desktop\~$ogle game show.docx
[2010/04/10 19:02:55 | 000,038,488 | ---- | M] () -- C:\Users\VCAT\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/04/06 22:25:51 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/04/06 22:25:51 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/04/06 22:25:51 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/04/06 17:55:09 | 036,816,516 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-06_1754.ZIP
[2010/04/04 11:45:06 | 000,094,536 | ---- | M] () -- C:\Windows\SysNative\FAIEExtension.dll
[2010/04/04 11:45:06 | 000,089,416 | ---- | M] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/04/04 11:44:12 | 000,059,208 | ---- | M] () -- C:\Windows\SysWow64\FAib.dll
[2010/04/04 11:44:04 | 000,547,656 | ---- | M] (Sensible Vision ) -- C:\Windows\SysNative\FAPassSync.dll
[2010/04/04 11:44:02 | 000,157,000 | ---- | M] (Sensible Vision ) -- C:\Windows\SysWow64\FAPassSync.dll
[2010/04/04 11:43:22 | 006,748,488 | ---- | M] (Sensible Vision ) -- C:\Windows\SysNative\FAIESSODlg.dll
[2010/04/04 11:43:20 | 006,194,504 | ---- | M] (Sensible Vision ) -- C:\Windows\SysWow64\FAIESSODlg.dll
[2010/04/04 11:43:12 | 000,634,184 | ---- | M] (Sensible Vision ) -- C:\Windows\SysNative\FAConsIfDLL.dll
[2010/04/04 11:43:10 | 000,263,496 | ---- | M] (Sensible Vision ) -- C:\Windows\SysWow64\FAConsIfDLL.dll
[2010/04/04 11:42:48 | 000,840,008 | ---- | M] (Sensible Vision ) -- C:\Windows\SysWow64\FACredProv2.dll
[2010/04/04 11:42:46 | 000,916,296 | ---- | M] (Sensible Vision ) -- C:\Windows\SysWow64\FACredProv.dll
[2010/04/04 11:42:44 | 000,247,624 | ---- | M] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2010/04/04 11:16:08 | 001,013,248 | ---- | M] (Sensible Vision ) -- C:\Windows\SysNative\FACredProv2.dll
[2010/04/04 11:15:52 | 001,090,560 | ---- | M] (Sensible Vision ) -- C:\Windows\SysNative\FACredProv.dll
[2010/04/02 22:36:04 | 000,007,606 | ---- | M] () -- C:\Users\VCAT\AppData\Local\Resmon.ResmonCfg
[2010/03/31 12:59:29 | 000,015,738 | ---- | M] () -- C:\Users\VCAT\Documents\Barona Internet gambling position.docx
[2010/03/30 20:53:59 | 036,761,734 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-30_2053.ZIP
[2010/03/26 18:50:43 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\isolate.ini
[2010/03/22 11:27:27 | 000,004,075 | ---- | M] () -- C:\Users\VCAT\AppData\Roaming\SAS7_000.DAT
[2010/03/22 00:07:40 | 036,626,602 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-22_0006.ZIP
[2010/03/20 21:47:39 | 036,626,345 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-20_2144.ZIP
[2010/03/18 03:02:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/03/13 06:56:40 | 000,014,336 | ---- | M] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2010/03/10 19:32:58 | 000,687,136 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8192su.sys
[2010/03/01 20:32:06 | 000,007,414 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtspx64.cat
[2010/03/01 20:32:06 | 000,007,410 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.cat
[2010/02/26 19:23:54 | 000,149,552 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\ironx64.sys
[2010/02/26 19:23:54 | 000,007,402 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\iron.cat
[2010/02/26 19:23:54 | 000,000,771 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\iron.inf
[2010/02/26 19:23:21 | 000,505,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.sys
[2010/02/26 19:23:21 | 000,032,304 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtspx64.sys
[2010/02/26 19:23:21 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.inf
[2010/02/26 19:23:21 | 000,001,421 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtspx64.inf
[2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys
[2010/02/25 16:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\cchpx64.sys
[2010/02/25 11:54:48 | 000,007,358 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.cat
[2010/02/25 10:54:48 | 000,007,358 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\cchpx64.cat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 22:08:44 | 000,002,438 | ---- | C] () -- C:\Users\VCAT\Desktop\TVersity.lnk
[2010/05/24 22:08:42 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/24 22:08:42 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/05/23 14:01:17 | 036,757,883 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-23_1401.ZIP
[2010/05/21 11:17:23 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/20 00:20:20 | 000,000,115 | ---- | C] () -- C:\Users\VCAT\Desktop\Key Lime Pie Martini Recipe Emeril Lagasse Food Network.URL
[2010/05/18 08:05:50 | 000,047,616 | ---- | C] () -- C:\Users\VCAT\Desktop\CasinoVille 5-2010.doc
[2010/05/15 16:30:41 | 036,879,975 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-15_1629.ZIP
[2010/05/12 16:31:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2010/05/08 11:48:29 | 037,012,833 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-08_1147.ZIP
[2010/05/07 20:09:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/05/07 20:09:12 | 000,000,901 | ---- | C] () -- C:\Windows\RtlUI2.exe.manifest
[2010/05/07 01:23:27 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000UA.job
[2010/05/07 01:23:26 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000Core.job
[2010/05/02 16:31:58 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200020.223\isolate.ini
[2010/05/01 15:25:57 | 000,003,584 | ---- | C] () -- C:\Users\VCAT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/01 15:14:05 | 036,995,671 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-01_1513.ZIP
[2010/05/01 15:11:13 | 000,002,715 | ---- | C] () -- C:\Users\VCAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnk
[2010/05/01 15:11:13 | 000,001,952 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2010/05/01 15:11:13 | 000,000,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2010/05/01 15:11:13 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/04/30 19:46:53 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 19:46:53 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 19:46:53 | 000,065,536 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TM.blf
[2010/04/30 17:29:11 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 17:29:11 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 17:29:11 | 000,065,536 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TM.blf
[2010/04/27 20:06:24 | 037,005,238 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-27_2005.ZIP
[2010/04/27 02:13:10 | 037,001,630 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-27_0211.ZIP
[2010/04/26 14:01:04 | 000,013,064 | ---- | C] () -- C:\Users\VCAT\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/04/26 12:00:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01007.Wdf
[2010/04/26 11:55:55 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/04/22 15:32:29 | 000,109,056 | ---- | C] () -- C:\Windows\SysNative\lxedvs.dll
[2010/04/22 15:32:23 | 000,065,106 | ---- | C] () -- C:\Windows\SysNative\lxedprpr.chm
[2010/04/22 15:32:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\lxedgcfg.dll
[2010/04/22 15:32:20 | 000,399,360 | ---- | C] () -- C:\Windows\SysNative\lxedcui.dll
[2010/04/22 15:32:20 | 000,148,480 | ---- | C] () -- C:\Windows\SysNative\lxedcuir.dll
[2010/04/22 15:32:19 | 000,008,694 | ---- | C] () -- C:\Windows\SysNative\lxedcommuilogo_rtl.bmp
[2010/04/22 15:32:19 | 000,008,694 | ---- | C] () -- C:\Windows\SysNative\lxedcommuilogo.bmp
[2010/04/22 15:27:41 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/22 15:27:41 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/22 15:27:41 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/22 15:27:41 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/22 15:27:40 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/22 15:27:40 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/22 15:27:40 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/22 15:27:40 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/22 15:27:40 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/22 15:27:39 | 000,002,050 | ---- | C] () -- C:\Windows\SysWow64\lxed.loc
[2010/04/22 15:27:23 | 000,495,616 | ---- | C] () -- C:\Windows\SysNative\LXEDinst.dll
[2010/04/22 15:27:23 | 000,195,849 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/04/22 15:27:22 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\lxedins.dll
[2010/04/22 15:27:22 | 000,378,368 | ---- | C] () -- C:\Windows\SysNative\lxedcu.dll
[2010/04/22 15:27:22 | 000,298,496 | ---- | C] () -- C:\Windows\SysNative\lxedgrd.dll
[2010/04/22 15:27:22 | 000,245,248 | ---- | C] () -- C:\Windows\SysNative\lxedinsb.dll
[2010/04/22 15:27:22 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\lxedinsr.dll
[2010/04/22 15:27:22 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\lxedcub.dll
[2010/04/22 15:27:22 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\lxedjswr.dll
[2010/04/22 15:27:22 | 000,022,016 | ---- | C] () -- C:\Windows\SysNative\lxedcur.dll
[2010/04/22 15:27:21 | 000,002,050 | ---- | C] () -- C:\Windows\SysNative\lxed.loc
[2010/04/22 15:27:05 | 000,381,440 | ---- | C] () -- C:\Windows\SysNative\lxedsm.dll
[2010/04/22 15:27:05 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2010/04/22 15:27:05 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/22 15:27:05 | 000,023,552 | ---- | C] () -- C:\Windows\SysNative\lxedsmr.dll
[2010/04/20 17:31:37 | 036,956,822 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1730.ZIP
[2010/04/20 17:26:58 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 17:26:58 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 17:26:58 | 000,065,536 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TM.blf
[2010/04/20 15:52:33 | 036,956,824 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1551.ZIP
[2010/04/20 15:17:33 | 036,956,821 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1516.ZIP
[2010/04/20 15:09:32 | 036,956,822 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1507.ZIP
[2010/04/20 14:56:15 | 036,956,823 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1455.ZIP
[2010/04/14 18:54:40 | 000,013,660 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/14 18:53:46 | 000,000,089 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/14 18:32:55 | 000,000,508 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/14 17:59:10 | 000,010,432 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/14 17:47:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/14 17:47:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/14 17:47:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/11 17:38:49 | 000,000,162 | -H-- | C] () -- C:\Users\VCAT\Desktop\~$ogle game show.docx
[2010/04/06 17:54:42 | 036,816,516 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-06_1754.ZIP
[2010/04/04 11:45:06 | 000,094,536 | ---- | C] () -- C:\Windows\SysNative\FAIEExtension.dll
[2010/04/04 11:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/04/04 11:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/04/04 11:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2010/04/02 22:36:04 | 000,007,606 | ---- | C] () -- C:\Users\VCAT\AppData\Local\Resmon.ResmonCfg
[2010/03/31 12:59:28 | 000,015,738 | ---- | C] () -- C:\Users\VCAT\Documents\Barona Internet gambling position.docx
[2010/03/30 20:53:38 | 036,761,734 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-30_2053.ZIP
[2010/03/22 13:06:46 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter64-VCAT-Startup.job
[2010/03/22 00:07:06 | 036,626,602 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-22_0006.ZIP
[2010/03/20 21:47:07 | 036,626,345 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-20_2144.ZIP
[2010/03/18 03:02:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/03/08 18:30:25 | 000,004,075 | ---- | C] () -- C:\Users\VCAT\AppData\Roaming\SAS7_000.DAT
[2010/03/08 18:30:03 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2010/03/08 18:30:01 | 000,000,500 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2009/12/23 04:21:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2009/12/23 04:21:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2009/12/13 19:35:08 | 000,000,196 | -H-- | C] () -- C:\Windows\SysWow64\tscct1.dll
[2009/12/13 19:34:45 | 000,270,409 | ---- | C] () -- C:\Windows\SysWow64\TifToPdfCtxMenu.dll
[2009/12/02 21:53:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/11 01:50:47 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/09/11 01:50:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/09/11 01:50:44 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/09/11 01:50:44 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/09/05 23:30:14 | 000,001,438 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2009/09/05 23:30:14 | 000,001,379 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2009/09/05 23:29:55 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/09/05 23:29:55 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/12 16:14:06 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\BOXEE
[2009/12/22 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\GetRightToGo
[2009/12/22 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\GlarySoft
[2010/04/11 18:06:16 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Gmote
[2010/05/19 11:57:49 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\GoodSync
[2010/03/12 18:48:33 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\iMapBuilder
[2010/04/20 17:25:31 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\LG Electronics
[2010/01/26 18:40:07 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\motorola
[2010/05/15 16:33:21 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\NCH Swift Sound
[2009/12/25 16:36:34 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Nuance
[2009/12/22 20:10:11 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\SmartDraw
[2010/01/15 15:19:14 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Smith Micro
[2009/12/22 20:10:11 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Thornsoft Development
[2010/05/02 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Tific
[2009/12/22 20:10:12 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\TomTom
[2009/12/22 20:10:12 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Trillian
[2009/12/22 20:10:13 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\TuneUp Software
[2009/12/22 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\UltimateBet
[2010/05/25 16:46:51 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\uTorrent
[2010/04/16 23:10:00 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Web Page Maker
[2010/05/25 02:00:18 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
[2010/05/25 03:00:18 | 000,000,524 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
[2010/05/10 19:05:20 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/24 19:40:12 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter64-VCAT-Startup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemdrive%\*.sys /90 /md5 >
[2010/05/24 19:39:01 | 2213,302,272 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/05/24 19:39:01 | 2951,069,696 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:B0D4D817
< End of report >



