Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shutdown/Reboot issue - can not get past the Logoff point


  • This topic is locked This topic is locked
12 replies to this topic

#1 RJC73

RJC73

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 30 May 2010 - 08:57 PM

Edit: Delted old HJT log (new below)

Edited by RJC73, 31 May 2010 - 07:56 PM.


BC AdBot (Login to Remove)

 


#2 RJC73

RJC73
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 31 May 2010 - 07:09 PM

Hi all.

I have scanned my PC using both DDS and GMER and attached them.

When I ran GMER, it gave a strange error and then another upon scaning. Screenshots of these errors are also attached. I tried again after shutting down ZoneAlarm, Spybot and AVG processes, but no luck.

The problem:

My Windows 7 PC has some mapped drives to a local Server 2003, but after a little while (anywhere between 10 mins to 15+ hours) the connections to the mapped drives are lost. However, my RDC to the same PC remains healthy. I do not know what action triggers the problem because I do so many different things every minute.

From this point I cannot reboot without needing to press the restart button on the tower - The 'Logging off' screen will never progress to Shutdown. This has been going on since I built the PC a little over a month ago. My googles suggest it may have something to do with my network driver (using latest Realtek driver supplied by Gigabyte). I ran a HJT scan and it reported many missing files (see below), which I suspect may be caused by all those times I have been forced to shut down unnaturally.

Yesterday, I repaired my windows installation, just to be sure any corrupted or missing files were replaced (I later learned there is a dos command to help discover missing or corrupted system files dry.gif )

This "kick-butt" computer was supposed to save my time but it's driving me nuts! Any help is greatly appreciated!

Cheers!
Rick


DDS (Ver_10-03-17.01) - NTFSX64
Run by Rick at 22:01:46.52 on Mon 31/05/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.6142.4115 [GMT 10:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\MailWasher Pro\MailWasher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Windows\system32\mstsc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\TextPad 4\TextPad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\mstsc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Rick\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = file:///C:/Users/###PRIVATE###
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [EPSON Stylus CX6900F Series] c:\windows\system32\spool\drivers\x64\3\e_fatibkp.exe /fu "c:\windows\temp\E_SE06.tmp" /EF "HKCU"
mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
dRun: [EPSON Stylus CX6900F Series] c:\windows\system32\spool\drivers\x64\3\e_fatibkp.exe /fu "c:\windows\temp\E_S35A.tmp" /EF "HKCU"
StartupFolder: c:\users\rick\appdata\roaming\micros~1\windows\startm~1\programs\startup\mailwa~1.lnk - c:\program files (x86)\mailwasher pro\MailWasher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {7C28A03B-3D46-4D8E-A8C1-485C576A09F7} = 192.168.0.1
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files (x86)\eudora\EuShlExt.dll
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\zjip6v30.default\
FF - component: c:\program files (x86)\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\zjip6v30.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\zjip6v30.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-4-10 269320]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-4-10 35464]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-4-10 317520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-7 202752]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-4-10 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-4-10 308064]
R2 JMB36X;JMB36X;c:\windows\syswow64\XSrvSetup.exe [2010-5-27 65536]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\marvell\raid\svc\mvraidsvc.exe [2009-10-6 151552]
R2 MRUWebService;MRU Web Service;c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe [2009-4-9 24635]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-5-27 27136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-5-10 1153368]
R2 SDLService;SDLService;c:\program files (x86)\realtek\smart dual lan\SDLService.exe [2010-5-27 88064]
R2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2010-5-27 114688]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-4-7 6659072]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-7 195584]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-9-26 73728]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-9-26 178688]
R3 rtkio;rtkio;c:\program files (x86)\realtek\smart dual lan\rtkio.sys [2010-5-27 17392]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-5-27 239616]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-11 136176]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-5-27 25640]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-5-27 30528]
S3 RDMPLocalService;RDM+ Local Service;c:\program files (x86)\rdm+\rdmpserv.exe [2009-11-11 800768]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-5-27 50688]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-5-27 24064]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-5-27 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-31 1255736]