OTL Extras logfile created on: 5/25/2010 4:40:20 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\VCAT\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 61.29 Gb Free Space | 21.63% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.36 Gb Free Space | 50.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VCAT-LTDAN
Current User Name: VCAT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\VCAT\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\VCAT\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1336D61B-1D48-4E5C-9E39-35444B00EE3D}" = FastAccess
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{1C336D20-A089-4818-9C56-96AD81BF5A11}" = PANTECH USB Modem V2
"{1E4843DA-C46B-498D-93DE-0A65D1991E6B}" = Kensington Display Adapter
"{20140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 (Beta)
"{20140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010 (Beta)
"{20140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{3378D826-DCF1-4469-A6CA-E38EA43EAF48}" = EasyTether
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{591362D4-590B-457E-9BA3-F4D9508B88BA}" = MobileMe Control Panel
"{5E2D889D-FAFC-4E76-A851-3695ABA1A76F}" = SonicWALL Global VPN Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB745FF4-F518-4E86-9F0E-31574931F3F4}" = DisplayLink Core Software
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{E1CC2053-D3C6-4C44-9616-98C3EF4782D7}" = DisplayLink Graphics
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Connectify" = Connectify
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601)
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Lexmark S600 Series" = Lexmark S600 Series
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1FCC7185-DCF3-4478-86AD-C2F2D1116BE3}" = 7300
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E924A2A-8FBC-4C84-8A3A-63FB386C9A29}_is1" = ClipMate 7
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32257980-61DF-4685-A72B-08683838233B}" = 7300_Help
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{377739AE-00D9-4E80-8ECB-4C8A7EFFE526}" = 7300Trb
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B20F121C-A0A5-4cd8-8306-DE93347631B1}" = Airlink101 Wireless LAN Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6445FCC-EAF6-4E35-9E72-6EF105A4C177}" = HDView for Firefox
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{ECCE5126-9A87-48CC-A2FA-A3D8483AE86B}_is1" = PDFTOEXCEL
"{ECFCC0F4-649F-4544-AB74-1DEA35350216}" = LG PC Suite III
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AI RoboForm" = AI RoboForm (All Users)
"AudibleDownloadManager" = Audible Download Manager
"Carbonite Backup" = Carbonite
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"Dell Webcam Central" = Dell Webcam Central
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"N360" = Norton 360 Premier Edition
"NortonPCCheckup" = Norton PC Checkup
"PokerStars" = PokerStars
"SoundTaxi_is1" = SoundTaxi 3.9.6
"STMediaSuite" = SoundTaxi Media Suite 3.9.6
"Tiff to PDF converter_is1" = Tiff to PDF converter 1.0
"TomTom HOME" = TomTom HOME 2.7.2.1825
"Trillian" = Trillian
"TurboTax 2009" = TurboTax 2009
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server Pro" = TVersity Media Server Pro 1.8 Beta
"uTorrent" = µTorrent
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip Self-Extractor" = WinZip Self-Extractor

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UltimateBet" = UltimateBet
"UltimateBet InstantPlay" = UltimateBet InstantPlay

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:47 AM

Posted 27 May 2010 - 01:28 AM

Hi,

Did you set this proxy?

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.97.1:3128;https=192.168.97.1:3128;socks=192.168.97.1:1080


Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.




Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt





Please post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 smalltalkdan

smalltalkdan
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 29 May 2010 - 02:28 AM

Hi,

Re the proxy, no, I didn't set it. That IP address doesn't exist on my network; the range of IP addresses set by my router is 192.168.244.nnn.

ESET returned no warnings. Logfile:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

=============================================

Malwarebytes scan returned nothing. Logfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4057

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/29/2010 12:26:22 AM
mbam-log-2010-05-29 (00-26-22).txt

Scan type: Quick scan
Objects scanned: 136610
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


=============================================

OTL logfile (It didn't generate an Extras.txt):

OTL logfile created on: 5/28/2010 10:43:25 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\VCAT\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 63.50 Gb Free Space | 22.41% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.36 Gb Free Space | 50.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VCAT-LTDAN
Current User Name: VCAT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/28 22:42:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\VCAT\Desktop\OTL.exe
PRC - [2010/05/07 12:58:49 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/05/07 01:23:21 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\VCAT\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/12 21:16:48 | 000,897,024 | ---- | M] () -- C:\Users\VCAT\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2010/04/04 11:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/04/03 13:16:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/26 10:11:24 | 000,109,568 | ---- | M] (Nomadio, Inc.) -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
PRC - [2010/03/26 10:11:22 | 000,759,808 | ---- | M] (Nomadio, Inc.) -- C:\Program Files (x86)\Connectify\Connectifyd.exe
PRC - [2010/03/25 21:10:56 | 001,089,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccsvchst.exe
PRC - [2010/01/21 14:11:40 | 000,045,056 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2010/01/08 15:28:52 | 000,103,280 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe
PRC - [2009/12/17 14:54:40 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/12/08 14:06:38 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/16 14:36:22 | 003,272,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2009/06/04 15:49:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009/02/04 06:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/31 10:00:40 | 003,760,424 | ---- | M] (Thornsoft Development, Inc.) -- C:\Program Files (x86)\ClipMate7\ClipMate.exe


========== Modules (SafeList) ==========

MOD - [2010/05/28 22:42:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\VCAT\Desktop\OTL.exe
MOD - [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/02 04:00:52 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010/01/07 15:20:19 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxedcoms.exe -- (lxed_device)
SRV:64bit: - [2010/01/07 15:20:15 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe -- (lxedCATSCustConnectService)
SRV:64bit: - [2009/12/08 09:46:35 | 008,551,272 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2009/10/29 11:33:00 | 050,612,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV:64bit: - [2009/09/26 05:28:30 | 004,924,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV:64bit: - [2009/09/26 04:36:06 | 000,174,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV:64bit: - [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/29 10:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/03/06 00:51:34 | 000,284,696 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV:64bit: - [2009/03/02 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
SRV - [2010/05/21 11:03:48 | 001,314,704 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/12 21:16:48 | 000,897,024 | ---- | M] () [Auto | Running] -- C:\Users\VCAT\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Disabled | Stopped] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/01/21 14:11:40 | 000,045,056 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010/01/15 10:42:30 | 000,249,856 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\Windows\SysWOW64\snmvtsvc.exe -- (SMServer)
SRV - [2010/01/15 03:23:48 | 000,335,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/01/08 15:28:52 | 000,103,280 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/01/07 15:20:08 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxedcoms.exe -- (lxed_device)
SRV - [2009/12/08 14:06:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/05 23:29:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/09/05 23:28:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/09/05 23:28:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2009/09/05 23:27:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/27 08:05:04 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 13:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/04 15:49:18 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/04 06:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/05 21:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 19:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/06 22:25:51 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/03/13 06:56:40 | 000,014,336 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2010/03/10 19:32:58 | 000,687,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/04 08:53:02 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/01/15 13:59:34 | 000,033,336 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio)
DRV:64bit: - [2009/12/23 04:21:51 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.2.22617.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2009/12/19 07:11:40 | 000,314,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/11 03:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/12/08 09:47:05 | 000,185,968 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2009/12/08 09:47:05 | 000,116,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dlcdbus.sys -- (dlcdbus) DisplayLink Composite USB Bus Driver driver (WDM)
DRV:64bit: - [2009/12/08 09:47:05 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2009/10/27 00:29:46 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWVsp.sys -- (PTUMWVsp)
DRV:64bit: - [2009/10/27 00:29:40 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWNSP.sys -- (PTUMWNSP)
DRV:64bit: - [2009/10/27 00:29:34 | 000,144,912 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWNET.sys -- (PTUMWNET)
DRV:64bit: - [2009/10/27 00:29:26 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWMdm.sys -- (PTUMWMdm)
DRV:64bit: - [2009/10/27 00:29:20 | 000,012,688 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWFLT.sys -- (PTUMWFLT)
DRV:64bit: - [2009/10/27 00:29:14 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWCSP.sys -- (PTUMWCSP)
DRV:64bit: - [2009/10/27 00:29:00 | 000,071,056 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWBus.sys -- (PTUMWBus)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/14 20:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/09/26 21:32:36 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/09/25 23:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 18:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 18:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 17:07:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:64bit: - [2009/07/13 17:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 17:07:00 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2009/07/13 17:06:57 | 000,551,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2009/07/13 17:06:56 | 000,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/07/13 17:06:53 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009/07/13 17:06:52 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 17:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/13 17:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 16:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/07 22:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/02 22:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 22:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 22:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 22:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/29 10:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/06 17:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009/05/05 12:09:46 | 000,789,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/04/03 00:39:42 | 000,234,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/01 13:32:42 | 000,058,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2009/03/06 00:51:50 | 000,099,352 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
DRV:64bit: - [2009/03/04 18:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
DRV:64bit: - [2009/02/24 09:27:38 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/24 09:19:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/02/24 09:19:46 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/02/06 20:12:16 | 000,067,584 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lan9500-x64-n51f.sys -- (LAN9500)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/09/24 18:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/01/15 15:53:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2008/01/15 15:53:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2007/11/07 04:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010/05/26 20:44:23 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/26 20:44:23 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 17:03:19 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100528.021\EX64.SYS -- (NAVEX15)
DRV - [2010/05/10 17:03:19 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100528.021\ENG64.SYS -- (NAVENG)
DRV - [2010/04/29 10:44:04 | 000,678,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/04/20 17:25:25 | 000,000,000 | ---D | M] [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GmoteServer\bin\VLC\http -- (HTTP)
DRV - [2009/12/22 19:46:36 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/10/28 15:37:22 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100520.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 14:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 14:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009/05/25 16:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 4C 0E 76 DB FE CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.97.1:3128;https=192.168.97.1:3128;socks=192.168.97.1:1080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msnbc.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/31 13:53:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/28 00:30:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/04/07 00:34:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009/12/22 19:57:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/30 19:34:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/08 18:10:42 | 000,000,000 | ---D | M]