=============== Created Last 30 ================

2010-05-31 18:29:41 0 d-----w- c:\windows\Panther
2010-05-31 18:21:06 0 d--h--w- C:\$WINDOWS.~Q
2010-05-31 18:17:54 0 d--h--w- C:\$INPLACE.~TR
2010-05-31 01:59:22 0 d-----w- c:\windows\syswow64\Wat
2010-05-31 01:59:22 0 d-----w- c:\windows\system32\Wat
2010-05-31 01:51:30 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-31 01:51:30 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-05-31 01:24:05 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-31 01:24:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-31 01:24:03 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-31 01:24:03 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-05-31 01:24:00 982600 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-05-31 01:24:00 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2010-05-31 01:24:00 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll
2010-05-31 01:24:00 11406336 ----a-w- c:\windows\syswow64\wmp.dll
2010-05-31 01:21:50 91648 ----a-w- c:\windows\syswow64\avifil32.dll
2010-05-31 01:20:56 12867072 ----a-w- c:\windows\syswow64\shell32.dll
2010-05-31 01:20:55 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-05-31 01:20:55 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-05-31 01:20:55 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-05-31 01:20:55 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-31 01:20:35 46592 ----a-w- c:\windows\system32\msasn1.dll
2010-05-31 01:20:35 34816 ----a-w- c:\windows\syswow64\msasn1.dll
2010-05-31 01:20:32 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2010-05-31 01:20:32 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-05-31 01:16:24 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-05-31 01:16:24 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-05-31 01:16:16 139264 ----a-w- c:\windows\system32\cabview.dll
2010-05-31 01:16:16 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-05-31 01:14:02 436 --sha-r- c:\users\rick\ntuser.pol
2010-05-31 01:13:58 20 --sh--w- c:\users\rick\ntuser.ini
2010-05-31 00:58:27 22744 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-31 00:38:42 0 d-----w- c:\programdata\EPSON
2010-05-31 00:37:24 0 ----a-w- c:\windows\ativpsrm.bin
2010-05-31 00:35:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-31 00:33:30 0 d-----w- c:\windows\syswow64\RTCOM
2010-05-31 00:33:30 0 d-----w- c:\program files\Realtek
2010-05-30 23:36:43 0 d-----w- c:\windows\pss
2010-05-30 11:13:40 0 d-----w- c:\users\rick\appdata\roaming\Malwarebytes
2010-05-30 11:13:29 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-30 11:13:29 0 d-----w- c:\programdata\Malwarebytes
2010-05-30 11:13:29 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-05-30 10:46:54 0 d-----w- c:\windows\system32\appmgmt
2010-05-30 07:47:37 0 d-----w- c:\program files (x86)\Trend Micro
2010-05-29 07:00:09 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-05-29 06:59:21 0 d-----w- c:\program files\common files\Apple
2010-05-29 06:59:12 0 d-----w- c:\program files\Bonjour
2010-05-29 06:59:06 0 d-----w- c:\programdata\Apple
2010-05-29 00:25:49 0 d-----w- c:\users\rick\appdata\roaming\CheckPoint
2010-05-29 00:25:35 0 d-----w- c:\program files (x86)\Conduit
2010-05-29 00:25:23 0 d-----w- c:\program files\CheckPoint
2010-05-29 00:25:14 110080 ----a-w- c:\windows\syswow64\vsxml.dll
2010-05-29 00:25:14 0 d-----w- c:\windows\system32\ZoneLabs
2010-05-27 12:11:57 25640 ----a-w- c:\windows\etdrv.sys
2010-05-27 10:32:19 4 ----a-w- c:\windows\syswow64\GVTunner.ref
2010-05-27 10:32:19 30528 ----a-w- c:\windows\GVTDrv64.sys
2010-05-27 10:32:04 25640 ----a-w- c:\windows\gdrv.sys
2010-05-27 10:15:55 50688 ----a-r- c:\windows\system32\drivers\RtTeam60.sys
2010-05-27 10:15:48 24064 ----a-r- c:\windows\system32\drivers\RtVlan60.sys
2010-05-27 10:15:43 27136 ----a-r- c:\windows\system32\drivers\RtNdPt60.sys
2010-05-27 10:14:06 0 d-----w- c:\programdata\InstallShield
2010-05-27 10:14:01 69944 ----a-w- c:\windows\syswow64\vhdmount.dll
2010-05-27 10:14:01 267264 ----a-w- c:\windows\system32\CommCmd.dll
2010-05-27 10:14:01 214920 ----a-w- c:\windows\system32\vhdmount.dll
2010-05-27 10:14:01 208896 ----a-w- c:\windows\syswow64\CommCmd.dll
2010-05-27 10:13:38 73728 ----a-w- c:\windows\syswow64\ISUSPM.cpl
2010-05-27 10:13:38 0 d-----w- c:\program files\GIGABYTE
2010-05-27 08:27:56 96 ----a-w- c:\windows\za_mv_seqnum.ev
2010-05-27 08:27:56 3584 ----a-w- c:\windows\za_mv_raid.ev
2010-05-27 08:27:53 8 ----a-w- c:\windows\mvraidver.dat
2010-05-27 08:22:07 0 d-----w- c:\program files (x86)\GIGABYTE
2010-05-27 08:06:36 0 d-----w- c:\program files (x86)\NEC Electronics
2010-05-27 08:05:55 151552 ----a-r- c:\windows\syswow64\xRaidAPI.dll
2010-05-27 08:05:40 1970176 ----a-r- c:\windows\syswow64\xRaidSetup.exe
2010-05-27 08:05:39 65536 ----a-r- c:\windows\syswow64\XSrvSetup.exe
2010-05-27 08:05:39 0 d-----w- C:\RaidTool
2010-05-27 08:05:21 115312 ----a-w- c:\windows\system32\drivers\jraid.sys
2010-05-27 08:05:17 0 d-----w- c:\windows\RaidTool
2010-05-27 06:37:20 0 d-----w- c:\program files (x86)\Marvell
2010-05-27 06:26:59 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-05-27 06:20:52 310784 ----a-w- c:\windows\system32\FMAPO64.dll
2010-05-27 06:20:52 108032 ----a-w- c:\windows\system32\AERTAR64.dll
2010-05-27 06:20:51 166400 ----a-w- c:\windows\system32\AERTAC64.dll
2010-05-27 06:20:51 0 d-----w- c:\program files (x86)\Realtek
2010-05-27 06:20:50 0 d--h--w- c:\program files (x86)\Temp
2010-05-27 06:20:48 831488 ----a-r- c:\windows\RtlExUpd.dll
2010-05-27 06:20:44 53248 ----a-r- c:\windows\syswow64\CSVer.dll
2010-05-27 06:20:40 0 d-----w- C:\Intel
2010-05-27 06:17:44 10 ----a-w- c:\windows\GSetup.ini
2010-05-24 11:01:57 0 d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2010-05-17 05:03:43 0 d-----w- c:\program files (x86)\Haali
2010-05-17 04:28:53 92160 ----a-w- c:\windows\system32\esxwia6e.dll
2010-05-17 04:28:53 4608 ----a-w- c:\windows\system32\esxwiaml.dll
2010-05-17 04:28:53 204800 ----a-w- c:\windows\syswow64\esint6e.dll
2010-05-17 04:28:53 159232 ----a-w- c:\windows\system32\esxuin6e.dll
2010-05-17 04:28:52 0 d-----w- c:\program files (x86)\epson
2010-05-17 04:22:27 8704 ----a-w- c:\windows\system32\E_GCINST.DLL
2010-05-17 04:22:27 86528 ----a-w- c:\windows\system32\E_IBCBBKP.DLL
2010-05-17 04:22:27 126976 ----a-w- c:\windows\system32\E_ILMBKP.DLL
2010-05-17 03:53:36 0 d-----w- c:\program files (x86)\MSECache
2010-05-14 00:29:25 0 d-----w- c:\program files (x86)\RDM+
2010-05-12 23:55:19 0 d-----w- c:\programdata\ATI
2010-05-12 23:55:18 0 d-----w- c:\program files (x86)\common files\ATI Technologies
2010-05-12 06:44:05 580096 ----a-w- c:\windows\system32\ac3filter64.acm
2010-05-12 06:44:04 0 d-----w- c:\program files (x86)\AC3Filter
2010-05-11 03:16:18 0 d-----w- c:\users\rick\appdata\roaming\TextPad
2010-05-11 03:15:06 0 d-----w- c:\program files (x86)\TextPad 4
2010-05-11 02:39:30 0 d-----w- c:\users\rick\appdata\roaming\MailWasherPro
2010-05-11 02:39:27 0 d-----w- c:\program files (x86)\MailWasher Pro
2010-05-11 02:01:20 48640 ----a-r- c:\windows\syswow64\INETWH32.DLL
2010-05-11 02:01:20 317952 ----a-r- c:\windows\syswow64\Roboex32.dll
2010-05-11 02:00:55 516832 ----a-w- c:\windows\syswow64\capicom.dll
2010-05-11 02:00:33 0 d-----w- c:\program files (x86)\Eudora
2010-05-10 00:18:20 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-10 00:18:20 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-05-09 23:37:32 1890 ----a-w- c:\windows\diagwrn.xml
2010-05-09 23:37:32 1890 ----a-w- c:\windows\diagerr.xml
2010-05-09 23:25:40 0 d-----w- c:\users\rick\appdata\roaming\LockHunter
2010-05-09 04:32:57 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-05-04 22:32:31 0 d-----w- c:\program files\LockHunter
2010-05-04 22:27:22 0 d-----w- c:\users\rick\appdata\roaming\AnvSoft
2010-05-04 22:27:21 0 d-----w- c:\program files (x86)\AnvSoft
2010-05-03 01:41:17 0 d-----w- c:\program files (x86)\Visual Similarity Duplicate Image Finder