[2009/12/22 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Extensions
[2009/10/14 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/05/27 23:52:46 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions
[2010/04/20 21:00:49 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/16 20:37:21 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions\LogMeInClient@logmein.com
[2010/01/08 15:21:11 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions\piclens@cooliris.com
[2010/04/30 20:40:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/25 20:42:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/09/11 12:42:33 | 000,000,787 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.11 exchange
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\VCAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnk = C:\Windows\Installer\{5E2D889D-FAFC-4E76-A851-3695ABA1A76F}\_A408D8C4509665C152B13E.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.244.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b59dd53-305b-11df-aabb-0024e8ce888b}\Shell - "" = AutoRun
O33 - MountPoints2\{0b59dd53-305b-11df-aabb-0024e8ce888b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3d343956-ef6d-11de-a4ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3d343956-ef6d-11de-a4ee-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{af54cc79-e777-11de-9449-0024e8ce888b}\Shell - "" = AutoRun
O33 - MountPoints2\{af54cc79-e777-11de-9449-0024e8ce888b}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 20:07:48 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/28 22:42:41 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\VCAT\Desktop\OTL.exe
[2010/05/28 20:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/05/28 19:50:09 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\VCAT\Desktop\TFC.exe
[2010/05/26 20:16:08 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\r2 Studios
[2010/05/26 20:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\r2 Studios
[2010/05/26 20:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\r2 Studios
[2010/05/24 22:08:41 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2010/05/24 22:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2010/05/24 22:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity Codec Pack
[2010/05/23 22:51:46 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Desktop\new pics
[2010/05/21 11:04:41 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/05/21 11:04:36 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/21 11:01:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/21 11:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/05/21 11:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/05/20 21:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orb Networks
[2010/05/19 11:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/19 11:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/05/15 16:30:58 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Desktop\LaVon pics
[2010/05/12 16:17:58 | 000,014,336 | ---- | C] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2010/05/12 16:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Stream
[2010/05/12 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Desktop\Review bucket
[2010/05/10 12:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/10 12:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/10 12:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/05/08 16:34:28 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\NCH Software
[2010/05/08 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/05/08 16:32:36 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\NCH Swift Sound
[2010/05/08 16:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2010/05/08 16:13:12 | 000,348,160 | ---- | C] (DGP) -- C:\Windows\SysWow64\MEnc.ocx
[2010/05/08 16:13:12 | 000,348,160 | ---- | C] (DevPower Development Tools) -- C:\Windows\SysWow64\FlatBtn6.ocx
[2010/05/08 16:13:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WAV to MP3 Encoder
[2010/05/07 20:09:12 | 000,380,928 | ---- | C] (Realtek) -- C:\Windows\RtlUI2.exe
[2010/05/07 17:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/05/07 01:28:10 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Documents\Downloads
[2010/05/03 00:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/03 00:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/05/02 16:32:19 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Tific
[2010/05/02 16:31:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64
[2010/05/02 16:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup
[2010/05/02 16:31:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200020.223
[2010/05/02 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2010/05/01 13:56:24 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\Malwarebytes
[2010/05/01 13:56:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/01 13:56:13 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/01 13:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/01 13:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/01 13:47:21 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Citrix
[2010/05/01 13:47:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/30 18:27:24 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Deployment
[2010/04/30 15:27:20 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Documents\My Widgets
[2010/04/30 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/04/27 11:36:37 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Logitech
[2010/04/27 11:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Common
[2010/04/27 11:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010/04/27 11:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control USB Driver
[2010/04/26 11:55:56 | 000,240,248 | ---- | C] (CACE Technologies) -- C:\Windows\SysWow64\wpcap.dll
[2010/04/26 11:55:56 | 000,025,312 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2010/04/26 11:55:55 | 000,088,704 | ---- | C] (CACE Technologies) -- C:\Windows\SysWow64\Packet.dll
[2010/04/26 11:55:55 | 000,040,464 | ---- | C] (CACE Technologies) -- C:\Windows\SysNative\drivers\npf.sys
[2010/04/26 11:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2010/04/25 20:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/25 20:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/25 20:06:43 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\CrashDumps
[2010/04/22 15:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2010/04/22 15:32:26 | 000,829,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxedcoin.dll
[2010/04/22 15:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar
[2010/04/22 15:28:09 | 000,007,680 | ---- | C] (eaio) -- C:\Windows\SysWow64\NativeCall.dll
[2010/04/22 15:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark
[2010/04/22 15:27:41 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/22 15:27:41 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/22 15:27:41 | 000,126,976 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxedlnks.dll
[2010/04/22 15:27:40 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/22 15:27:40 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/22 15:27:40 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/22 15:27:40 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/22 15:27:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/22 15:27:40 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcoms.exe
[2010/04/22 15:27:40 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/22 15:27:40 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcfg.exe
[2010/04/22 15:27:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[2010/04/22 15:27:40 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedih.exe
[2010/04/22 15:27:40 | 000,086,183 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\LXEDcfg.dll
[2010/04/22 15:27:23 | 001,631,744 | ---- | C] ( ) -- C:\Windows\SysNative\lxedserv.dll
[2010/04/22 15:27:23 | 001,331,712 | ---- | C] ( ) -- C:\Windows\SysNative\lxedusb1.dll
[2010/04/22 15:27:23 | 000,557,568 | ---- | C] ( ) -- C:\Windows\SysNative\lxedinpa.dll
[2010/04/22 15:27:23 | 000,547,840 | ---- | C] ( ) -- C:\Windows\SysNative\LXEDhcp.dll
[2010/04/22 15:27:23 | 000,515,584 | ---- | C] ( ) -- C:\Windows\SysNative\lxediesc.dll
[2010/04/22 15:27:22 | 001,371,648 | ---- | C] ( ) -- C:\Windows\SysNative\lxedcomc.dll
[2010/04/22 15:27:22 | 001,104,384 | ---- | C] ( ) -- C:\Windows\SysNative\lxedhbn3.dll
[2010/04/22 15:27:22 | 001,052,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxedcoms.exe
[2010/04/22 15:27:22 | 000,979,968 | ---- | C] ( ) -- C:\Windows\SysNative\lxedpmui.dll
[2010/04/22 15:27:22 | 000,892,416 | ---- | C] ( ) -- C:\Windows\SysNative\lxedlmpm.dll
[2010/04/22 15:27:22 | 000,579,584 | ---- | C] ( ) -- C:\Windows\SysNative\lxedcomm.dll
[2010/04/22 15:27:22 | 000,520,872 | ---- | C] ( ) -- C:\Windows\SysNative\lxedih.exe
[2010/04/22 15:27:21 | 000,612,008 | ---- | C] ( ) -- C:\Windows\SysNative\lxedcfg.exe
[2010/04/22 15:27:21 | 000,075,264 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\LXEDcfg.dll
[2010/04/20 17:30:49 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\Tific
[2010/04/20 16:30:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/18 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Poker Pro Labs
[2010/04/18 19:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Poker Pro Labs
[2010/04/18 19:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Poker Pro Labs
[2010/04/16 23:06:48 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Documents\Web Page Maker
[2010/04/16 23:06:48 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\Web Page Maker
[2010/04/16 23:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Page Maker
[2010/04/16 23:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Page Maker
[2010/04/16 14:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\GoodSync
[2010/04/16 14:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/04/16 12:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Renamer
[2010/04/14 18:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2010/04/14 18:31:29 | 000,000,000 | ---D | C] -- C:\Lexmark
[2010/04/14 18:10:29 | 000,000,000 | ---D | C] -- C:\logs
[2010/04/14 17:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
[2010/04/14 17:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Fax Solutions
[2010/04/14 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2010/04/14 17:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark S600 Series
[2010/04/14 17:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark S600 Series
[2010/04/06 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Symantec
[2010/04/04 11:44:04 | 000,547,656 | ---- | C] (Sensible Vision ) -- C:\Windows\SysNative\FAPassSync.dll
[2010/04/04 11:44:02 | 000,157,000 | ---- | C] (Sensible Vision ) -- C:\Windows\SysWow64\FAPassSync.dll
[2010/04/04 11:43:22 | 006,748,488 | ---- | C] (Sensible Vision ) -- C:\Windows\SysNative\FAIESSODlg.dll
[2010/04/04 11:43:20 | 006,194,504 | ---- | C] (Sensible Vision ) -- C:\Windows\SysWow64\FAIESSODlg.dll
[2010/04/04 11:43:12 | 000,634,184 | ---- | C] (Sensible Vision ) -- C:\Windows\SysNative\FAConsIfDLL.dll
[2010/04/04 11:43:10 | 000,263,496 | ---- | C] (Sensible Vision ) -- C:\Windows\SysWow64\FAConsIfDLL.dll
[2010/04/04 11:42:48 | 000,840,008 | ---- | C] (Sensible Vision ) -- C:\Windows\SysWow64\FACredProv2.dll
[2010/04/04 11:42:46 | 000,916,296 | ---- | C] (Sensible Vision ) -- C:\Windows\SysWow64\FACredProv.dll
[2010/04/04 11:16:08 | 001,013,248 | ---- | C] (Sensible Vision ) -- C:\Windows\SysNative\FACredProv2.dll
[2010/04/04 11:15:52 | 001,090,560 | ---- | C] (Sensible Vision ) -- C:\Windows\SysNative\FACredProv.dll
[2010/03/31 17:06:37 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\Intuit
[2010/03/31 17:06:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2010/03/31 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\IsolatedStorage
[2010/03/31 16:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2010/03/31 16:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2010/03/31 16:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010/03/31 14:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/03/27 23:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/03/26 08:57:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/03/22 13:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2010/03/19 11:48:52 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\SysWow64\NMSDVDXU.dll
[2010/03/19 11:48:52 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\vsflex8u.ocx
[2010/03/19 11:48:52 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\SysWow64\Vsflex7L.ocx
[2010/03/19 11:48:50 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\LG Electronics
[2010/03/19 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2010/03/12 16:14:06 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\BOXEE
[2010/03/12 16:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boxee
[2010/03/12 13:40:37 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\cache
[2010/03/11 16:13:53 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\WinZip
[2010/03/11 16:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/03/10 17:39:49 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\Help
[2010/03/10 17:39:49 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Help
[2010/03/10 17:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/03/10 17:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MasterCook 9
[2010/03/03 21:49:29 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\TVersity
[2010/03/02 04:00:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/03/02 04:00:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/02/28 12:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Airlink101 Wireless LAN Driver