==================== Find3M ====================

2010-05-29 00:26:00 420800 ----a-w- c:\windows\system32\drivers\vsconfig.xml
2010-05-27 12:26:38 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-05-26 03:03:22 1238528 ----a-w- c:\windows\syswow64\zpeng25.dll
2010-05-26 03:03:16 712192 ----a-w- c:\windows\syswow64\vsutil.dll
2010-05-26 03:03:16 69120 ----a-w- c:\windows\syswow64\zlcomm.dll
2010-05-26 03:03:16 43008 ----a-w- c:\windows\syswow64\vswmi.dll
2010-05-26 03:03:16 103936 ----a-w- c:\windows\syswow64\zlcommdb.dll
2010-05-26 03:03:14 58368 ----a-w- c:\windows\syswow64\vsregexp.dll
2010-05-26 03:03:14 302592 ----a-w- c:\windows\syswow64\vspubapi.dll
2010-05-26 03:03:14 228352 ----a-w- c:\windows\syswow64\vsinit.dll
2010-05-26 03:03:14 112128 ----a-w- c:\windows\syswow64\vsdata.dll
2010-05-26 03:03:14 107520 ----a-w- c:\windows\syswow64\vsmonapi.dll
2010-05-15 06:30:52 458840 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-04-27 08:23:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-27 08:22:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-04-27 08:22:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf
2010-04-24 07:44:05 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-04-24 07:44:05 2434856 ----a-w- c:\windows\syswow64\pbsvc_bc2.exe
2010-04-20 22:05:50 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-04-10 03:06:10 12976 ----a-w- c:\windows\system32\avgrssta.dll
2010-04-10 03:06:07 35464 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-04-10 03:06:07 269320 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-04-08 03:33:00 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 03:33:00 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 03:20:02 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-04-08 03:20:02 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-04-07 02:44:06 6659072 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-04-07 02:40:36 18929664 ----a-w- c:\windows\system32\atio6axx.dll
2010-04-07 02:16:30 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 02:16:20 489472 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-04-07 02:15:26 553472 ----a-w- c:\windows\system32\aticfx64.dll
2010-04-07 02:13:10 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 02:13:00 455168 ----a-w- c:\windows\system32\atieclxx.exe
2010-04-07 02:12:18 202752 ----a-w- c:\windows\system32\atiesrxx.exe
2010-04-07 02:12:12 14321664 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-04-07 02:10:56 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-04-07 02:10:40 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-04-07 02:10:32 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-04-07 02:10:18 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-04-07 02:10:12 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-04-07 02:10:08 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-04-07 02:10:00 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-04-07 02:06:26 3164160 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-04-07 01:54:40 3834880 ----a-w- c:\windows\system32\atidxx64.dll
2010-04-07 01:46:50 55296 ----a-w- c:\windows\system32\coinst.dll
2010-04-07 01:40:46 3707904 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-04-07 01:40:18 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-04-07 01:40:18 43008 ----a-w- c:\windows\system32\aticalrt64.dll
2010-04-07 01:40:12 39936 ----a-w- c:\windows\system32\aticalcl64.dll
2010-04-07 01:40:10 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-04-07 01:40:04 5186048 ----a-w- c:\windows\system32\aticaldd64.dll
2010-04-07 01:38:12 4018176 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-04-07 01:32:56 4806144 ----a-w- c:\windows\system32\atiumd64.dll
2010-04-07 01:27:22 2701312 ----a-w- c:\windows\system32\atiumd6a.dll
2010-04-07 01:24:02 334336 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:23:54 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-04-07 01:23:42 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-04-07 01:23:40 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-04-07 01:23:40 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-04-07 01:23:36 16384 ----a-w- c:\windows\system32\atig6txx.dll
2010-04-07 01:23:32 14848 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-04-07 01:23:30 195584 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-04-07 01:22:52 36864 ----a-w- c:\windows\system32\atiuxp64.dll
2010-04-07 01:22:44 28160 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-04-07 01:22:38 28160 ----a-w- c:\windows\system32\atiu9p64.dll
2010-04-07 01:22:30 20480 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-04-07 01:22:00 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:21:08 2983936 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-04-07 01:08:58 53248 ----a-w- c:\windows\system32\atimpc64.dll
2010-04-07 01:08:58 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2010-04-07 01:08:52 52224 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-04-07 01:08:52 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-04-02 16:09:08 2023 ----a-w- c:\windows\syswow64\atipblag.dat
2010-04-02 16:09:08 2023 ----a-w- c:\windows\system32\atipblag.dat
2010-03-17 15:06:30 202234 ----a-w- c:\windows\system32\atiicdxx.dat
2010-03-14 18:00:00 85504 ----a-w- c:\windows\syswow64\ff_vfw.dll
2010-03-04 07:57:35 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-03-04 07:33:23 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:02:10.12 ===============

Attached Files


Edited by RJC73, 31 May 2010 - 07:53 PM.
Merged topics. ~ OB


#3 RJC73

RJC73
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 31 May 2010 - 07:52 PM

New Hijack This log...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:40 AM, on 1/06/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\MailWasher Pro\MailWasher.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Rick\Downloads\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = PRIVATE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus CX6900F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBKP.EXE /FU "C:\Windows\TEMP\E_SE06.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus CX6900F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBKP.EXE /FU "C:\Windows\TEMP\E_S35A.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus CX6900F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBKP.EXE /FU "C:\Windows\TEMP\E_S35A.tmp" /EF "HKCU" (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files (x86)\MailWasher Pro\MailWasher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted IP range: http://127.0.0.1
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C28A03B-3D46-4D8E-A8C1-485C576A09F7}: NameServer = 192.168.0.1
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files (x86)\RDM+\rdmpserv.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SDLService - Unknown owner - C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9064 bytes

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:25 AM

Posted 02 June 2010 - 07:51 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#5 RJC73

RJC73
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 03 June 2010 - 12:39 AM

I'm ready, thank you.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:25 AM

Posted 03 June 2010 - 03:07 PM

Windows 7 doesn't run Gmer because Windows 7 is still clear of rootkits icon_bananas.gif .