========== Files - Modified Within 90 Days ==========

[2010/05/28 22:47:56 | 004,718,592 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat
[2010/05/28 22:44:41 | 001,163,608 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/05/28 22:42:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\VCAT\Desktop\OTL.exe
[2010/05/28 22:28:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000UA.job
[2010/05/28 20:07:33 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/28 20:07:33 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/28 19:59:25 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-VCAT-Startup.job
[2010/05/28 19:59:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/28 19:59:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/28 19:58:58 | 2213,302,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/28 19:54:58 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/28 19:52:15 | 001,593,201 | -H-- | M] () -- C:\Users\VCAT\AppData\Local\IconCache.db
[2010/05/28 19:50:12 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\VCAT\Desktop\TFC.exe
[2010/05/28 19:49:27 | 000,000,094 | ---- | M] () -- C:\Users\VCAT\Desktop\Bizarre performance-eating problem.URL
[2010/05/28 03:00:20 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2010/05/28 01:40:34 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000Core.job
[2010/05/28 00:07:19 | 000,000,069 | ---- | M] () -- C:\Users\VCAT\Desktop\Van Winkle Bourbons.URL
[2010/05/26 17:05:38 | 000,717,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/26 17:05:38 | 000,618,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/26 17:05:38 | 000,104,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/25 02:00:18 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2010/05/23 14:01:35 | 036,757,883 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-23_1401.ZIP
[2010/05/21 11:04:35 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/21 11:04:30 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/20 00:20:20 | 000,000,115 | ---- | M] () -- C:\Users\VCAT\Desktop\Key Lime Pie Martini Recipe Emeril Lagasse Food Network.URL
[2010/05/18 08:05:51 | 000,047,616 | ---- | M] () -- C:\Users\VCAT\Desktop\CasinoVille 5-2010.doc
[2010/05/15 16:30:58 | 036,879,975 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-15_1629.ZIP
[2010/05/13 23:41:56 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini
[2010/05/12 16:31:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2010/05/10 14:30:23 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/05/08 11:48:54 | 037,012,833 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-08_1147.ZIP
[2010/05/07 01:17:29 | 000,431,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/06 11:08:32 | 000,113,600 | ---- | M] () -- C:\Users\VCAT\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/05 21:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys
[2010/05/05 21:01:43 | 000,001,473 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf
[2010/05/05 21:01:43 | 000,001,445 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf
[2010/05/01 15:26:01 | 000,003,584 | ---- | M] () -- C:\Users\VCAT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/01 15:14:30 | 036,995,671 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-01_1513.ZIP
[2010/04/30 19:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 19:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 19:49:35 | 000,065,536 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TM.blf
[2010/04/30 17:33:56 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 17:33:56 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 17:33:56 | 000,065,536 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TM.blf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys
[2010/04/28 22:03:51 | 000,007,402 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat
[2010/04/28 22:03:51 | 000,000,771 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf
[2010/04/27 20:06:56 | 037,005,238 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-27_2005.ZIP
[2010/04/27 02:13:36 | 037,001,630 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-27_0211.ZIP
[2010/04/26 14:01:04 | 000,013,064 | ---- | M] () -- C:\Users\VCAT\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/04/26 12:00:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01007.Wdf
[2010/04/26 11:55:49 | 000,000,950 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2010/04/26 01:18:45 | 000,007,829 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat
[2010/04/24 04:31:04 | 000,003,373 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf
[2010/04/23 08:04:20 | 504,372,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/22 15:36:50 | 000,195,849 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/04/21 20:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys
[2010/04/21 19:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys
[2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys
[2010/04/21 19:29:51 | 000,007,414 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat
[2010/04/21 19:29:51 | 000,001,421 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf
[2010/04/21 19:29:50 | 000,007,410 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat
[2010/04/21 19:29:50 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf
[2010/04/20 17:32:02 | 036,956,822 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1730.ZIP
[2010/04/20 17:28:08 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 17:28:08 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 17:28:08 | 000,065,536 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TM.blf
[2010/04/20 15:53:01 | 036,956,824 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1551.ZIP
[2010/04/20 15:18:03 | 036,956,821 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1516.ZIP
[2010/04/20 15:10:01 | 036,956,822 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1507.ZIP
[2010/04/20 14:56:45 | 036,956,823 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1455.ZIP
[2010/04/11 17:38:49 | 000,000,162 | -H-- | M] () -- C:\Users\VCAT\Desktop\~$ogle game show.docx
[2010/04/10 19:02:55 | 000,038,488 | ---- | M] () -- C:\Users\VCAT\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/04/06 22:25:51 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/04/06 22:25:51 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/04/06 22:25:51 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/04/06 17:55:09 | 036,816,516 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-06_1754.ZIP
[2010/04/04 11:45:06 | 000,094,536 | ---- | M] () -- C:\Windows\SysNative\FAIEExtension.dll
[2010/04/04 11:45:06 | 000,089,416 | ---- | M] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/04/04 11:44:12 | 000,059,208 | ---- | M] () -- C:\Windows\SysWow64\FAib.dll
[2010/04/04 11:44:04 | 000,547,656 | ---- | M] (Sensible Vision ) -- C:\Windows\SysNative\FAPassSync.dll
[2010/04/04 11:44:02 | 000,157,000 | ---- | M] (Sensible Vision ) -- C:\Windows\SysWow64\FAPassSync.dll
[2010/04/04 11:43:22 | 006,748,488 | ---- | M] (Sensible Vision ) -- C:\Windows\SysNative\FAIESSODlg.dll
[2010/04/04 11:43:20 | 006,194,504 | ---- | M] (Sensible Vision ) -- C:\Windows\SysWow64\FAIESSODlg.dll
[2010/04/04 11:43:12 | 000,634,184 | ---- | M] (Sensible Vision ) -- C:\Windows\SysNative\FAConsIfDLL.dll
[2010/04/04 11:43:10 | 000,263,496 | ---- | M] (Sensible Vision ) -- C:\Windows\SysWow64\FAConsIfDLL.dll
[2010/04/04 11:42:48 | 000,840,008 | ---- | M] (Sensible Vision ) -- C:\Windows\SysWow64\FACredProv2.dll
[2010/04/04 11:42:46 | 000,916,296 | ---- | M] (Sensible Vision ) -- C:\Windows\SysWow64\FACredProv.dll
[2010/04/04 11:42:44 | 000,247,624 | ---- | M] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2010/04/04 11:16:08 | 001,013,248 | ---- | M] (Sensible Vision ) -- C:\Windows\SysNative\FACredProv2.dll
[2010/04/04 11:15:52 | 001,090,560 | ---- | M] (Sensible Vision ) -- C:\Windows\SysNative\FACredProv.dll
[2010/04/02 22:36:04 | 000,007,606 | ---- | M] () -- C:\Users\VCAT\AppData\Local\Resmon.ResmonCfg
[2010/03/31 12:59:29 | 000,015,738 | ---- | M] () -- C:\Users\VCAT\Documents\Barona Internet gambling position.docx
[2010/03/30 20:53:59 | 036,761,734 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-30_2053.ZIP
[2010/03/22 11:27:27 | 000,004,075 | ---- | M] () -- C:\Users\VCAT\AppData\Roaming\SAS7_000.DAT
[2010/03/22 00:07:40 | 036,626,602 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-22_0006.ZIP
[2010/03/20 21:47:39 | 036,626,345 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-20_2144.ZIP
[2010/03/18 03:02:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/03/13 06:56:40 | 000,014,336 | ---- | M] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2010/03/10 19:32:58 | 000,687,136 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8192su.sys