However, let's take a look at other possible malware with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 RJC73

RJC73
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 03 June 2010 - 07:22 PM

Thank you m0le!

I need to know, is this topic private? There's a lot of info in here for hackers.

I notice near the bottom of the Extras.Txt log, there are several errors reporting that "MCUpdate can not connect to server". I don't have McAfee installed and never have. Any idea about this?

OTL.TXT:

OTL logfile created on: 4/06/2010 9:33:30 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Rick\Documents\Bleeping Computer
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 65.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1861.90 Gb Total Space | 1510.86 Gb Free Space | 81.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1862.89 Gb Total Space | 1009.26 Gb Free Space | 54.18% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 323.10 Gb Free Space | 69.39% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 465.77 Gb Total Space | 172.33 Gb Free Space | 37.00% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 465.77 Gb Total Space | 172.33 Gb Free Space | 37.00% Space Free | Partition Type: NTFS
Drive W: | 465.77 Gb Total Space | 172.33 Gb Free Space | 37.00% Space Free | Partition Type: NTFS

Computer Name: RICK-PC
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Users\Rick\My Documents\Bleeping Computer\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe ()
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\MailWasher Pro\MailWasher.exe (Firetrust Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\Rick\My Documents\Bleeping Computer\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (RDMPLocalService) -- C:\Program Files (x86)\RDM+\rdmpserv.exe ()
SRV - (SDLService) -- C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe ()
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (Marvell RAID) -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe ()
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (VSS) -- C:\Windows\Vss [2009/07/14 13:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 13:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (MRUWebService) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe (Apache Software Foundation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows ® Codename Longhorn DDK provider)
DRV - (CSC) -- C:\Windows\CSC [2010/05/31 10:33:08 | 000,000,000 | ---D | M]
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (Vsdatant) -- C:\Windows\SysWOW64\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (rtkio) -- C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys (Windows ® Codename Longhorn DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = #PRIVATE#
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 F4 8C 76 48 D8 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: #PRIVATE#
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.7.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: sitedelta@schierla.de:0.11.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/05/31 10:46:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/31 10:46:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/31 10:46:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/05/31 10:46:40 | 000,000,000 | ---D | M]