========== Files Created - No Company Name ==========

[2010/05/28 19:49:27 | 000,000,094 | ---- | C] () -- C:\Users\VCAT\Desktop\Bizarre performance-eating problem.URL
[2010/05/28 00:07:19 | 000,000,069 | ---- | C] () -- C:\Users\VCAT\Desktop\Van Winkle Bourbons.URL
[2010/05/24 22:08:42 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/24 22:08:42 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/05/23 14:01:17 | 036,757,883 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-23_1401.ZIP
[2010/05/21 11:17:23 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/20 00:20:20 | 000,000,115 | ---- | C] () -- C:\Users\VCAT\Desktop\Key Lime Pie Martini Recipe Emeril Lagasse Food Network.URL
[2010/05/18 08:05:50 | 000,047,616 | ---- | C] () -- C:\Users\VCAT\Desktop\CasinoVille 5-2010.doc
[2010/05/15 16:30:41 | 036,879,975 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-15_1629.ZIP
[2010/05/12 16:31:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2010/05/08 11:48:29 | 037,012,833 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-08_1147.ZIP
[2010/05/07 20:09:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/05/07 20:09:12 | 000,000,901 | ---- | C] () -- C:\Windows\RtlUI2.exe.manifest
[2010/05/07 01:23:27 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000UA.job
[2010/05/07 01:23:26 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000Core.job
[2010/05/02 16:31:58 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200020.223\isolate.ini
[2010/05/01 15:25:57 | 000,003,584 | ---- | C] () -- C:\Users\VCAT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/01 15:14:05 | 036,995,671 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-01_1513.ZIP
[2010/05/01 15:11:13 | 000,002,715 | ---- | C] () -- C:\Users\VCAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnk
[2010/05/01 15:11:13 | 000,000,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2010/05/01 15:11:13 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/04/30 19:46:53 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 19:46:53 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 19:46:53 | 000,065,536 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TM.blf
[2010/04/30 17:29:11 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 17:29:11 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 17:29:11 | 000,065,536 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TM.blf
[2010/04/27 20:06:24 | 037,005,238 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-27_2005.ZIP
[2010/04/27 02:13:10 | 037,001,630 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-27_0211.ZIP
[2010/04/26 14:01:04 | 000,013,064 | ---- | C] () -- C:\Users\VCAT\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/04/26 12:00:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01007.Wdf
[2010/04/26 11:55:55 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/04/22 15:32:29 | 000,109,056 | ---- | C] () -- C:\Windows\SysNative\lxedvs.dll
[2010/04/22 15:32:23 | 000,065,106 | ---- | C] () -- C:\Windows\SysNative\lxedprpr.chm
[2010/04/22 15:32:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\lxedgcfg.dll
[2010/04/22 15:32:20 | 000,399,360 | ---- | C] () -- C:\Windows\SysNative\lxedcui.dll
[2010/04/22 15:32:20 | 000,148,480 | ---- | C] () -- C:\Windows\SysNative\lxedcuir.dll
[2010/04/22 15:32:19 | 000,008,694 | ---- | C] () -- C:\Windows\SysNative\lxedcommuilogo_rtl.bmp
[2010/04/22 15:32:19 | 000,008,694 | ---- | C] () -- C:\Windows\SysNative\lxedcommuilogo.bmp
[2010/04/22 15:27:41 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/22 15:27:41 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/22 15:27:41 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/22 15:27:41 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/22 15:27:40 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/22 15:27:40 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/22 15:27:40 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/22 15:27:40 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/22 15:27:40 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/22 15:27:39 | 000,002,050 | ---- | C] () -- C:\Windows\SysWow64\lxed.loc
[2010/04/22 15:27:23 | 000,495,616 | ---- | C] () -- C:\Windows\SysNative\LXEDinst.dll
[2010/04/22 15:27:23 | 000,195,849 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/04/22 15:27:22 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\lxedins.dll
[2010/04/22 15:27:22 | 000,378,368 | ---- | C] () -- C:\Windows\SysNative\lxedcu.dll
[2010/04/22 15:27:22 | 000,298,496 | ---- | C] () -- C:\Windows\SysNative\lxedgrd.dll
[2010/04/22 15:27:22 | 000,245,248 | ---- | C] () -- C:\Windows\SysNative\lxedinsb.dll
[2010/04/22 15:27:22 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\lxedinsr.dll
[2010/04/22 15:27:22 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\lxedcub.dll
[2010/04/22 15:27:22 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\lxedjswr.dll
[2010/04/22 15:27:22 | 000,022,016 | ---- | C] () -- C:\Windows\SysNative\lxedcur.dll
[2010/04/22 15:27:21 | 000,002,050 | ---- | C] () -- C:\Windows\SysNative\lxed.loc
[2010/04/22 15:27:05 | 000,381,440 | ---- | C] () -- C:\Windows\SysNative\lxedsm.dll
[2010/04/22 15:27:05 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2010/04/22 15:27:05 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/22 15:27:05 | 000,023,552 | ---- | C] () -- C:\Windows\SysNative\lxedsmr.dll
[2010/04/20 17:31:37 | 036,956,822 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1730.ZIP
[2010/04/20 17:26:58 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TMContainer00000000000000000002.regtrans-ms
[2010/04/20 17:26:58 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 17:26:58 | 000,065,536 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{67aa21d6-4cdb-11df-8e42-a76f4aa1f693}.TM.blf
[2010/04/20 15:52:33 | 036,956,824 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1551.ZIP
[2010/04/20 15:17:33 | 036,956,821 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1516.ZIP
[2010/04/20 15:09:32 | 036,956,822 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1507.ZIP
[2010/04/20 14:56:15 | 036,956,823 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-20_1455.ZIP
[2010/04/14 18:54:40 | 000,013,660 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/14 18:53:46 | 000,000,089 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/14 18:32:55 | 000,000,508 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/14 17:59:10 | 000,010,432 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/14 17:47:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/14 17:47:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/14 17:47:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/11 17:38:49 | 000,000,162 | -H-- | C] () -- C:\Users\VCAT\Desktop\~$ogle game show.docx
[2010/04/06 17:54:42 | 036,816,516 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-04-06_1754.ZIP
[2010/04/04 11:45:06 | 000,094,536 | ---- | C] () -- C:\Windows\SysNative\FAIEExtension.dll
[2010/04/04 11:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/04/04 11:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/04/04 11:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2010/04/02 22:36:04 | 000,007,606 | ---- | C] () -- C:\Users\VCAT\AppData\Local\Resmon.ResmonCfg
[2010/03/31 12:59:28 | 000,015,738 | ---- | C] () -- C:\Users\VCAT\Documents\Barona Internet gambling position.docx
[2010/03/30 20:53:38 | 036,761,734 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-30_2053.ZIP
[2010/03/22 13:06:46 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter64-VCAT-Startup.job
[2010/03/22 00:07:06 | 036,626,602 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-22_0006.ZIP
[2010/03/20 21:47:07 | 036,626,345 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-03-20_2144.ZIP
[2010/03/18 03:02:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/03/08 18:30:25 | 000,004,075 | ---- | C] () -- C:\Users\VCAT\AppData\Roaming\SAS7_000.DAT
[2010/03/08 18:30:03 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2010/03/08 18:30:01 | 000,000,500 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2009/12/23 04:21:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2009/12/23 04:21:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2009/12/13 19:35:08 | 000,000,196 | -H-- | C] () -- C:\Windows\SysWow64\tscct1.dll
[2009/12/13 19:34:45 | 000,270,409 | ---- | C] () -- C:\Windows\SysWow64\TifToPdfCtxMenu.dll
[2009/12/02 21:53:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/11 01:50:47 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/09/11 01:50:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/09/11 01:50:44 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/09/11 01:50:44 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/09/05 23:30:14 | 000,001,438 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2009/09/05 23:30:14 | 000,001,379 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2009/09/05 23:29:55 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/09/05 23:29:55 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/12 16:14:06 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\BOXEE
[2009/12/22 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\GetRightToGo
[2009/12/22 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\GlarySoft
[2010/04/11 18:06:16 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Gmote
[2010/05/19 11:57:49 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\GoodSync
[2010/03/12 18:48:33 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\iMapBuilder
[2010/04/20 17:25:31 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\LG Electronics
[2010/01/26 18:40:07 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\motorola
[2010/05/15 16:33:21 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\NCH Swift Sound
[2009/12/25 16:36:34 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Nuance
[2010/05/26 20:16:08 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\r2 Studios
[2009/12/22 20:10:11 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\SmartDraw
[2010/01/15 15:19:14 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Smith Micro
[2009/12/22 20:10:11 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Thornsoft Development
[2010/05/02 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Tific
[2009/12/22 20:10:12 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\TomTom
[2009/12/22 20:10:12 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Trillian
[2009/12/22 20:10:13 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\TuneUp Software
[2009/12/22 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\UltimateBet
[2010/05/26 23:03:52 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\uTorrent
[2010/04/16 23:10:00 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Web Page Maker
[2010/05/25 02:00:18 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
[2010/05/28 03:00:20 | 000,000,524 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
[2010/05/10 19:05:20 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/28 19:59:25 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter64-VCAT-Startup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemdrive%\*.sys /90 /md5 >
[2010/05/28 19:58:58 | 2213,302,272 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/05/28 19:58:57 | 2951,069,696 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:B0D4D817
< End of report >


#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:47 AM

Posted 29 May 2010 - 10:27 AM

Hi,


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following [codebox]:OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.97.1:3128;https=192.168.97.1:3128;socks=192.168.97.1:1080
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [FAStartup] File not found
    O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)[/codebox]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
How is it running now?

Edited by schrauber, 29 May 2010 - 10:28 AM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 smalltalkdan

smalltalkdan
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 29 May 2010 - 11:35 AM

Results below. Please note that, when running the OTL followup scan as directed, I received the following error 3 times in succession:

OTL.EXE - No Disk
there is no disk in the drive. Please insert a disk into drive \Device\Harddisk1\DR1. [cancel/try again/continue]

I clicked 'continue' and the scan resumed after the third time.