[2010/05/31 10:51:58 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions
[2010/05/04 11:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/10 11:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/06/03 14:48:20 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zjip6v30.default\extensions
[2010/05/31 10:52:01 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zjip6v30.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/05/31 10:52:01 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zjip6v30.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/06/03 09:40:20 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zjip6v30.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/02 12:51:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zjip6v30.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/31 10:52:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zjip6v30.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/31 18:05:43 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zjip6v30.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/31 10:52:02 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zjip6v30.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/05/31 10:52:00 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zjip6v30.default\extensions\firebug@software.joehewitt.com
[2010/06/02 13:03:42 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zjip6v30.default\extensions\sitedelta@schierla.de
[2010/05/31 10:46:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/31 10:46:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/02 04:00:33 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/02 04:00:33 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/02 07:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\libdivx.dll
[2009/05/13 04:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/19 08:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/04/02 04:00:33 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/04/04 09:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/05/29 16:59:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/05/29 16:59:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/05/29 16:59:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/05/29 16:59:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/05/29 16:59:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/01/14 08:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/03/22 15:52:24 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
[2009/05/02 07:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\ssldivx.dll
[2010/04/02 02:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/02 02:56:49 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/04/02 02:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/02 02:56:50 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/02 02:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/02 02:56:50 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/04/02 02:56:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/02 02:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [EPSON Stylus CX6900F Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_FATIBKP.EXE File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files (x86)\MailWasher Pro\MailWasher.exe (Firetrust Ltd)
O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)\Eudora\EuShlExt.dll (Qualcomm Inc.)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/04 00:36:12 | 000,000,000 | ---D | C] -- C:\Webs
[2010/06/03 13:55:13 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Trillian
[2010/06/03 13:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2010/06/01 08:59:36 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\Bleeping Computer
[2010/06/01 04:29:41 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/06/01 04:21:06 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2010/06/01 04:17:54 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2010/05/31 11:59:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/05/31 11:59:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/05/31 11:24:03 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/05/31 11:24:03 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/05/31 11:24:02 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/05/31 11:24:00 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/05/31 11:24:00 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/05/31 11:24:00 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/05/31 11:23:59 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/05/31 11:23:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/05/31 11:23:02 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/31 11:23:02 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/05/31 11:23:02 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/05/31 11:23:02 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/05/31 11:23:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/05/31 11:23:02 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/05/31 11:23:01 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/05/31 11:23:01 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/05/31 11:23:01 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/05/31 11:22:33 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/05/31 11:22:33 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/05/31 11:22:33 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/05/31 11:22:32 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/05/31 11:22:32 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/05/31 11:22:32 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/05/31 11:22:32 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/05/31 11:22:32 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/05/31 11:21:50 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/05/31 11:21:50 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/05/31 11:21:50 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/05/31 11:21:50 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/05/31 11:21:50 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/05/31 11:21:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/05/31 11:21:50 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/05/31 11:21:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/05/31 11:21:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/05/31 11:21:24 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/05/31 11:21:24 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/05/31 11:21:24 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/05/31 11:21:19 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/05/31 11:21:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/05/31 11:20:55 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/05/31 11:20:55 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/05/31 11:20:35 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/05/31 11:16:24 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/05/31 11:16:24 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/05/31 11:16:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/05/31 11:16:16 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/05/31 10:41:22 | 000,000,000 | --SD | C] -- C:\Users\Rick\AppData\Roaming\Microsoft
[2010/05/31 10:41:22 | 000,000,000 | R--D | C] -- C:\Users\Rick\Videos
[2010/05/31 10:41:22 | 000,000,000 | R--D | C] -- C:\Users\Rick\Saved Games
[2010/05/31 10:41:22 | 000,000,000 | R--D | C] -- C:\Users\Rick\Pictures
[2010/05/31 10:41:22 | 000,000,000 | R--D | C] -- C:\Users\Rick\Music
[2010/05/31 10:41:22 | 000,000,000 | R--D | C] -- C:\Users\Rick\Links
[2010/05/31 10:41:22 | 000,000,000 | R--D | C] -- C:\Users\Rick\Favorites
[2010/05/31 10:41:22 | 000,000,000 | R--D | C] -- C:\Users\Rick\Downloads
[2010/05/31 10:41:22 | 000,000,000 | R--D | C] -- C:\Users\Rick\My Documents
[2010/05/31 10:41:22 | 000,000,000 | R--D | C] -- C:\Users\Rick\Desktop
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\AppData\Local\Temporary Internet Files
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\Templates
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\Start Menu
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\SendTo
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\Recent
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\PrintHood
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\NetHood
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\Documents\My Videos
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\Documents\My Pictures
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\Documents\My Music
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\My Documents
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\Local Settings
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\AppData\Local\History
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\Cookies
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\Application Data
[2010/05/31 10:41:22 | 000,000,000 | -HSD | C] -- C:\Users\Rick\AppData\Local\Application Data
[2010/05/31 10:41:22 | 000,000,000 | -H-D | C] -- C:\Users\Rick\AppData
[2010/05/31 10:41:22 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\Temp
[2010/05/31 10:41:22 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\Microsoft
[2010/05/31 10:41:22 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Media Center Programs
[2010/05/31 10:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/05/31 10:33:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/05/31 10:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/05/31 10:33:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/05/31 09:36:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/05/30 21:13:40 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Malwarebytes
[2010/05/30 21:13:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/30 21:13:29 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/30 21:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/30 21:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/30 20:46:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/05/30 17:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/05/29 17:00:57 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Apple Computer
[2010/05/29 17:00:57 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\Apple Computer
[2010/05/29 17:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/05/29 16:59:28 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\Apple
[2010/05/29 16:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/05/29 16:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/29 16:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/29 16:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/05/29 16:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/05/29 10:25:51 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\ForceField Shared Files
[2010/05/29 10:25:49 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\CheckPoint
[2010/05/29 10:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/05/29 10:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/05/29 10:25:14 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\drivers\vsdatant.sys
[2010/05/29 10:25:14 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2010/05/29 10:25:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ZoneLabs
[2010/05/27 22:11:57 | 000,025,640 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[2010/05/27 20:32:04 | 000,025,640 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/05/27 20:15:55 | 000,050,688 | R--- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys
[2010/05/27 20:15:48 | 000,024,064 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtVlan60.sys
[2010/05/27 20:15:43 | 000,027,136 | R--- | C] (Realtek ) -- C:\Windows\SysNative\drivers\RtNdPt60.sys
[2010/05/27 20:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/05/27 20:14:01 | 000,214,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vhdmount.dll
[2010/05/27 20:14:01 | 000,069,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vhdmount.dll
[2010/05/27 20:13:38 | 000,073,728 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\SysWow64\ISUSPM.cpl
[2010/05/27 20:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE
[2010/05/27 18:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2010/05/27 18:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2010/05/27 18:05:55 | 000,151,552 | R--- | C] (JMicron Technology Corp.) -- C:\Windows\SysWow64\xRaidAPI.dll
[2010/05/27 18:05:40 | 001,970,176 | R--- | C] (Gigabyte Technology Corp.) -- C:\Windows\SysWow64\xRaidSetup.exe
[2010/05/27 18:05:39 | 000,000,000 | ---D | C] -- C:\RaidTool
[2010/05/27 18:05:21 | 000,115,312 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\SysNative\drivers\jraid.sys
[2010/05/27 18:05:17 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
[2010/05/27 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2010/05/27 16:26:59 | 000,408,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/05/27 16:26:56 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\InstallShield
[2010/05/27 16:21:20 | 000,097,792 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2010/05/27 16:21:19 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/05/27 16:21:19 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/05/27 16:21:18 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/05/27 16:21:18 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/05/27 16:21:17 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/05/27 16:21:17 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/05/27 16:21:16 | 001,633,312 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/05/27 16:21:16 | 000,436,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/05/27 16:21:15 | 001,558,560 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/05/27 16:21:14 | 001,200,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/05/27 16:21:13 | 000,611,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/05/27 16:21:13 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/05/27 16:21:12 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/05/27 16:21:12 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/05/27 16:21:12 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/05/27 16:21:11 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/05/27 16:21:11 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/05/27 16:21:11 | 000,066,592 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/05/27 16:21:08 | 000,239,616 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010/05/27 16:21:07 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/05/27 16:20:52 | 000,310,784 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/05/27 16:20:52 | 000,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010/05/27 16:20:51 | 000,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010/05/27 16:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/05/27 16:20:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/05/27 16:20:48 | 000,831,488 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/05/27 16:20:44 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/05/27 16:20:40 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/24 21:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/05/24 13:14:21 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\EPSON
[2010/05/17 15:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2010/05/17 14:28:53 | 000,204,800 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\esint6e.dll
[2010/05/17 14:28:53 | 000,159,232 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxuin6e.dll
[2010/05/17 14:28:53 | 000,092,160 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxwia6e.dll
[2010/05/17 14:28:53 | 000,004,608 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxwiaml.dll
[2010/05/17 14:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2010/05/17 14:22:27 | 000,126,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMBKP.DLL
[2010/05/17 14:22:27 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBBKP.DLL
[2010/05/17 14:22:27 | 000,008,704 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL
[2010/05/17 13:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/05/17 13:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/05/14 10:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RDM+
[2010/05/13 19:37:03 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\ElevatedDiagnostics
[2010/05/13 09:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/05/13 09:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010/05/12 16:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2010/05/11 16:42:16 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\Google
[2010/05/11 16:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/05/11 13:16:18 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\TextPad
[2010/05/11 13:15:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TextPad 4
[2010/05/11 12:43:38 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\MailWasherPro
[2010/05/11 12:39:30 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\MailWasherPro
[2010/05/11 12:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MailWasher Pro
[2010/05/11 12:01:20 | 000,317,952 | R--- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\Roboex32.dll
[2010/05/11 12:01:20 | 000,048,640 | R--- | C] (Blue Sky Software) -- C:\Windows\SysWow64\INETWH32.DLL
[2010/05/11 12:00:55 | 000,516,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2010/05/11 12:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eudora
[2010/05/10 10:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/10 10:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/05/10 09:25:40 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\LockHunter
[2010/05/09 14:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/05/06 10:42:36 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\My Received Files
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/04 09:35:23 | 002,097,152 | -HS- | M] () -- C:\Users\Rick\NTUSER.DAT
[2010/06/04 09:27:37 | 000,002,044 | -H-- | M] () -- C:\Users\Rick\Documents\Default.rdp
[2010/06/04 09:03:08 | 060,681,562 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/06/04 08:47:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/04 06:06:20 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2010/06/04 00:04:16 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/04 00:04:16 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/04 00:01:24 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/04 00:01:24 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/04 00:01:24 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/03 23:57:42 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/03 23:57:14 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
[2010/06/03 23:57:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/03 23:56:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/03 23:56:51 | 535,658,495 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/03 14:34:08 | 000,001,055 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2010/06/03 13:55:13 | 000,001,101 | ---- | M] () -- C:\Users\Rick\Desktop\Trillian.lnk
[2010/06/03 13:19:41 | 002,469,436 | -H-- | M] () -- C:\Users\Rick\AppData\Local\IconCache.db
[2010/06/03 12:08:51 | 000,002,989 | ---- | M] () -- C:\Users\Rick\ImagingService.ashx.png
[2010/06/03 09:35:46 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/06/03 09:35:46 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/06/02 16:27:10 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/06/02 16:27:10 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/01 11:53:56 | 000,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/06/01 11:53:56 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/31 13:34:47 | 000,057,560 | ---- | M] () -- C:\Users\Rick\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/31 12:03:55 | 002,197,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/31 11:14:02 | 000,000,436 | RHS- | M] () -- C:\Users\Rick\ntuser.pol
[2010/05/31 11:13:58 | 000,000,020 | -HS- | M] () -- C:\Users\Rick\ntuser.ini
[2010/05/31 11:05:13 | 000,040,833 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/05/31 11:05:13 | 000,040,833 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/05/31 10:58:26 | 000,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2010/05/31 10:41:23 | 000,524,288 | -HS- | M] () -- C:\Users\Rick\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/31 10:41:23 | 000,524,288 | -HS- | M] () -- C:\Users\Rick\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/31 10:41:23 | 000,065,536 | -HS- | M] () -- C:\Users\Rick\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/31 10:37:24 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/05/31 10:35:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/05/31 09:57:01 | 000,003,294 | ---- | M] () -- C:\Users\Rick\Desktop\Windows Compatibility Report.htm
[2010/05/31 09:54:42 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/05/31 09:54:42 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/05/31 09:38:40 | 000,003,584 | ---- | M] () -- C:\Windows\za_mv_raid.ev
[2010/05/31 09:38:40 | 000,000,096 | ---- | M] () -- C:\Windows\za_mv_seqnum.ev
[2010/05/31 08:46:44 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[2010/05/31 08:45:21 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2010/05/31 08:45:21 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2010/05/31 08:44:58 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/05/30 21:13:32 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/30 17:47:39 | 000,002,103 | ---- | M] () -- C:\Users\Rick\Desktop\HijackThis.lnk
[2010/05/29 16:59:38 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/29 10:26:00 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/05/29 10:25:21 | 000,001,076 | ---- | M] () -- C:\Users\Rick\Desktop\ZoneAlarm Security.lnk
[2010/05/27 20:42:51 | 000,001,002 | ---- | M] () -- C:\Users\Rick\Desktop\Realtek Ethernet Diagnostic Utility.lnk
[2010/05/27 20:13:38 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\smart6.lnk
[2010/05/27 20:10:09 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2010/05/27 18:24:53 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\MarvellTray.lnk
[2010/05/27 18:24:03 | 000,050,360 | ---- | M] () -- C:\Windows\php.ini
[2010/05/26 13:03:22 | 001,238,528 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2010/05/26 13:03:16 | 000,712,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2010/05/26 13:03:16 | 000,110,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2010/05/26 13:03:16 | 000,103,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2010/05/26 13:03:16 | 000,069,120 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2010/05/26 13:03:16 | 000,043,008 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2010/05/26 13:03:14 | 000,302,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2010/05/26 13:03:14 | 000,228,352 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2010/05/26 13:03:14 | 000,112,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2010/05/26 13:03:14 | 000,107,520 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2010/05/26 13:03:14 | 000,058,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2010/05/17 14:28:52 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\drivers\vsdatant.sys
[2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2010/05/11 12:54:17 | 000,001,071 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
[2010/05/11 12:39:28 | 000,000,993 | ---- | M] () -- C:\Users\Rick\Desktop\MailWasher.lnk
[2010/05/11 12:01:40 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Eudora.lnk
[2010/05/10 13:38:20 | 000,001,724 | ---- | M] () -- C:\Users\Rick\Desktop\MPEG4 Modifier.lnk
[2010/05/10 10:18:25 | 000,001,268 | ---- | M] () -- C:\Users\Rick\Desktop\Spybot - Search & Destroy.lnk
[2010/05/07 20:09:32 | 000,001,884 | ---- | M] () -- C:\Users\Rick\Desktop\BF BC2.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/03 14:34:08 | 000,001,055 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2010/06/03 13:55:13 | 000,001,101 | ---- | C] () -- C:\Users\Rick\Desktop\Trillian.lnk
[2010/06/03 12:08:50 | 000,002,989 | ---- | C] () -- C:\Users\Rick\ImagingService.ashx.png
[2010/06/01 11:53:56 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/05/31 12:10:18 | 000,001,071 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
[2010/05/31 11:14:02 | 000,000,436 | RHS- | C] () -- C:\Users\Rick\ntuser.pol
[2010/05/31 11:13:58 | 000,000,020 | -HS- | C] () -- C:\Users\Rick\ntuser.ini
[2010/05/31 11:08:09 | 535,658,495 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/31 10:58:27 | 000,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2010/05/31 10:41:22 | 002,097,152 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT
[2010/05/31 10:41:22 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/31 10:41:22 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/31 10:41:22 | 000,262,144 | -HS- | C] () -- C:\Users\Rick\ntuser.dat.LOG1
[2010/05/31 10:41:22 | 000,065,536 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/31 10:41:22 | 000,000,000 | -HS- | C] () -- C:\Users\Rick\ntuser.dat.LOG2
[2010/05/31 10:37:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/31 10:35:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/05/31 09:21:21 | 000,003,294 | ---- | C] () -- C:\Users\Rick\Desktop\Windows Compatibility Report.htm
[2010/05/30 21:13:32 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/30 17:47:39 | 000,002,103 | ---- | C] () -- C:\Users\Rick\Desktop\HijackThis.lnk
[2010/05/29 16:59:38 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/29 10:25:21 | 000,001,076 | ---- | C] () -- C:\Users\Rick\Desktop\ZoneAlarm Security.lnk
[2010/05/27 20:42:51 | 000,001,002 | ---- | C] () -- C:\Users\Rick\Desktop\Realtek Ethernet Diagnostic Utility.lnk
[2010/05/27 20:32:19 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010/05/27 20:32:19 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2010/05/27 20:14:01 | 000,267,264 | ---- | C] () -- C:\Windows\SysNative\CommCmd.dll
[2010/05/27 20:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CommCmd.dll
[2010/05/27 20:13:38 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\smart6.lnk
[2010/05/27 18:27:56 | 000,003,584 | ---- | C] () -- C:\Windows\za_mv_raid.ev
[2010/05/27 18:27:56 | 000,000,096 | ---- | C] () -- C:\Windows\za_mv_seqnum.ev
[2010/05/27 18:27:53 | 000,000,008 | ---- | C] () -- C:\Windows\mvraidver.dat
[2010/05/27 18:24:53 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\MarvellTray.lnk
[2010/05/27 18:05:39 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010/05/27 16:21:20 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010/05/27 16:17:44 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/05/17 14:28:52 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/05/12 16:44:05 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2010/05/11 16:42:24 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/11 16:42:23 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/11 12:39:28 | 000,000,993 | ---- | C] () -- C:\Users\Rick\Desktop\MailWasher.lnk
[2010/05/11 12:01:40 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Eudora.lnk
[2010/05/10 13:38:20 | 000,001,724 | ---- | C] () -- C:\Users\Rick\Desktop\MPEG4 Modifier.lnk
[2010/05/10 10:18:25 | 000,001,268 | ---- | C] () -- C:\Users\Rick\Desktop\Spybot - Search & Destroy.lnk
[2010/05/10 09:37:32 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/05/10 09:37:32 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/05/07 20:09:32 | 000,001,884 | ---- | C] () -- C:\Users\Rick\Desktop\BF BC2.lnk
[2010/04/28 16:31:15 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/04/26 21:06:36 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/04/10 12:31:44 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/04/10 12:31:44 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/04/10 12:31:43 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/04/10 12:31:43 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/10 12:31:42 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/04/10 12:31:42 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/10/01 03:18:26 | 000,050,360 | ---- | C] () -- C:\Windows\php.ini
[2009/09/30 07:16:26 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/31 10:51:41 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\AnvSoft
[2010/05/31 16:28:32 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\avidemux
[2010/05/31 10:51:44 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\CheckPoint
[2010/05/30 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\DisplayTune
[2010/05/31 10:51:44 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\EPSON
[2010/05/31 10:51:44 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\LockHunter
[2010/06/03 23:57:51 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\MailWasherPro
[2010/05/31 10:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Nokia
[2010/05/31 10:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Nokia Ovi Suite
[2010/05/31 10:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\PC Suite
[2010/05/11 13:16:18 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\TextPad
[2010/05/31 10:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Thunderbird
[2010/06/03 13:59:15 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Trillian
[2010/06/03 16:12:50 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\uTorrent
[2010/04/10 12:33:54 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\VideoCharge Studio
[2010/06/04 06:06:20 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job
[2009/07/14 15:08:49 | 000,002,888 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