I will have to report back to you on how it's working now; I haven't been doing much on this computer, since when it went to 100% CPU it was almost impossible to get anything done or restore it to <100%. I'll post something over the weekend after it's had a chance to work for a while.

One note: I saw that you disabled FAStartup, which is OK with me, but I should point out that this application was on this computer when I bought it from Dell, and has not been a problem up to now. It's a facial recognition login program.

...dan


First OTL log:

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.

OTL by OldTimer - Version 3.2.5.0 log created on 05292010_091830

==========================================================

Followup scan log:

OTL logfile created on: 5/29/2010 9:22:43 AM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\VCAT\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 62.23 Gb Free Space | 21.96% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.36 Gb Free Space | 50.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VCAT-LTDAN
Current User Name: VCAT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\VCAT\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Users\VCAT\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\VCAT\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Connectify\ConnectifyService.exe (Nomadio, Inc.)
PRC - C:\Program Files (x86)\Connectify\Connectifyd.exe (Nomadio, Inc.)
PRC - C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\ClipMate7\ClipMate.exe (Thornsoft Development, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\VCAT\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:64bit: - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )
SRV:64bit: - (lxedCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe ()
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV:64bit: - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV:64bit: - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TVersityMediaServer) -- C:\Users\VCAT\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (FAService) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
SRV - (N360) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (Realtek11nSU) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (SMServer) -- C:\Windows\SysWOW64\snmvtsvc.exe (SMServer)
SRV - (STSService) -- C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe ()
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (lxed_device) -- C:\Windows\SysWow64\lxedcoms.exe ( )
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (CarboniteService) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe (Symantec Corporation)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WSWNDA3100) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (easytether) -- C:\Windows\SysNative\drivers\easytthr.sys (Mobile Stream)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (SndTAudio) -- C:\Windows\SysNative\drivers\SndTAudio.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.2.22617.0.sys (http://libusb-win32.sourceforge.net)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlcdbus) DisplayLink Composite USB Bus Driver driver (WDM) -- C:\Windows\SysNative\drivers\dlcdbus.sys (MCCI Corporation)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (PTUMWVsp) -- C:\Windows\SysNative\drivers\PTUMWVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (PTUMWNSP) -- C:\Windows\SysNative\drivers\PTUMWNSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (PTUMWNET) -- C:\Windows\SysNative\drivers\PTUMWNET.sys (DEVGURU Co., LTD.)
DRV:64bit: - (PTUMWMdm) -- C:\Windows\SysNative\drivers\PTUMWMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (PTUMWFLT) -- C:\Windows\SysNative\drivers\PTUMWFLT.sys (DEVGURU Co., LTD.)
DRV:64bit: - (PTUMWCSP) -- C:\Windows\SysNative\drivers\PTUMWCSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (PTUMWBus) -- C:\Windows\SysNative\drivers\PTUMWBus.sys (DEVGURU Co., LTD.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\drivers\OA008Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\drivers\OA008Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (SWIPsec) -- C:\Windows\SysNative\drivers\SWIPsec.sys (SonicWALL, Inc.)
DRV:64bit: - (SWVNIC) -- C:\Windows\SysNative\drivers\SWVNIC.sys (SonicWALL, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (LAN9500) -- C:\Windows\SysNative\drivers\lan9500-x64-n51f.sys (SMSC)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision )
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100528.039\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100528.039\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx64.sys (Symantec Corporation)
DRV - (HTTP) -- C:\Program Files (x86)\GmoteServer\bin\VLC\http [2010/04/20 17:25:25 | 000,000,000 | ---D | M]
DRV - (CSC) -- C:\Windows\CSC [2009/12/22 19:46:36 | 000,000,000 | ---D | M]
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100520.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (SMSIVZAM5X64) -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys (Smith Micro Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 4C 0E 76 DB FE CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msnbc.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/22 19:59:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/31 13:53:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/28 00:30:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/04/07 00:34:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009/12/22 19:57:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/30 19:34:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/08 18:10:42 | 000,000,000 | ---D | M]