Extras.Txt:

OTL Extras logfile created on: 4/06/2010 9:33:30 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Rick\Documents\Bleeping Computer
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 65.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1861.90 Gb Total Space | 1510.86 Gb Free Space | 81.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1862.89 Gb Total Space | 1009.26 Gb Free Space | 54.18% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 323.10 Gb Free Space | 69.39% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 465.77 Gb Total Space | 172.33 Gb Free Space | 37.00% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 465.77 Gb Total Space | 172.33 Gb Free Space | 37.00% Space Free | Partition Type: NTFS
Drive W: | 465.77 Gb Total Space | 172.33 Gb Free Space | 37.00% Space Free | Partition Type: NTFS

Computer Name: RICK-PC
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{707E85AA-6D7B-9121-059A-F0628DEC8D2D}" = ATI AVIVO64 Codecs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"EPSON Printer and Utilities" = EPSON Printer Software
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"MediaInfo" = MediaInfo 0.7.32
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{11EB322E-793D-9A19-CBFA-742DA944ADA6}" = HydraVision
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B9.1105.1
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{72D6BE71-2A6F-4D01-809E-A3174D1738A0}_is1" = Visual Similarity Duplicate Image Finder Corporate 3.1.0.1
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{931099E3-8F73-4028-A780-02C738176152}" = VideoCharge Studio
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EEA0ED5-CB59-2F06-84A7-3F7B241521B8}" = Catalyst Control Center InstallProxy
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2149A69-C740-43BC-84AD-0BE78BC9815A}" = Eudora
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB238A00-FB43-49C8-8955-6F1F430944B7}" = Smart Dual Lan
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium
"Any Video Converter_is1" = Any Video Converter 3.0.5
"AVG9Uninstall" = AVG Free 9.0
"Avidemux 2.5" = Avidemux 2.5
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Scanner" = EPSON Scan
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"Indeo® software" = Indeo® software
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"mv61xxMRU" = Marvell MRU V4
"Nokia Ovi Suite" = Nokia Ovi Suite
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.1
"RDM+" = RDM+ 3.9
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"TextPad 4" = TextPad 4
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/06/2010 10:31:48 AM | Computer Name = Rick-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/06/2010 3:00:57 PM | Computer Name = Rick-PC | Source = Microsoft-Windows-Backup | ID = 517
Description = The backup operation that started at '2010-06-02T18:00:11.385398700Z'
has failed with following error code '2155348269' (%%2155348269). Please review
the event details for a solution, and then rerun the backup operation once the
issue is resolved.