[2009/12/22 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Extensions
[2009/09/10 15:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VCAT\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/14 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/05/29 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions
[2010/04/20 21:00:49 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/16 20:37:21 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions\LogMeInClient@logmein.com
[2010/01/08 15:21:11 | 000,000,000 | ---D | M] -- C:\Users\VCAT\AppData\Roaming\Mozilla\Firefox\Profiles\ojw2asj2.default\extensions\piclens@cooliris.com
[2010/04/30 20:40:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/03 13:16:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/22 19:57:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/12/28 11:10:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/25 20:42:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/03 13:16:03 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/03 13:16:03 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/08 14:06:48 | 000,119,808 | ---- | M] (Google) -- C:\Program Files (x86)\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/25 14:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/04/03 13:16:12 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/04/03 16:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/03/31 14:20:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/03/31 14:20:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/03/31 14:20:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/03/31 14:20:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/03/31 14:20:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/03/31 14:20:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/03/31 14:20:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/04/03 13:16:18 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/03 13:16:18 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/04/03 13:16:18 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/03 13:16:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/03 13:16:18 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/01/09 13:43:55 | 000,002,221 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\SafeSearch.xml
[2010/04/03 13:16:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/03 13:16:18 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/09/11 12:42:33 | 000,000,787 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.11 exchange
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\VCAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnk = C:\Windows\Installer\{5E2D889D-FAFC-4E76-A851-3695ABA1A76F}\_A408D8C4509665C152B13E.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\Windows\SysWOW64\shdocvw.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.244.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b59dd53-305b-11df-aabb-0024e8ce888b}\Shell - "" = AutoRun
O33 - MountPoints2\{0b59dd53-305b-11df-aabb-0024e8ce888b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3d343956-ef6d-11de-a4ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3d343956-ef6d-11de-a4ee-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{af54cc79-e777-11de-9449-0024e8ce888b}\Shell - "" = AutoRun
O33 - MountPoints2\{af54cc79-e777-11de-9449-0024e8ce888b}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/29 09:18:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/28 22:42:41 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\VCAT\Desktop\OTL.exe
[2010/05/28 20:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/05/28 19:50:09 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\VCAT\Desktop\TFC.exe
[2010/05/26 20:16:08 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\r2 Studios
[2010/05/26 20:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\r2 Studios
[2010/05/26 20:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\r2 Studios
[2010/05/24 22:08:41 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2010/05/24 22:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2010/05/24 22:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity Codec Pack
[2010/05/23 22:51:46 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Desktop\new pics
[2010/05/21 11:04:41 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/05/21 11:04:36 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/21 11:01:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/21 11:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/05/21 11:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/05/20 21:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orb Networks
[2010/05/19 11:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/19 11:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/05/15 16:30:58 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Desktop\LaVon pics
[2010/05/12 16:17:58 | 000,014,336 | ---- | C] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2010/05/12 16:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Stream
[2010/05/12 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Desktop\Review bucket
[2010/05/10 14:30:04 | 000,132,648 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
[2010/05/10 14:30:04 | 000,098,344 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
[2010/05/10 14:30:04 | 000,035,104 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
[2010/05/10 14:30:04 | 000,021,160 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
[2010/05/10 12:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/10 12:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/10 12:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/05/08 16:34:28 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\NCH Software
[2010/05/08 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/05/08 16:32:36 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\NCH Swift Sound
[2010/05/08 16:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2010/05/08 16:13:12 | 000,348,160 | ---- | C] (DGP) -- C:\Windows\SysWow64\MEnc.ocx
[2010/05/08 16:13:12 | 000,348,160 | ---- | C] (DevPower Development Tools) -- C:\Windows\SysWow64\FlatBtn6.ocx
[2010/05/08 16:13:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WAV to MP3 Encoder
[2010/05/07 20:09:12 | 000,614,400 | ---- | C] (Realtek Semiconductor Corp. ) -- C:\Windows\SysWow64\Rtlihvs.dll
[2010/05/07 20:09:12 | 000,380,928 | ---- | C] (Realtek) -- C:\Windows\RtlUI2.exe
[2010/05/07 20:09:12 | 000,188,416 | ---- | C] (Realtek Semiconductor Corp. ) -- C:\Windows\SysWow64\RTLExtUI.dll
[2010/05/07 17:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/05/07 01:28:10 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Documents\Downloads
[2010/05/03 00:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/03 00:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/05/02 16:32:19 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Tific
[2010/05/02 16:31:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64
[2010/05/02 16:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup
[2010/05/02 16:31:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200020.223
[2010/05/02 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2010/05/01 13:56:24 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Roaming\Malwarebytes
[2010/05/01 13:56:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/01 13:56:13 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/01 13:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/01 13:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/01 13:55:38 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010/05/01 13:55:35 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/05/01 13:55:35 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/05/01 13:47:21 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Citrix
[2010/05/01 13:47:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/30 18:27:24 | 000,000,000 | ---D | C] -- C:\Users\VCAT\AppData\Local\Deployment
[2010/04/30 15:27:20 | 000,000,000 | ---D | C] -- C:\Users\VCAT\Documents\My Widgets
[2010/04/30 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/04/22 15:27:41 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/22 15:27:41 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/22 15:27:40 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/22 15:27:40 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/22 15:27:40 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/22 15:27:40 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/22 15:27:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/22 15:27:40 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/22 15:27:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/05/29 09:26:31 | 004,718,592 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat
[2010/05/29 09:22:18 | 000,000,094 | ---- | M] () -- C:\Users\VCAT\Desktop\Bizarre performance-eating problem.URL
[2010/05/29 08:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000UA.job
[2010/05/29 04:21:49 | 001,163,608 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/05/29 03:00:19 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2010/05/29 01:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000Core.job
[2010/05/28 22:42:41 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\VCAT\Desktop\OTL.exe
[2010/05/28 20:07:33 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/28 20:07:33 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/28 19:59:25 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-VCAT-Startup.job
[2010/05/28 19:59:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/28 19:59:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/28 19:58:58 | 2213,302,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/28 19:54:58 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/28 19:52:15 | 001,593,201 | -H-- | M] () -- C:\Users\VCAT\AppData\Local\IconCache.db
[2010/05/28 19:50:12 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\VCAT\Desktop\TFC.exe
[2010/05/28 00:07:19 | 000,000,069 | ---- | M] () -- C:\Users\VCAT\Desktop\Van Winkle Bourbons.URL
[2010/05/26 17:05:38 | 000,717,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/26 17:05:38 | 000,618,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/26 17:05:38 | 000,104,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/25 02:00:18 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2010/05/23 14:01:35 | 036,757,883 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-23_1401.ZIP
[2010/05/21 11:04:35 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/05/21 11:04:30 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/20 00:20:20 | 000,000,115 | ---- | M] () -- C:\Users\VCAT\Desktop\Key Lime Pie Martini Recipe Emeril Lagasse Food Network.URL
[2010/05/18 08:05:51 | 000,047,616 | ---- | M] () -- C:\Users\VCAT\Desktop\CasinoVille 5-2010.doc
[2010/05/15 16:30:58 | 036,879,975 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-15_1629.ZIP
[2010/05/13 23:41:56 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini
[2010/05/12 16:31:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2010/05/10 14:30:23 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/05/08 11:48:54 | 037,012,833 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-08_1147.ZIP
[2010/05/07 01:17:29 | 000,431,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/06 11:08:32 | 000,113,600 | ---- | M] () -- C:\Users\VCAT\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/05 21:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys
[2010/05/05 21:01:43 | 000,001,473 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf
[2010/05/05 21:01:43 | 000,001,445 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf
[2010/05/01 15:26:01 | 000,003,584 | ---- | M] () -- C:\Users\VCAT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/01 15:14:30 | 036,995,671 | ---- | M] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-01_1513.ZIP
[2010/04/30 19:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 19:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 19:49:35 | 000,065,536 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TM.blf
[2010/04/30 17:33:56 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 17:33:56 | 000,524,288 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 17:33:56 | 000,065,536 | -HS- | M] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TM.blf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/29 09:22:18 | 000,000,094 | ---- | C] () -- C:\Users\VCAT\Desktop\Bizarre performance-eating problem.URL
[2010/05/28 00:07:19 | 000,000,069 | ---- | C] () -- C:\Users\VCAT\Desktop\Van Winkle Bourbons.URL
[2010/05/24 22:08:42 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/24 22:08:42 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/05/23 14:01:17 | 036,757,883 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-23_1401.ZIP
[2010/05/21 11:17:23 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/20 00:20:20 | 000,000,115 | ---- | C] () -- C:\Users\VCAT\Desktop\Key Lime Pie Martini Recipe Emeril Lagasse Food Network.URL
[2010/05/18 08:05:50 | 000,047,616 | ---- | C] () -- C:\Users\VCAT\Desktop\CasinoVille 5-2010.doc
[2010/05/15 16:30:41 | 036,879,975 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-15_1629.ZIP
[2010/05/12 16:31:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2010/05/08 11:48:29 | 037,012,833 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-08_1147.ZIP
[2010/05/07 20:09:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/05/07 20:09:12 | 000,000,901 | ---- | C] () -- C:\Windows\RtlUI2.exe.manifest
[2010/05/07 01:23:27 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000UA.job
[2010/05/07 01:23:26 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2167020815-3643556836-1899109827-1000Core.job
[2010/05/02 16:31:58 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200020.223\isolate.ini
[2010/05/01 15:25:57 | 000,003,584 | ---- | C] () -- C:\Users\VCAT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/01 15:14:05 | 036,995,671 | ---- | C] () -- C:\Users\VCAT\Documents\ClipMate7_DB_My Clips_2010-05-01_1513.ZIP
[2010/05/01 15:11:13 | 000,002,715 | ---- | C] () -- C:\Users\VCAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnk
[2010/05/01 15:11:13 | 000,000,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2010/05/01 15:11:13 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/04/30 19:46:53 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 19:46:53 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 19:46:53 | 000,065,536 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{2aec7dfb-54c0-11df-8b76-0024e8ce888b}.TM.blf
[2010/04/30 17:29:11 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 17:29:11 | 000,524,288 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 17:29:11 | 000,065,536 | -HS- | C] () -- C:\Users\VCAT\ntuser.dat{bdd74bd9-54b7-11df-80d1-edd5d9faa49e}.TM.blf
[2010/04/26 11:55:55 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/04/22 15:27:41 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/22 15:27:41 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/22 15:27:41 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/22 15:27:41 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/22 15:27:40 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/22 15:27:40 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/22 15:27:40 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/22 15:27:40 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/22 15:27:40 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/22 15:27:05 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2010/04/22 15:27:05 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/04 11:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/04/04 11:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/04/04 11:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2009/12/23 04:21:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2009/12/23 04:21:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2009/12/13 19:35:08 | 000,000,196 | -H-- | C] () -- C:\Windows\SysWow64\tscct1.dll
[2009/12/13 19:34:45 | 000,270,409 | ---- | C] () -- C:\Windows\SysWow64\TifToPdfCtxMenu.dll
[2009/12/02 21:53:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/11 01:50:47 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/09/11 01:50:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/09/11 01:50:44 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/09/11 01:50:44 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/09/05 23:30:14 | 000,001,438 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2009/09/05 23:30:14 | 000,001,379 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2009/09/05 23:29:55 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/09/05 23:29:55 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:B0D4D817
< End of report >


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:47 AM

Posted 31 May 2010 - 02:32 PM

Hi,

Ok, let me know how the system is running so we can cleanup our work smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 smalltalkdan

smalltalkdan
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 01 June 2010 - 01:34 PM

The problem has now recurred, so would definitely appreciate your continuing to look into it.

Thanks!

...dan

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:47 AM

Posted 03 June 2010 - 12:06 PM

Ok, please try to explain the problem exactly:

what did you run?
alsways no performance or only at startup?
no performance everywhere or only with a few programs?

and post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 smalltalkdan

smalltalkdan
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 03 June 2010 - 04:38 PM

The problem is difficult to diagnose because it's hard to reproduce. Although it has happened a number of times (at least 15 in the past month), the only common thread seems to be playing a video file or streaming video, although this does not trigger the problem anywhere near 100% of the time. What happens is that the CPU usage (as shown in the Windows Task Manager 'performance' tab) goes to 100%, causing the video to stutter badly and everything else on my computer to slow to a near-halt. When I am able to shut down the offending video, the problem persists, usually until I reboot. Occasionally I am able to restore some sense of normalcy by manually closing all open programs and killing non-critical processes, but about 90% of the time I have to reboot to get things back to normal.

I'll post a new OTL logfile if you really want me to, but absolutely nothing has changed since the last 2 you asked me to submit.

Regards...dan

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:47 AM

Posted 05 June 2010 - 07:26 AM

Hi,

Please download and run Processexplorer


http://technet.microsoft.com/de-de/sysinte...s/bb896653.aspx

There you will see all running processes. You can click on a process to see all files running under this process. Please let me know which file/process is using the cpu high when the system freezes.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users