Error - 2/06/2010 3:01:01 PM | Computer Name = Rick-PC | Source = Windows Backup | ID = 4104
Description =

Error - 2/06/2010 8:08:41 PM | Computer Name = Rick-PC | Source = VSS | ID = 8194
Description =

Error - 2/06/2010 11:52:41 PM | Computer Name = Rick-PC | Source = VSS | ID = 8194
Description =

Error - 3/06/2010 10:27:05 AM | Computer Name = Rick-PC | Source = VSS | ID = 8194
Description =

Error - 3/06/2010 1:26:03 PM | Computer Name = Rick-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/06/2010 1:26:55 PM | Computer Name = Rick-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/06/2010 3:01:02 PM | Computer Name = Rick-PC | Source = Microsoft-Windows-Backup | ID = 517
Description = The backup operation that started at '2010-06-03T18:00:11.906680200Z'
has failed with following error code '2155348269' (%%2155348269). Please review
the event details for a solution, and then rerun the backup operation once the
issue is resolved.

Error - 3/06/2010 3:01:08 PM | Computer Name = Rick-PC | Source = Windows Backup | ID = 4104
Description =

[ Media Center Events ]
Error - 6/05/2010 3:02:24 AM | Computer Name = Rick-PC | Source = MCUpdate | ID = 0
Description = 5:02:23 PM - Failed to retrieve Broadband (Error: The operation has
timed out)

Error - 15/05/2010 3:25:02 AM | Computer Name = Rick-PC | Source = MCUpdate | ID = 0
Description = 5:25:02 PM - Error connecting to the internet. 5:25:02 PM - Unable
to contact server..

Error - 15/05/2010 3:25:35 AM | Computer Name = Rick-PC | Source = MCUpdate | ID = 0
Description = 5:25:31 PM - Error connecting to the internet. 5:25:31 PM - Unable
to contact server..

Error - 15/05/2010 4:26:17 AM | Computer Name = Rick-PC | Source = MCUpdate | ID = 0
Description = 6:26:17 PM - Error connecting to the internet. 6:26:17 PM - Unable
to contact server..

Error - 15/05/2010 4:26:47 AM | Computer Name = Rick-PC | Source = MCUpdate | ID = 0
Description = 6:26:46 PM - Error connecting to the internet. 6:26:46 PM - Unable
to contact server..

Error - 15/05/2010 5:27:29 AM | Computer Name = Rick-PC | Source = MCUpdate | ID = 0
Description = 7:27:29 PM - Error connecting to the internet. 7:27:29 PM - Unable
to contact server..

Error - 15/05/2010 5:27:59 AM | Computer Name = Rick-PC | Source = MCUpdate | ID = 0
Description = 7:27:58 PM - Error connecting to the internet. 7:27:58 PM - Unable
to contact server..

Error - 15/05/2010 6:28:41 AM | Computer Name = Rick-PC | Source = MCUpdate | ID = 0
Description = 8:28:41 PM - Error connecting to the internet. 8:28:41 PM - Unable
to contact server..

Error - 15/05/2010 6:29:11 AM | Computer Name = Rick-PC | Source = MCUpdate | ID = 0
Description = 8:29:10 PM - Error connecting to the internet. 8:29:10 PM - Unable
to contact server..

[ System Events ]
Error - 31/05/2010 7:54:30 PM | Computer Name = Rick-PC | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 31/05/2010 9:42:23 PM | Computer Name = Rick-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 31/05/2010 9:59:56 PM | Computer Name = Rick-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 2/06/2010 2:26:31 AM | Computer Name = Rick-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 2/06/2010 5:34:13 AM | Computer Name = Rick-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:25:18 PM on ?6/?2/?2010 was unexpected.

Error - 2/06/2010 7:34:22 PM | Computer Name = Rick-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 2/06/2010 9:07:01 PM | Computer Name = Rick-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 2/06/2010 9:07:20 PM | Computer Name = Rick-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 2/06/2010 11:22:09 PM | Computer Name = Rick-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:19:19 PM on ?6/?3/?2010 was unexpected.

Error - 3/06/2010 9:56:53 AM | Computer Name = Rick-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:55:01 PM on ?6/?3/?2010 was unexpected.


< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:25 AM

Posted 03 June 2010 - 07:54 PM

This is not a private forum. If you want to take out certain info then XXXXX it and then let me know as some may be necessary for me to have.

MCUpdate may also be the media centre update rather than the update for McAfee.

Let's rerun OTL as below

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
:files
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE

#9 RJC73

RJC73
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 03 June 2010 - 10:18 PM

Hi m0le.

So it is all public? I'm no expert, so I don't know what should be removed from my posts, but this all rings alarm bells to me. Can we do this through PM and delete this topic please? Or can you al least assure me that the info I have provided so publicly can not be used against me?

Here is the log...

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.5.3 log created on 06042010_110418

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:25 AM

Posted 04 June 2010 - 07:27 PM

QUOTE(RJC73 @ Jun 4 2010, 04:18 AM) View Post
So it is all public? I'm no expert, so I don't know what should be removed from my posts, but this all rings alarm bells to me. Can we do this through PM and delete this topic please? Or can you al least assure me that the info I have provided so publicly can not be used against me?


I can assure you that there is nothing used in these forum fixes which provide anyone with anything beyond a username - and that can be fixed with a row of XXXXXXs. The logs never enumerate information which could be used. Our mod, Orange Blossom can do this XXXXX editing for you if you PM her the info and let her know what you want edited. thumbup2.gif


Please run the MBAM removal tool next

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.



Posted Image
m0le is a proud member of UNITE

#11 RJC73

RJC73
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 06 June 2010 - 07:13 PM

Hi m0le,

Thanks again! Your help is greatly appreciated.

My Malwarebytes scan came up with only one infection (Backdoor.Popwin). The infected program (VideoConverter.exe) is a custom program I had my developers in China create for my business. Since I do not know the origin of the malware, I will let them know so they can ensure this malware is not on their PCs.

I do not believe this malware is the cause of my networking issues.

Scan results:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4173

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/06/2010 10:07:25 AM
mbam-log-2010-06-07 (10-07-25).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 1804387
Time elapsed: 2 hour(s), 0 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\FLV Converter\VideoConverter.exe (Backdoor.Popwin) -> Quarantined and deleted successfully.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:25 AM

Posted 07 June 2010 - 02:00 PM

QUOTE
I do not believe this malware is the cause of my networking issues.


Neither do I. It's important to check the PC is free from malware so we can locate the problem.

I believe this is not a malware issue, RJC73. The fact that it's your own build would tell me there may be teething troubles. Try this forum here for build and upgrade questions or here for operating system problems.

Please link to this topic.

I will keep this topic open for five days, feel free to PM me after that if you need to. smile.gif
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:25 AM

Posted 11 June 2010 - 09:31 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users